Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 542

Количество 331 542

nvd логотип

CVE-2006-1337

почти 20 лет назад

Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-1336

почти 20 лет назад

Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-1335

почти 20 лет назад

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

CVSS2: 3.7
EPSS: Низкий
nvd логотип

CVE-2006-1334

почти 20 лет назад

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2006-1333

почти 20 лет назад

Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2006-1332

почти 20 лет назад

Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2006-1331

почти 20 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-1330

почти 20 лет назад

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-1329

почти 20 лет назад

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-1328

почти 20 лет назад

SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-1327

почти 20 лет назад

SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-1326

почти 20 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-1325

почти 20 лет назад

Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-1324

почти 20 лет назад

Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.

CVSS2: 6.8
EPSS: Средний
nvd логотип

CVE-2006-1323

почти 20 лет назад

Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file name contains ".." sequences.

CVSS2: 5.1
EPSS: Низкий
nvd логотип

CVE-2006-1322

почти 20 лет назад

Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-1321

почти 20 лет назад

Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-1320

почти 20 лет назад

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-1319

почти 20 лет назад

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.

CVSS2: 6.2
EPSS: Низкий
nvd логотип

CVE-2006-1318

больше 11 лет назад

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVSS2: 9.3
EPSS: Средний

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-1337

Buffer overflow in the POP 3 (POP3) service in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 allows remote attackers to execute arbitrary code via unknown vectors before authentication.

CVSS2: 7.5
3%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1336

Cross-site scripting vulnerability in calendar.php in ExtCalendar 1.0 and possibly other versions before 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) year, (2) month, (3) next, and (4) prev parameters.

CVSS2: 5
8%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1335

gnome screensaver before 2.14, when running on an X server with AllowDeactivateGrabs and AllowClosedownGrabs enabled, allows attackers with physical access to cause the screensaver to crash and access the session via the Ctl+Alt+Keypad-Multiply keyboard sequence, which removes the grab from gnome.

CVSS2: 3.7
0%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1334

Multiple SQL injection vulnerabilities in Maian Weblog 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) entry and (2) email parameters to (a) print.php and (b) mail.php.

CVSS2: 6.4
4%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1333

Multiple SQL injection vulnerabilities in BetaParticle Blog 6.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to template_permalink.asp or (2) fldGalleryID parameter to template_gallery_detail.asp.

CVSS2: 6.4
2%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1332

Noah's Classifieds 1.3 and earlier allows remote attackers to obtain sensitive information via an invalid list parameter in the showdetails method to index.php, which reveals the path in an error message.

CVSS2: 6.4
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1331

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) method or (2) list parameter.

CVSS2: 6.8
2%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1330

Multiple SQL injection vulnerabilities in phpWebsite 0.83 and earlier allow remote attackers to execute arbitrary SQL commands via the sid parameter to (1) friend.php or (2) article.php.

CVSS2: 7.5
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1329

The SASL negotiation in Jabber Studio jabberd before 2.0s11 allows remote attackers to cause a denial of service ("c2s segfault") by sending a "response stanza before an auth stanza".

CVSS2: 5
2%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1328

SQL injection vulnerability in count.php in Skull-Splitter PHP Downloadcounter for Wallpapers 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) count_fieldname, (2) url_fieldname, or (3) url parameter.

CVSS2: 5
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1327

SQL injection vulnerability in reg.php in SoftBB 0.1 allows remote attackers to execute arbitrary SQL commands via the mail parameter.

CVSS2: 7.5
2%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1326

Multiple cross-site scripting (XSS) vulnerabilities in Invision Power Board 2.0.4 allow remote attackers to inject arbitrary web script or HTML via the (1) result_type, (2) search_in, (3) nav, (4) forums, and (5) s parameters in the Search action to index.php; (6) st parameter to index.php with showtopics set to 1; (7) m, (8) y, and (9) d parameters in a calendar action; (10) t parameter in a Print action; (11) MID parameter in a Mail action; (12) HID parameter in a Help action; (13) active parameter in a search action; (14) sort_order, (15) max_results, or (16) sort_key parameter in a Members action.

CVSS2: 4.3
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1325

Cross-site scripting (XSS) vulnerability in Streber 0.055 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

CVSS2: 6.8
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1324

Cross-site scripting (XSS) vulnerability in acp/lib/class_db_mysql.php in Woltlab Burning Board (wBB) 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the errormsg parameter when a SQL error is generated.

CVSS2: 6.8
13%
Средний
почти 20 лет назад
nvd логотип
CVE-2006-1323

Directory traversal vulnerability in WinHKI 1.6 and earlier allows user-assisted attackers to overwrite arbitrary files via a (1) RAR, (2) TAR, (3) ZIP, or (4) TAR.GZ archive with a file whose file name contains ".." sequences.

CVSS2: 5.1
5%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1322

Novell Netware NWFTPD 5.06.05 allows remote attackers to cause a denial of service (ABEND) via an MDTM command that uses a long path for the target file, possibly due to a buffer overflow.

CVSS2: 5
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1321

Cross-site scripting (XSS) vulnerability in webcheck before 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the (1) url, (2) title, or (3) author name in a crawled page, which is not properly sanitized in the tooltips of a report.

CVSS2: 4.3
0%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1320

util.c in rssh 2.3.0 in Debian GNU/Linux does not use braces to make a block, which causes a check for CVS to always succeed and allows rsync and rdist to bypass intended access restrictions in rssh.conf.

CVSS2: 7.5
1%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1319

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.

CVSS2: 6.2
0%
Низкий
почти 20 лет назад
nvd логотип
CVE-2006-1318

Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability."

CVSS2: 9.3
19%
Средний
больше 11 лет назад

Уязвимостей на страницу