Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 703

Количество 331 703

nvd логотип

CVE-2006-0425

около 20 лет назад

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-0424

около 20 лет назад

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.

CVSS2: 4
EPSS: Низкий
nvd логотип

CVE-2006-0423

около 20 лет назад

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-0422

около 20 лет назад

Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2006-0421

около 20 лет назад

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2006-0420

около 20 лет назад

BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-0419

около 20 лет назад

BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.

CVSS2: 6.4
EPSS: Низкий
nvd логотип

CVE-2006-0418

около 20 лет назад

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-0417

около 20 лет назад

SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-0416

около 20 лет назад

SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-0415

около 20 лет назад

Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-0414

около 20 лет назад

Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-0413

около 20 лет назад

Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-0412

около 20 лет назад

SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-0411

около 20 лет назад

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2006-0410

около 20 лет назад

SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-0409

около 20 лет назад

Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-0408

около 20 лет назад

rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.

CVSS2: 7.2
EPSS: Низкий
nvd логотип

CVE-2006-0407

около 20 лет назад

Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.

CVSS2: 4.3
EPSS: Низкий
nvd логотип

CVE-2006-0406

около 20 лет назад

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-0425

BEA WebLogic Portal 8.1 through SP4 allows remote attackers to obtain the source for a deployment descriptor file via unknown vectors.

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0424

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allows remote authenticated guest users to read the server log and obtain sensitive configuration information.

CVSS2: 4
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0423

BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges.

CVSS2: 7.5
2%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0422

Multiple unspecified vulnerabilities in BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7 allow remote attackers to access MBean attributes or cause an unspecified denial of service via unknown attack vectors.

CVSS2: 6.4
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0421

By design, BEA WebLogic Server and WebLogic Express 7.0 and 6.1, when creating multiple domains from the same WebLogic instance on the same machine, allows administrators of any created domain to access other created domains, which could allow administrators to gain privileges that were not intended.

CVSS2: 4.6
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0420

BEA WebLogic Server and WebLogic Express 8.1 through SP4 and 7.0 through SP6 does not properly handle when servlets use relative forwarding, which allows remote attackers to cause a denial of service (slowdown) via unknown attack vectors that cause "looping stack overflow errors."

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0419

BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6 allows anonymous binds to the embedded LDAP server, which allows remote attackers to read user entries or cause a denial of service (unspecified) via a large number of connections.

CVSS2: 6.4
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0418

Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username.

CVSS2: 7.5
4%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0417

SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters.

CVSS2: 7.5
3%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0416

SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php.

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0415

Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter.

CVSS2: 4.3
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0414

Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server.

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0413

Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter.

CVSS2: 7.5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0412

SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action.

CVSS2: 7.5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0411

claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.

CVSS2: 10
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0410

SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings.

CVSS2: 5
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0409

Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup.

CVSS2: 4.3
8%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0408

rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments.

CVSS2: 7.2
0%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0407

Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. NOTE: the original disclosure specified the name parameter, but a correction was later provided. NOTE: followup posts have both disputed and confirmed the original claim.

CVSS2: 4.3
1%
Низкий
около 20 лет назад
nvd логотип
CVE-2006-0406

search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters.

CVSS2: 5
0%
Низкий
около 20 лет назад

Уязвимостей на страницу