268491
|
- |
|
moderngigabyte
|
modernbill
|
ModernBill 5.0.4 and earlier uses cURL with insecure settings for CURLOPT_SSL_VERIFYPEER and CURLOPT_SSL_VERIFYHOST that do not verify SSL certificates, which allows remote attackers to read network …
|
NVD-CWE-Other
|
CVE-2006-4499
|
2008-09-6 06:09 |
2006-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268492
|
- |
|
devellion
|
cubecart
|
Cross-site scripting (XSS) vulnerability in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary web script or HTML via the links array.
|
NVD-CWE-Other
|
CVE-2006-4525
|
2008-09-6 06:09 |
2006-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268493
|
- |
|
devellion
|
cubecart
|
SQL injection vulnerability in includes/content/viewCat.inc.php in CubeCart 3.0.12 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the sea…
|
NVD-CWE-Other
|
CVE-2006-4526
|
2008-09-6 06:09 |
2006-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268494
|
- |
|
devellion
|
cubecart
|
includes/content/gateway.inc.php in CubeCart 3.0.12 and earlier, when magic_quotes_gpc is disabled, uses an insufficiently restrictive regular expression to validate the gateway parameter, which allo…
|
NVD-CWE-Other
|
CVE-2006-4527
|
2008-09-6 06:09 |
2006-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268495
|
- |
|
ibm
|
lotus_notes
|
IBM Lotus Notes 6.0, 6.5, and 7.0 does not properly handle replies to e-mail messages with alternate name users when the (1) "Save As Draft" option is used or (2) a "," (comma) is inside the "phrase"…
|
NVD-CWE-Other
|
CVE-2006-3778
|
2008-09-6 06:08 |
2006-07-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268496
|
- |
|
kailash_nadh
|
boastmachine
|
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to…
|
NVD-CWE-Other
|
CVE-2006-3830
|
2008-09-6 06:08 |
2006-07-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268497
|
- |
|
dokeos
|
dokeos
|
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2006-3924
|
2008-09-6 06:08 |
2006-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268498
|
- |
|
pswd.js
|
pswd.js
|
The pswd.js script relies on the client to calculate whether a username and password match hard-coded hashed values for a server, and uses a hashing scheme that creates a large number of collisions, …
|
CWE-255
Credentials Management
|
CVE-2006-4068
|
2008-09-6 06:08 |
2006-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268499
|
- |
|
david_walker
|
phpautomembersarea
|
Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
|
NVD-CWE-Other
|
CVE-2006-4084
|
2008-09-6 06:08 |
2006-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
268500
|
- |
|
david_walker
|
phpautomembersarea
|
Upgrade to 3.2.4
|
NVD-CWE-Other
|
CVE-2006-4084
|
2008-09-6 06:08 |
2006-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|