|
266011
|
- |
|
ibm
|
websphere_application_server
|
Unspecified vulnerability in IBM WebSphere Application Server 5.0.2 and earlier, and 5.1.1 and earlier, has unknown impact and attack vectors related to "Inserting certain script tags in urls [that] …
|
NVD-CWE-noinfo
|
CVE-2006-2435
|
2011-03-8 11:36 |
2006-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266012
|
- |
|
ibm
|
websphere_application_server
|
WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privil…
|
NVD-CWE-Other
|
CVE-2006-2436
|
2011-03-8 11:36 |
2006-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266013
|
- |
|
caucho_technology
|
resin
|
The viewfile servlet in the documentation package (resin-doc) for Caucho Resin 3.0.17 and 3.0.18 allows remote attackers to obtain the source code for file under the web root via the file parameter.
|
NVD-CWE-Other
|
CVE-2006-2437
|
2011-03-8 11:36 |
2006-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266014
|
- |
|
kphone
|
kphone
|
kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords.
|
NVD-CWE-Other
|
CVE-2006-2442
|
2011-03-8 11:36 |
2006-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266015
|
- |
|
s9y
|
serendipity
|
Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag.
|
NVD-CWE-Other
|
CVE-2006-2495
|
2011-03-8 11:36 |
2006-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266016
|
- |
|
fckeditor
|
fckeditor
|
editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file t…
|
NVD-CWE-Other
|
CVE-2006-2529
|
2011-03-8 11:36 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266017
|
- |
|
xtreme_scripts
|
xtreme_topsites
|
Multiple SQL injection vulnerabilities in Xtreme Topsites 1.1, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchthis parameter in lostid.php …
|
NVD-CWE-Other
|
CVE-2006-2544
|
2011-03-8 11:36 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266018
|
- |
|
florian_amrhein
|
newsportal
|
Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via un…
|
NVD-CWE-Other
|
CVE-2006-2556
|
2011-03-8 11:36 |
2006-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266019
|
- |
|
e107
|
e107
|
SQL injection vulnerability in e107 before 0.7.5 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.
|
NVD-CWE-Other
|
CVE-2006-2590
|
2011-03-8 11:36 |
2006-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
266020
|
- |
|
e107
|
e107
|
Unspecified vulnerability in e107 before 0.7.5 has unknown impact and remote attack vectors related to an "emailing exploit".
|
NVD-CWE-Other
|
CVE-2006-2591
|
2011-03-8 11:36 |
2006-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
