|
264381
|
- |
|
the_address_book
|
the_address_book
|
register.php in The Address Book 1.04e allows remote attackers to bypass the "Allow User Self-Registration" setting and create arbitrary users by setting the mode parameter to "confirm".
|
NVD-CWE-Other
|
CVE-2006-4580
|
2017-07-20 10:33 |
2006-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264382
|
- |
|
the_address_book
|
the_address_book
|
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts.
|
NVD-CWE-Other
|
CVE-2006-4581
|
2017-07-20 10:33 |
2006-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264383
|
- |
|
the_address_book
|
the_address_book
|
Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting a…
|
NVD-CWE-Other
|
CVE-2006-4582
|
2017-07-20 10:33 |
2006-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264384
|
- |
|
jetstat.com
|
js_asp_faq_manager
|
SQL injection vulnerability in admin/default.asp in Jetstat.com JS ASP Faq Manager 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the uid parameter, a different vector…
|
NVD-CWE-Other
|
CVE-2006-4590
|
2017-07-20 10:33 |
2006-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264385
|
- |
|
mailenable
|
mailenable_enterprise
mailenable_professional
mailenable_standard
|
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of…
|
NVD-CWE-Other
|
CVE-2006-4616
|
2017-07-20 10:33 |
2006-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264386
|
- |
|
vcd-db
|
vcd-db
|
Cross-site scripting (XSS) vulnerability in VCD-db before 0.983 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when handling comments.
|
NVD-CWE-Other
|
CVE-2006-4628
|
2017-07-20 10:33 |
2006-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264387
|
- |
|
squiz
|
mysource_classic
|
Unspecified vulnerability in MySource Classic 2.14.6, and possibly earlier, allows remote authenticated users, with superuser privileges, to inject arbitrary PHP code via unspecified vectors related …
|
NVD-CWE-Other
|
CVE-2006-4635
|
2017-07-20 10:33 |
2006-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264388
|
- |
|
drupal
|
drupal_pathauto_module
|
Cross-site scripting (XSS) vulnerability in the Drupal 4.7 Pathauto module before pathauto_node.inc 1.17.2.1 and the Drupal 4.6 Pathauto module before pathauto_node.inc 1.14.2.1 allows remote attacke…
|
NVD-CWE-Other
|
CVE-2006-4646
|
2017-07-20 10:33 |
2006-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264389
|
- |
|
php_fusion
|
php_fusion
|
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks …
|
NVD-CWE-Other
|
CVE-2006-4673
|
2017-07-20 10:33 |
2006-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
264390
|
- |
|
php_fusion
|
php_fusion
|
Successful exploitation requires that "register_globals" and "magic_quotes_gpc" are disabled.
This vulnerability is addressed in the following product release:
PHP-Fusion, PHP_Fusion, 6.01.5
|
NVD-CWE-Other
|
CVE-2006-4673
|
2017-07-20 10:33 |
2006-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
