|
314121
|
- |
|
crafty_syntax_image_gallery
|
crafty_syntax_image_gallery
|
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a mult…
|
NVD-CWE-Other
|
CVE-2006-1668
|
2024-02-14 10:17 |
2006-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314122
|
- |
|
3dsrc
|
monalbum
|
Multiple SQL injection vulnerabilities in MonAlbum 0.8.7 allow remote attackers to execute arbitrary SQL commands via (1) the pc parameter in (a) index.php and (2) pnom, (3) pcourriel, and (4) pcomme…
|
NVD-CWE-Other
|
CVE-2006-1585
|
2024-02-14 10:17 |
2006-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314123
|
- |
|
trend_micro
|
pc-cillin_2006
|
Trend Micro PC-cillin Internet Security 2006 14.00.1485 and 14.10.0.1023, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying executable programs s…
|
NVD-CWE-Other
|
CVE-2006-1379
|
2024-02-14 10:17 |
2006-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314124
|
- |
|
trendmicro
|
interscan_messaging_security_suite
|
ISNTSmtp directory in Trend Micro InterScan Messaging Security Suite (IMSS) 5.5 build 1183 and possibly other versions before 5.7.0.1121, uses insecure DACLs for critical files, which allows local us…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-1380
|
2024-02-14 10:17 |
2006-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314125
|
- |
|
trend_micro
|
officescan
|
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe.
|
NVD-CWE-Other
|
CVE-2006-1381
|
2024-02-14 10:17 |
2006-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314126
|
- |
|
glftpd
|
glftpd
|
Unspecified vulnerability in glFTPd before 2.01 RC5 allows remote attackers to bypass IP checks via a crafted DNS hostname, possibly a hostname that appears to be an IP address.
|
NVD-CWE-Other
|
CVE-2006-1253
|
2024-02-14 10:17 |
2006-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314127
|
- |
|
jcink.com
|
textfilebb
|
Multiple cross-site scripting (XSS) vulnerabilities in textfileBB 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mess and (2) user parameters in messanger.p…
|
NVD-CWE-Other
|
CVE-2006-1202
|
2024-02-14 10:17 |
2006-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314128
|
- |
|
sergey_korostel
|
php_upload_center
|
PHP Upload Center stores password hashes under the web root with insufficient access control, which allows remote attackers to download each password hash via a direct request for the upload/users/[U…
|
NVD-CWE-Other
|
CVE-2006-1207
|
2024-02-14 10:17 |
2006-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314129
|
- |
|
sergey_korostel
|
php_upload_center
|
Sergey Korostel PHP Upload Center allows remote attackers to execute arbitrary PHP code by uploading a file whose name ends in a .php.li extension, which can be accessed from the upload directory.
|
NVD-CWE-Other
|
CVE-2006-1208
|
2024-02-14 10:17 |
2006-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
314130
|
- |
|
bugada_andrea
|
php_advanced_transfer_manager
|
PHP Advanced Transfer Manager 1.00 through 1.30 stores sensitive information, including password hashes, under the web root with insufficient access control, which allows remote attackers to download…
|
NVD-CWE-Other
|
CVE-2006-1209
|
2024-02-14 10:17 |
2006-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
