CVE-2006-2952

This is an entry in the Common Vulnerability Index under number CVE-2006-2952. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-2952

Description: Directory traversal vulnerability in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) sequence and trailing null (%00) byte in the (1) Default_Theme parameter to header.php or (2) ModPath parameter to modules/cluster-paradise/cluster-E.php.

Continue Reading …

CVE-2006-3543

This is an entry in the Common Vulnerability Index under number CVE-2006-3543. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-3543

Description: ** DISPUTED ** Multiple SQL injection vulnerabilities in Invision Power Board (IPB) 1.x and 2.x allow remote attackers to execute arbitrary SQL commands via the (1) idcat and (2) code parameters in a ketqua action in index.php;

Continue Reading …

CVE-2006-2509

This is an entry in the Common Vulnerability Index under number CVE-2006-2509. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-2509

Description: SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Continue Reading …

CVE-2006-6241

This is an entry in the Common Vulnerability Index under number CVE-2006-6241. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-6241

Description: Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. NOTE: The provenance of this information is unknown;

Continue Reading …

CVE-2006-0280

This is an entry in the Common Vulnerability Index under number CVE-2006-0280. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-0280

Description: Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.

Continue Reading …

CVE-2006-3312

This is an entry in the Common Vulnerability Index under number CVE-2006-3312. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-3312

Description: Multiple cross-site scripting (XSS) vulnerabilities in ashmans and Bill Echlin QaTraq 6.5 RC and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) link_print,

Continue Reading …

CVE-2006-6701

This is an entry in the Common Vulnerability Index under number CVE-2006-6701. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-6701

Description: Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user,

Continue Reading …

CVE-2006-0778

This is an entry in the Common Vulnerability Index under number CVE-2006-0778. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-0778

Description: Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php.

Continue Reading …

CVE-2006-4528

This is an entry in the Common Vulnerability Index under number CVE-2006-4528. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-4528

Description: Multiple cross-site scripting (XSS) vulnerabilities in membrepass 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) recherche parameter in recherchemembre.php and the (2) email parameter in test.php.

Continue Reading …

CVE-2006-4783

This is an entry in the Common Vulnerability Index under number CVE-2006-4783. Specific details regarding this vulnerability name are as follows:

CVE Number: CVE-2006-4783

Description: SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter.

Continue Reading …