|
345711
|
- |
|
imagevue
|
imagevue
|
imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2006-0700
|
2017-07-20 10:29 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345712
|
- |
|
imagevue
|
imagevue
|
readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters.
|
NVD-CWE-Other
|
CVE-2006-0701
|
2017-07-20 10:29 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345713
|
- |
|
imagevue
|
imagevue
|
admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. (dot dot) sequences in the path parameter. NOTE: due to the lack of details, the…
|
NVD-CWE-Other
|
CVE-2006-0702
|
2017-07-20 10:29 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345714
|
- |
|
ie
|
ie_integrator
|
iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the in…
|
NVD-CWE-Other
|
CVE-2006-0704
|
2017-07-20 10:29 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345715
|
- |
|
pyblosxom
|
pyblosxom
|
PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the…
|
CWE-200
Information Exposure
|
CVE-2006-0707
|
2017-07-20 10:29 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345716
|
- |
|
attachmatewrq
f-secure
|
reflection_for_secure_it_server
f-secure_ssh_server
|
Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Window…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2006-0705
|
2017-07-20 10:29 |
2006-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345717
|
- |
|
wwwsearchsolutions
|
searchfeed_search_engine
|
Cross-site scripting (XSS) vulnerability in SearchFeed Search Engine 1.3.2 and earlier allows remote attackers to inject arbitrary HTML and web script, possibly via the REQ parameter, which is used w…
|
NVD-CWE-Other
|
CVE-2005-3866
|
2017-07-20 10:29 |
2005-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345718
|
- |
|
wwwsearchsolutions
|
revenuepilot_search_engine_script
|
Cross-site scripting (XSS) vulnerability in RevenuePilot Search Engine Script 1.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the REQ parameter, which is used whe…
|
NVD-CWE-Other
|
CVE-2005-3867
|
2017-07-20 10:29 |
2005-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345719
|
- |
|
google
|
api_search
|
Cross-site scripting (XSS) vulnerability in index.php in Google API Search 1.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the REQ parameter.
|
NVD-CWE-Other
|
CVE-2005-3869
|
2017-07-20 10:29 |
2005-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
345720
|
- |
|
zainu
|
zainu
|
Multiple SQL injection vulnerabilities in the search action in Zainu 2.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term and (2) start parameters to index.php.
|
NVD-CWE-Other
|
CVE-2005-3884
|
2017-07-20 10:29 |
2005-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
