|
344561
|
- |
|
ipswitch
|
whatsup
|
Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Ag…
|
NVD-CWE-Other
|
CVE-2006-2531
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344562
|
- |
|
greg_donald
|
destiney_rated_images_script
|
stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. NOTE: this issue was …
|
NVD-CWE-Other
|
CVE-2006-2532
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344563
|
- |
|
greg_donald
|
destiney_rated_images_script
|
Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote at…
|
NVD-CWE-Other
|
CVE-2006-2533
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344564
|
- |
|
greg_donald
|
destiney_links_script
|
Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes…
|
NVD-CWE-Other
|
CVE-2006-2534
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344565
|
- |
|
greg_donald
|
destiney_links_script
|
index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting…
|
CWE-200
Information Exposure
|
CVE-2006-2535
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344566
|
- |
|
greg_donald
|
destiney_links_script
|
Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add …
|
NVD-CWE-Other
|
CVE-2006-2536
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344567
|
- |
|
ie_tab
mozilla
|
ie_tab
firefox
|
IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as …
|
NVD-CWE-Other
|
CVE-2006-2538
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344568
|
- |
|
dieselscripts
|
diesel_job_site
|
Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers.
|
NVD-CWE-Other
|
CVE-2006-2540
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344569
|
- |
|
john_andersson
|
zixforum
|
SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp.
|
NVD-CWE-Other
|
CVE-2006-2541
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
344570
|
- |
|
xtreme_scripts
|
xtreme_topsites
|
Xtreme Topsites 1.1 allows remote attackers to trigger MySQL errors and possibly conduct SQL injection attacks via unspecified vectors in join.php.
|
NVD-CWE-Other
|
CVE-2006-2543
|
2018-10-19 01:40 |
2006-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
