Lucene search
K

8001 matches found

NVD
NVD
added 2006/12/31 5:0 a.m.14 views

CVE-2006-6866

STphp EasyNews PRO 4.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain usernames, email addresses, and password hashes via a direct request for data/users.txt...

7.8CVSS6.5AI score0.02959EPSS
Exploits0References5
Tenable Nessus
Tenable Nessus
added 2006/12/14 12:0 a.m.22 views

Debian DSA-1236-1 : enemies-of-carlotta - missing sanity checks

Antti-Juhani Kaijanaho discovered that enemies-of-carlotta, a simple manager for mailing lists, does not properly sanitise email addresses before passing them through to the system shell. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin...

6.8CVSS5.4AI score0.01882EPSS
Exploits0References2
CERT
CERT
added 2006/12/13 12:0 a.m.21 views

MySpace fails to properly filter user-supplied content

Overview The MySpace web site fails to properly filter user-supplied content, which may allow for cross-site scripting. Description MySpace is a social networking web site that allows users to post blog entries, photos, videos, and other content. MySpace blocks user-supplied JavaScript and VBScri...

6.2AI score
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2006/12/06 7:28 p.m.2 views

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

5CVSS5.8AI score0.01871EPSS
Exploits1References8
ATTACKERKB
ATTACKERKB
added 2006/12/06 7:28 p.m.5 views

CVE-2006-6302

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containi...

5CVSS5.8AI score0.01762EPSS
Exploits0References8
Cvelist
Cvelist
added 2006/12/06 7:0 p.m.39 views

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

6.5AI score0.01871EPSS
Exploits1References7
Cvelist
Cvelist
added 2006/12/06 7:0 p.m.17 views

CVE-2006-6302

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containi...

6.6AI score0.01762EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2006/12/06 7:0 p.m.32 views

CVE-2006-6302

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containi...

5CVSS6.4AI score0.01762EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2006/12/04 11:28 a.m.3 views

CVE-2006-6264

Teredo creates trusted peer entries for arbitrary incoming source Teredo addresses, even if the low 32 bits represent an intranet address, which might allow remote attackers to send IPv4 traffic to intranet hosts that use non-RFC1918 addresses, bypassing IPv4 ingress filtering...

7.5CVSS5.8AI score0.13779EPSS
Exploits0References4
myhack58
myhack58
added 2006/11/04 12:0 a.m.30 views

Hack of the classic tutorial of understanding Address Resolution Protocol attacks-exploit warning-the black bar safety net

The contents of the list 1 About this article 2 ARP description 2.1 ARP mean? 2.2 ARP cache of the object 2.3 ARP how it works 2.4 Protocol flaws 3 ARP attack methods 3.1 terms and definitions 3.2 connection hijacking and interception 3.2 connection reset 3.4 intermediaries 3.5 packet sniffing 3....

7.3AI score
Exploits0
exploitpack
exploitpack
added 2006/10/30 12:0 a.m.14 views

Easy File Sharing Web Server 4 - Remote Information Stealer

Easy File Sharing Web Server 4 - Remote Information Stealer / =================================================================== 0-day Alternative File Stream Exploit for Easy File Share Server 4 =================================================================== Exploit allows malicious users t...

0.1AI score
Exploits0
Drupal
Drupal
added 2006/10/26 12:0 a.m.5 views

Extended Tracker - SQL Injection

The contributed module Extended Tracker xtracker accepts parameters from URLs and uses those unescaped in SQL queries, allowing malicious users to execute SQL injection attacks. This may result in them gaining administrator privileges. Versions affected Please check the CVS $Id$ fields in the fil...

5.8AI score
Exploits0References3
seebug.org
seebug.org
added 2006/10/24 12:0 a.m.13 views

MS Windows SMB Authentication Remote Exploit

No description provided by source. Exploit for "Authentication flaw in Windows SMB protocol" Release Date: April 24, 2003 Code by Haamed Gheibi [email protected] Salman Niksefat [email protected] Systems Affected by this exploit: Windows 2000 SP0 SP1 SP2 SP3 Windows XP SP0 SP1...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/09/29 12:23 a.m.8 views

security flaw

OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address...

7.5CVSS7.3AI score0.05766EPSS
Exploits1References4
securityvulns
securityvulns
added 2006/09/29 12:0 a.m.106 views

[Full-disclosure] SQL Injection in IPB <=2.1.3

Well this would be NDSD-06-002 but n3td3v seems to have really left.......All relevant details are in the message below, the SQL injection was patched within a day http://forums.invisionpower.com/index.php?showtopic=204627, I believe the other problems still exist. -----Original Message----- From...

8AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/28 12:0 a.m.44 views

AIX 3.x/4.x / Windows 95/98/2000/NT 4.0 / SunOS 5 - 'gethostbyname()' Remote Buffer Overflow

source: https://www.securityfocus.com/bid/6853/info A vulnerability has been discovered in multiple vendor implementations of the 'gethostbyname' library function, which is used to resolve network addresses. The 'gethostbyname' function fails to implement sufficient bounds checking on data copied...

10CVSS7AI score0.07901EPSS
Exploits3
CVE
CVE
added 2006/09/26 1:43 a.m.46 views

CVE-2006-4981

CVE-2006-4981 affects Symantec Sygate NAC. The vulnerability allows physically proximate attackers to bypass access controls and join a local network by selecting a forged MAC address that matches an exception rule: (1) permitting all non-Windows devices or (2) whitelisting specific OUIs. The NVD...

4.6CVSS6.9AI score0.00345EPSS
Exploits0References2Affected Software1
UbuntuCve
UbuntuCve
added 2006/09/23 12:7 a.m.36 views

CVE-2006-4940

login/forgotpassword.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information e-mail addresses and Moodle account names via a find action...

5CVSS5.9AI score0.01241EPSS
Exploits0References1
NVD
NVD
added 2006/09/23 12:7 a.m.20 views

CVE-2006-4940

login/forgotpassword.php in Moodle before 1.6.2 allows remote attackers to obtain sensitive information e-mail addresses and Moodle account names via a find action...

5CVSS6.2AI score0.01241EPSS
Exploits0References1
CVE
CVE
added 2006/09/23 12:0 a.m.48 views

CVE-2006-4940

CVE-2006-4940 affects Moodle prior to 1.6.2. The issue is in login/forgot_password.php, where a find action can cause disclosure of sensitive user data, specifically e-mail addresses and Moodle account names. The NVD entry records a base CVSS score of 5.0 (Medium) with network access, low attack ...

5CVSS6.2AI score0.01241EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder