8 matches found
EUVD-2006-4569
Malware in sbrugna...
CVE-2006-4582
The CVE-2006-4582 entry describes a Cross-site request forgery (CSRF) vulnerability affecting The Address Book 1.04e. The issue allows remote attackers to perform unauthorized actions as other users, demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php...
CVE-2006-4582
Cross-site request forgery CSRF vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php...
CVE-2006-4581
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts...
CVE-2006-4575
The CVE-2006-4575 entry describes multiple SQL injection vulnerabilities in The Address Book 1.04e. Affected components include user.php (parameters: lastname, firstname, passwordOld, passwordNew, id, language, defaultLetter, newuserPass, newuserType, newuserEmail), search.php (parameters: goTo, ...
CVE-2006-4576
The vulnerability CVE-2006-4576 is an XSS in The Address Book 1.04e where remote attackers can inject arbitrary web script by uploading an HTML file with a GIF/JPG extension, which is then rendered by Internet Explorer. The provided connected documents confirm the affected product/version and the...
CVE-2006-4580
The CVE concerns The Address Book 1.04e: register.php allows remote attackers to bypass the 'Allow User Self-Registration' setting by supplying mode=confirm, enabling creation of arbitrary users. This is a client-side/configuration abuse affecting user provisioning, with the root cause described ...
CVE-2006-4581
Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts...