CVE List - 2006 / January
Showing 301 - 400 of 509 CVEs for January 2006 (Page 4 of 6)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2006-0260 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Database server 9.2.0.7 and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB05 in the (a) Data Pump component; (2)... |
| CVE-2006-0261 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.5 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB07 in the Dictionary component and... |
| CVE-2006-0262 | 2006-01-18 | Unspecified vulnerability in the Net Foundation Layer component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln#... |
| CVE-2006-0263 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB09 in the... |
| CVE-2006-0265 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, 10.1.0.5, and 10.2.0.1 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) DB17 in the Oracle Text... |
| CVE-2006-0266 | 2006-01-18 | Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.0.1.5, 9.2.0.7, and 10.1.0.5 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB19. |
| CVE-2006-0267 | 2006-01-18 | Unspecified vulnerability in the Query Optimizer component of Oracle Database server 9.2.0.6 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB20. |
| CVE-2006-0268 | 2006-01-18 | Unspecified vulnerability in the Security component of Oracle Database server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.6, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB21. |
| CVE-2006-0269 | 2006-01-18 | Unspecified vulnerability in the Streams Capture component of Oracle Database server 10.1.0.5 and 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB25. NOTE: details are unavailable... |
| CVE-2006-0270 | 2006-01-18 | Unspecified vulnerability in the Transparent Data Encryption (TDE) Wallet component of Oracle Database server 10.2.0.1 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB27. NOTE: Oracle has... |
| CVE-2006-0271 | 2006-01-18 | Unspecified vulnerability in the Upgrade & Downgrade component of Oracle Database server 8.1.7.4, 9.0.1.5, 9.2.0.7, and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB28. NOTE:... |
| CVE-2006-0272 | 2006-01-18 | Unspecified vulnerability in the XML Database component of Oracle Database server 9.2.0.7 and 10.1.0.4 has unspecified impact and attack vectors, as identified by Oracle Vuln# DB29. NOTE: based on mutual... |
| CVE-2006-0273 | 2006-01-18 | Unspecified vulnerability in the Portal component of Oracle Application Server 9.0.4.2 and 10.1.2.0 has unspecified impact and attack vectors, as identified by Oracle Vuln# AS01. |
| CVE-2006-0274 | 2006-01-18 | Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 and 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP03. |
| CVE-2006-0275 | 2006-01-18 | Unspecified vulnerability in the Oracle Reports Developer component of Oracle Application Server 9.0.4.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# REP04. NOTE: Oracle has not disputed... |
| CVE-2006-0276 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, 2) OCS02, 3) OCS03, 4)... |
| CVE-2006-0277 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in the (a) Application Install component; (2)... |
| CVE-2006-0278 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5.9 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS02 in the (a) CRM Technical Foundation component;... |
| CVE-2006-0279 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 4.3 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) APPS13 and (2) APPS14 in the Oracle iLearning... |
| CVE-2006-0280 | 2006-01-18 | Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01. |
| CVE-2006-0281 | 2006-01-18 | Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01. |
| CVE-2006-0282 | 2006-01-18 | Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact... |
| CVE-2006-0283 | 2006-01-18 | Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02... |
| CVE-2006-0284 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and... |
| CVE-2006-0285 | 2006-01-18 | Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack... |
| CVE-2006-0286 | 2006-01-18 | Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack... |
| CVE-2006-0287 | 2006-01-18 | Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02. |
| CVE-2006-0288 | 2006-01-18 | Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle... |
| CVE-2006-0289 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06... |
| CVE-2006-0290 | 2006-01-18 | Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack... |
| CVE-2006-0291 | 2006-01-18 | Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and... |
| CVE-2006-0302 | 2006-01-19 | ZyXel P2000W VoIP 802.11b Wireless Phone running firmware WV.00.02 allows remote attackers to obtain sensitive information, such as MAC address and software version, by directly accessing UDP port 9090. |
| CVE-2006-0304 | 2006-01-19 | Buffer overflow in Dual DHCP DNS Server 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via the DHCP options field. |
| CVE-2006-0305 | 2006-01-19 | Clipcomm CPW-100E VoIP 802.11b Wireless Handset Phone running firmware 1.1.12 (051129) and CP-100E VoIP 802.11b Wireless Phone running firmware 1.1.60 allows remote attackers to gain unauthorized access via the debug... |
| CVE-2006-0306 | 2006-01-19 | The DM Primer (dmprimer.exe) in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter... |
| CVE-2006-0307 | 2006-01-19 | The DM Primer in the DM Deployment Common Component in Computer Associates (CA) BrightStor Mobile Backup r4.0, BrightStor ARCserve Backup for Laptops & Desktops r11.0, r11.1, r11.1 SP1, Unicenter Remote... |
| CVE-2006-0308 | 2006-01-19 | PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL... |
| CVE-2006-0303 | 2006-01-19 | Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors. |
| CVE-2005-3340 | 2006-01-19 | The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors. |
| CVE-2005-4665 | 2006-01-19 | Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags. |
| CVE-2006-0226 | 2006-01-19 | Integer overflow in IEEE 802.11 network subsystem (ieee80211_ioctl.c) in FreeBSD before 6.0-STABLE, while scanning for wireless networks, allows remote attackers to execute arbitrary code by broadcasting crafted (1) beacon or... |
| CVE-2006-0309 | 2006-01-19 | Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length. |
| CVE-2006-0310 | 2006-01-19 | Cross-site scripting (XSS) vulnerability in aoblogger 2.3 allows remote attackers to inject arbitrary Javascript via a javascript URI in the BBcode url tag. |
| CVE-2006-0311 | 2006-01-19 | SQL injection vulnerability in login.php in aoblogger 2.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. |
| CVE-2006-0312 | 2006-01-19 | create.php in aoblogger 2.3 allows remote attackers to bypass authentication and create new blog entries by setting the uza parameter to 1. |
| CVE-2006-0313 | 2006-01-19 | Multiple SQL injection vulnerabilities in PDFdirectory before 1.0 allow remote attackers to execute arbitrary SQL commands via multiple unspecified vectors involving (1) util.php, (2) userpref.php, (3) user.php, (4) uploadfrm.php, (5)... |
| CVE-2006-0315 | 2006-01-19 | index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces... |
| CVE-2006-0316 | 2006-01-19 | Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute... |
| CVE-2006-0317 | 2006-01-19 | Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which... |
| CVE-2006-0318 | 2006-01-19 | SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login... |
| CVE-2006-0319 | 2006-01-19 | Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT,... |
| CVE-2006-0320 | 2006-01-19 | SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. |
| CVE-2006-0314 | 2006-01-19 | PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection... |
| CVE-2005-4666 | 2006-01-19 | Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors. |
| CVE-2006-0322 | 2006-01-19 | Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." |
| CVE-2006-0324 | 2006-01-19 | SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. |
| CVE-2006-0019 | 2006-01-20 | Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted,... |
| CVE-2006-0045 | 2006-01-20 | crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. |
| CVE-2006-0325 | 2006-01-20 | Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote... |
| CVE-2006-0327 | 2006-01-21 | TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and... |
| CVE-2006-0328 | 2006-01-21 | Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. |
| CVE-2006-0329 | 2006-01-21 | SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. |
| CVE-2006-0330 | 2006-01-21 | Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). |
| CVE-2006-0331 | 2006-01-21 | Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. |
| CVE-2006-0332 | 2006-01-21 | Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. |
| CVE-2006-0333 | 2006-01-21 | Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. |
| CVE-2006-0334 | 2006-01-21 | Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. NOTE: some sources claim... |
| CVE-2006-0335 | 2006-01-21 | Multiple unspecified vulnerabilities in Kerio WinRoute Firewall before 6.1.4 Patch 1 allow remote attackers to cause a denial of service via multiple unspecified vectors involving (1) long strings received from... |
| CVE-2006-0336 | 2006-01-21 | Kerio WinRoute Firewall before 6.1.4 Patch 2 allows attackers to cause a denial of service (CPU consumption and hang) via unknown vectors involving "browsing the web". |
| CVE-2006-0337 | 2006-01-21 | Buffer overflow in multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for... |
| CVE-2006-0338 | 2006-01-21 | Multiple F-Secure Anti-Virus products and versions for Windows and Linux, including Anti-Virus for Windows Servers 5.52 and earlier, Internet Security 2004, 2005 and 2006, and Anti-Virus for Linux Servers 4.64... |
| CVE-2006-0339 | 2006-01-21 | Buffer overflow in BitComet Client 0.60 allows remote attackers to execute arbitrary code, when the publisher's name link is clicked, via a long publisher URI in a torrent file. |
| CVE-2006-0340 | 2006-01-21 | Unspecified vulnerability in Stack Group Bidding Protocol (SGBP) support in Cisco IOS 12.0 through 12.4 running on various Cisco products, when SGBP is enabled, allows remote attackers on the local... |
| CVE-2006-0341 | 2006-01-21 | Cross-site scripting (XSS) vulnerability in WCONSOLE.DLL in Rockliffe MailSite 5.x and 6.1.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string. |
| CVE-2006-0342 | 2006-01-21 | RockLiffe MailSite HTTP Mail management agent (httpma) 7.0.3.1 allows remote attackers to cause a denial of service (CPU consumption and crash) via a malformed query string containing special characters such... |
| CVE-2006-0343 | 2006-01-21 | Unspecified vulnerability in the Port Discovery Standard and Advanced features in Hitachi JP1/NetInsight II allows attackers to stop the Port Discovery service via unknown vectors involving "invalid format data". |
| CVE-2006-0344 | 2006-01-21 | Directory traversal vulnerability in Intervations FileCOPA FTP Server 1.01 allows remote attackers to read and write arbitrary files via a .. (dot dot) in the (1) STOR and (2) RETR... |
| CVE-2006-0345 | 2006-01-21 | Multiple SQL injection vulnerabilities in SaralBlog 1.0 allow remote attackers to execute arbitrary SQL commands via the search parameter to search.php. NOTE: the id/viewprofile.php issue is already covered by CVE-2005-4058. |
| CVE-2006-0346 | 2006-01-21 | Cross-site scripting (XSS) vulnerability in SaralBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via a website field in a new comment to view.php, which is not... |
| CVE-2006-0347 | 2006-01-21 | Directory traversal vulnerability in ELOG before 2.6.1 allows remote attackers to access arbitrary files outside of the elog directory via "../" (dot dot) sequences in the URL. |
| CVE-2006-0348 | 2006-01-21 | Format string vulnerability in the write_logfile function in ELOG before 2.6.1 allows remote attackers to cause a denial of service (server crash) via unknown attack vectors. NOTE: the provenance of... |
| CVE-2006-0349 | 2006-01-21 | SQL injection vulnerability in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to blog.php. |
| CVE-2006-0350 | 2006-01-21 | Cross-site scripting (XSS) vulnerability in eggblog 2.0 allow remote attackers to inject arbitrary web script or HTML via the message field to topic.php. |
| CVE-2006-0351 | 2006-01-21 | Unspecified "critical denial-of-service vulnerability" in MyDNS before 1.1.0 has unknown impact and attack vectors. |
| CVE-2006-0352 | 2006-01-21 | The default configuration of Fluffington FLog 1.01 installs users.0.dat under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (login credentials) via... |
| CVE-2006-0353 | 2006-01-22 | unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which... |
| CVE-2006-0354 | 2006-01-22 | Cisco IOS before 12.3-7-JA2 on Aironet Wireless Access Points (WAP) allows remote authenticated users to cause a denial of service (termination of packet passing or termination of client connections) by... |
| CVE-2006-0355 | 2006-01-22 | Helmsman Research (aka CoolUtils) HomeFtp 1.1 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command and an NLST... |
| CVE-2006-0356 | 2006-01-22 | Ari Pikivirta Home Ftp Server 1.0.7 allows remote attackers to cause an unspecified denial of service via a long USER command combined with a long PASS command. |
| CVE-2006-0357 | 2006-01-22 | Grant Averett Cerberus FTP Server 2.32, and possibly earlier versions, allows remote attackers to cause an unspecified denial of service via a long string that does not contain a valid... |
| CVE-2006-0358 | 2006-01-22 | Multiple SQL injection vulnerabilities in PowerPortal, possibly 1.1 beta through 1.3, allow remote attackers to execute arbitrary SQL commands via the search parameter in (1) index.php and (2) search.php. NOTE:... |
| CVE-2006-0359 | 2006-01-22 | Buffer overflow in CounterPath eyeBeam SIP Softphone allows remote attackers to (1) cause a denial of service (device crash) via SIP INVITE commands with a long header field name sent... |
| CVE-2006-0360 | 2006-01-22 | MPM SIP HP-180W Wireless IP Phone WE.00.17 allows remote attackers to obtain sensitive information and possibly cause a denial of service via a direct connection to UDP port 9090, which... |
| CVE-2006-0361 | 2006-01-22 | Cross-site scripting (XSS) vulnerability in addcomment.php in Bit 5 Blog 8.01 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an <a> tag in... |
| CVE-2006-0362 | 2006-01-22 | TippingPoint Intrusion Prevention System (IPS) TOS before 2.1.4.6324, and TOS 2.2.x before 2.2.1.6506, allow remote attackers to cause a denial of service (CPU consumption) via an unknown vector, probably involving... |
| CVE-2006-0363 | 2006-01-22 | The "Remember my Password" feature in MSN Messenger 7.5 stores passwords in an encrypted format under the HKEY_CURRENT_USER\Software\Microsoft\IdentityCRL\Creds registry key, which might allow local users to obtain the original passwords... |
| CVE-2006-0364 | 2006-01-22 | Cross-site scripting (XSS) vulnerability in MyBulletinBoard (MyBB) allows remote attackers to inject arbitrary web script or HTML via a signature containing a JavaScript URI in the SRC attribute of an... |
| CVE-2006-0365 | 2006-01-22 | Cross-site scripting (XSS) vulnerability in XMB (aka extreme message board) allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element. |
| CVE-2006-0366 | 2006-01-22 | Cross-site scripting (XSS) vulnerability in Phpclanwebsite (aka PCW) allows remote attackers to inject arbitrary web script or HTML via a javascript URI in a BBCode img tag. |
| CVE-2006-0367 | 2006-01-22 | Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative... |