CyberSecurityBoard
Sponsor Register Login

CVE-2006-0372

Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. BlogPHP version 2.0 was released to fix the config.php exploit and is available for download at <a href"http://sourceforge.net/project/showfiles.php?group_id156043">http://sourceforge.net/project/showfiles.php?group_id156043</a>.

Publication date: Mon, 23 Jan 2006 02:03:00 +0000


Cyber News related to CVE-2006-0372

CVE-2006-0372 - Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. BlogPHP version 2.0 was ...
6 years ago Insane
CVE-2003-0374 - Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus and possibly libnasl, a different set of vulnerabilities than those identified by CVE-2003-0372 and CVE-2003-0373, aka "similar issues in other nasl functions as well as in ...
8 years ago
CVE-2022-0372 - Cross-site Scripting (XSS) - Stored in Packagist bytefury/crater prior to 6.0.2. ...
3 years ago
CVE-2011-0372 - The CGI implementation on Cisco TelePresence endpoint devices with software 1.2.x through 1.5.x allows remote attackers to execute arbitrary commands via a malformed request, related to "command injection vulnerabilities," aka Bug ID ...
13 years ago
CVE-2013-0372 - Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 11.1.0.1 and 12.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3; and EM Plugin for DB 12.1.0.2 allows remote ...
9 years ago
CVE-2003-0372 - Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows local users with plugin upload privileges to cause a denial of service (core dump) and possibly execute arbitrary code by causing a negative argument to be provided to the insstr ...
8 years ago
CVE-2016-0372 - IBM Rational Collaborative Lifecycle Management 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and 6.0 before 6.0.2 iFix5; Rational Quality Manager 3.0.1.6 before iFix8, 4.0 before 4.0.7 iFix11, 5.0 before 5.0.2 iFix18, and ...
8 years ago
CVE-2004-0372 - xine allows local users to overwrite arbitrary files via a symlink attack on a bug report email that is generated by the (1) xine-bugreport or (2) xine-check scripts. ...
7 years ago
CVE-2010-0372 - SQL injection vulnerability in the Articlemanager (com_articlemanager) component for Joomla! allows remote attackers to execute arbitrary SQL commands via the artid parameter in a display action to index.php. ...
7 years ago
CVE-2015-0372 - Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5 allows remote attackers to affect confidentiality via unknown vectors. ...
7 years ago
CVE-2009-0372 - Unrestricted file upload vulnerability in index.php in Miltenovik Manojlo MemHT Portal 4.0.1 and earlier allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension and an image content type via a ...
7 years ago
CVE-2000-0372 - Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges. ...
7 years ago
CVE-2001-0372 - Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a default group account :backup with no password, which allows a remote attacker to gain administrative access via the demo stores (1) barry, (2) basic, or (3) construct. ...
7 years ago
CVE-2017-0372 - Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities. ...
6 years ago
CVE-2014-0372 - Unspecified vulnerability in the Oracle Demantra Demand Management component in Oracle Supply Chain Products Suite 7.2.0.3 SQL-Server, 7.3.0, 7.3.1, 12.2.1, and 12.2.2 allows remote authenticated users to affect confidentiality and integrity via ...
6 years ago
CVE-1999-0372 - The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted. ...
6 years ago
CVE-2008-0372 - 8e6 R3000 Internet Filter 2.0.05.33, and other versions before 2.0.11, allows remote attackers to bypass intended restrictions via a fragmented HTTP request. ...
6 years ago
CVE-2007-0372 - Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 7.9 allow remote attackers to execute arbitrary SQL commands via (1) the active parameter in admin/modules/modules.php; the (2) ad_class, (3) imageurl, (4) clickurl, (5) ad_code, or ...
6 years ago
CVE-2002-0372 - Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation ...
6 years ago
CVE-2018-0372 - A vulnerability in the DHCPv6 feature of the Cisco Nexus 9000 Series Fabric Switches in Application-Centric Infrastructure (ACI) Mode could allow an unauthenticated, remote attacker to cause the device to run low on system memory, which could result ...
5 years ago
CVE-2020-0372 - In ActivityManager, there is a possible access to protected data due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for ...
4 years ago
CVE-2021-0372 - In getMediaOutputSliceAction of RemoteMediaSlice.java, there is a possible permission bypass due to an unsafe PendingIntent. This could lead to local escalation of privilege with User execution privileges needed. User interaction is not needed for ...
2 years ago
CVE-2023-0372 - The EmbedStories WordPress plugin before 0.7.5 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to ...
2 years ago
CVE-2005-0372 - Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command. ...
1 year ago
CVE-2024-0372 - The Views for WPForms – Display & Edit WPForms Entries on your site frontend plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_form_fields' function in all versions up to, ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)