CVE-2006-0880

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and (3) lowerTemplate parameters.

Publication date: Fri, 24 Feb 2006 17:02:00 +0000


Cyber News related to CVE-2006-0880

CVE-2006-0880 - Multiple cross-site scripting (XSS) vulnerabilities in index.php in Noah's Classifieds 1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) inf parameter; or, when register_globals is enabled, the (2) upperTemplate and ...
6 years ago
CVE-2020-0774 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0874, CVE-2020-0879, ...
3 years ago
CVE-2020-0879 - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure ...
3 years ago
CVE-2020-0874 - An information disclosure vulnerability exists in the way that the Windows Graphics Device Interface (GDI) handles objects in memory, allowing an attacker to retrieve information from a targeted system, aka 'Windows GDI Information Disclosure ...
3 years ago
CVE-2020-0880 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, ...
3 years ago
CVE-2020-0882 - An information disclosure vulnerability exists when the Windows GDI component improperly discloses the contents of its memory, aka 'Windows GDI Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2020-0774, CVE-2020-0874, ...
3 years ago
CVE-2011-0880 - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability ...
8 years ago
CVE-2011-0835 - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability ...
8 years ago
CVE-2011-0832 - Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.1, and 11.2.0.2 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors, a different vulnerability ...
8 years ago
CVE-2018-0882 - The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of ...
2 years ago
CVE-2018-0880 - The Desktop Bridge in Windows 10 1607, 1703, and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability due to how the virtual registry is managed, aka "Windows Desktop Bridge Elevation of ...
2 years ago
CVE-2003-0880 - Unknown vulnerability in Mac OS X before 10.3 allows local users to access Dock functions from behind Screen Effects when Full Keyboard Access is enabled using the Keyboard pane in System Preferences. ...
16 years ago
CVE-2015-0880 - Buffer overflow in CREAR AL-Mail32 before 1.13d allows remote attackers to execute arbitrary code via a long filename of an attachment. ...
9 years ago
CVE-2004-0880 - getmail 4.x before 4.2.0, when run as root, allows local users to overwrite arbitrary files via a symlink attack on an mbox file. ...
7 years ago
CVE-2005-0880 - content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message. ...
7 years ago
CVE-2010-0880 - Unspecified vulnerability in the PeopleTools component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.49.26 and 8.50.07 allows remote attackers to affect confidentiality and integrity via unknown vectors. ...
7 years ago
CVE-2012-0880 - Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions. ...
7 years ago
CVE-2014-0880 - IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CLI access, and consequently cause a denial of ...
7 years ago
CVE-2008-0880 - SQL injection vulnerability in modules.php in the EasyContent module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the page_id parameter. ...
7 years ago
CVE-2000-0880 - LPPlus creates the lpdprocess file with world-writeable permissions, which allows local users to kill arbitrary processes by specifying an alternate process ID and using the setuid dcclpdshut program to kill the process that was specified in the ...
7 years ago
CVE-2009-0880 - Directory traversal vulnerability in the CIM server in IBM Director before 5.20.3 Service Update 2 on Windows allows remote attackers to load and execute arbitrary local DLL code via a .. (dot dot) in a /CIMListener/ URI in an M-POST request. Per: ...
6 years ago
CVE-2007-0880 - Capital Request Forms stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain database credentials via a direct request for inc/common_db.inc. ...
6 years ago
CVE-2002-0880 - Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attackers to cause a denial of service (crash) via malformed packets as demonstrated by (1) "jolt", (2) "jolt2", (3) "raped", (4) "hping2", (5) ...
6 years ago
CVE-2017-0880 - A denial of service vulnerability in the Android media framework (libskia). Product: Android. Versions: 7.0, 7.1.1, 7.1.2. Android ID A-65646012. ...
5 years ago
CVE-2019-0880 - A local elevation of privilege vulnerability exists in how splwow64.exe handles certain calls, aka 'Microsoft splwow64 Elevation of Privilege Vulnerability'. ...
4 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)