CyberSecurityBoard
Sponsor Register Login

CVE-2006-1563

Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts. Successful exploitation requires that "magic_quotes_gpc" is set to off.

Publication date: Fri, 31 Mar 2006 17:06:00 +0000


Cyber News related to CVE-2006-1563

CVE-2024-50293 - In the Linux kernel, the following vulnerability has been resolved: net/smc: do not leave a dangling sk pointer in __smc_create() Thanks to commit 4bbd360a5084 ("socket: Print pf->create() when it does not clear sock->sk on failure."), syzbot found ...
2 days ago Tenable.com
CVE-2006-1563 - Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts. Successful ...
6 years ago
CVE-2009-1563 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-0689. Reason: This candidate is a duplicate of CVE-2009-0689. Certain codebase relationships were not originally clear. Notes: All CVE users should reference CVE-2009-0689 ...
54 years ago Tenable.com
CVE-2001-1563 - Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources. NOTE: due to the vagueness of the vendor advisory, it is not clear whether this issue is already covered by other CVE ...
7 years ago
CVE-1999-1563 - Nachuatec D435 and D445 printer allows remote attackers to cause a denial of service via ICMP redirect storm. ...
16 years ago
CVE-2010-1563 - The SIP implementation on the Cisco PGW 2200 Softswitch with software 9.7(3)S before 9.7(3)S9 and 9.7(3)P before 9.7(3)P9 allows remote attackers to cause a denial of service (device crash) via a malformed header, aka Bug ID CSCsk04588. ...
14 years ago
CVE-2007-1563 - The FTP protocol implementation in Opera 9.10 allows remote attackers to allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in ...
13 years ago
CVE-2002-1563 - stunnel 4.0.3 and earlier allows attackers to cause a denial of service (crash) via SIGCHLD signal handler race conditions that cause an inconsistency in the child counter. ...
8 years ago
CVE-2005-1563 - Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products. ...
8 years ago
CVE-2004-1563 - Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow remote attackers to execute arbitrary web script or HTML via the (1) thread parameter to download_thread.php, (2) loginuser parameter to login.php, or (3) userid parameter to ...
7 years ago
CVE-2016-1563 - NetApp Clustered Data ONTAP 8.3.1 does not properly verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
7 years ago
CVE-2017-1563 - IBM Doors Web Access 9.5 and 9.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a ...
6 years ago
CVE-2008-1563 - The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet. ...
6 years ago
CVE-2011-1563 - Multiple stack-based buffer overflows in the HMI application in DATAC RealFlex RealWin 2.1 (Build 6.1.10.10) and earlier allow remote attackers to execute arbitrary code via (1) a long username in an On_FC_CONNECT_FCS_LOGIN packet, and crafted (2) ...
13 years ago
CVE-2003-1563 - Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Application Clusters (OPS/RAC) allows local users to cause a denial of service (cluster node panic or abort) by launching a daemon listening on a TCP port that would otherwise be used by ...
6 years ago
CVE-2015-1563 - The ARM GIC distributor virtualization in Xen 4.4.x and 4.5.x allows local guests to cause a denial of service by causing a large number messages to be logged. ...
6 years ago
CVE-2014-1563 - Use-after-free vulnerability in the mozilla::DOMSVGLength::GetTearOff function in Mozilla Firefox before 32.0, Firefox ESR 31.x before 31.1, and Thunderbird 31.x before 31.1 allows remote attackers to execute arbitrary code or cause a denial of ...
6 years ago
CVE-2018-1563 - IBM Sterling B2B Integrator Standard Edition (IBM Sterling File Gateway 2.2.0 through 2.2.6) is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended ...
5 years ago
CVE-2012-1563 - Joomla! before 2.5.3 allows Admin Account Creation. ...
4 years ago
CVE-2020-1563 - A remote code execution vulnerability exists in Microsoft Office software when the software fails to properly handle objects in memory, aka 'Microsoft Office Remote Code Execution Vulnerability'. ...
3 years ago
CVE-2019-1563 - In situations where an attacker receives automated notification of the success or failure of a decryption attempt an attacker, after sending a very large number of messages to be decrypted, can recover a CMS/PKCS7 transported encryption key or ...
3 years ago
CVE-2013-1563 - Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and JavaFX 2.2.7 and earlier allows remote attackers to affect confidentiality, integrity, and availability ...
2 years ago
CVE-2023-1563 - A vulnerability has been found in SourceCodester Student Study Center Desk Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/assign/assign.php. The manipulation of the ...
1 year ago
CVE-2022-1563 - The WPGraphQL WooCommerce WordPress plugin before 0.12.4 does not prevent unauthenticated attackers from enumerating a shop's coupon codes and values via GraphQL. ...
9 months ago
CVE-2024-1563 - An attacker could have executed unauthorized scripts on top origin sites using a JavaScript URI when opening an external URL with a custom Firefox scheme and a timeout race condition. This vulnerability affects Focus for iOS < 122. ...
8 months ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)