CVE-2006-2089

CVE-2025-21722 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago

CVE-2006-2089 - Multiple cross-site scripting (XSS) vulnerabilities in misc.php in MySmartBB 1.1.x allow remote attackers to inject arbitrary web script or HTML via the (1) id and (2) username parameters. ...
6 years ago

CVE-2010-2089 - The audioop module in Python 2.7 and 3.2 does not verify the relationships between size arguments and byte string lengths, which allows context-dependent attackers to cause a denial of service (memory corruption and application crash) via crafted ...
2 years ago

CVE-2012-2089 - Buffer overflow in ngx_http_mp4_module.c in the ngx_http_mp4_module module in nginx 1.0.7 through 1.0.14 and 1.1.3 through 1.1.18, when the mp4 directive is used, allows remote attackers to cause a denial of service (memory overwrite) or possibly ...
3 years ago

CVE-2002-2089 - Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. ...
16 years ago

CVE-2014-2089 - ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname. ...
11 years ago

CVE-2013-2089 - Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the file in /data. Per: ...
11 years ago

CVE-2015-2089 - Multiple cross-site request forgery (CSRF) vulnerabilities in the CrossSlide jQuery (crossslide-jquery-plugin-for-wordpress) plugin 2.0.5 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change ...
8 years ago

CVE-2004-2089 - Matrix FTP Server allows remote attackers to cause a denial of service (crash) by logging in using four spaces as the username and password and then issuing a LIST command. ...
7 years ago

CVE-2009-2089 - The Migration component in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.25 and 7.0 before 7.0.0.5, when tracing is enabled and a 6.1 to 7.0 migration has occurred, allows remote authenticated users to obtain sensitive information by ...
7 years ago

CVE-2011-2089 - Stack-based buffer overflow in the SetActiveXGUID method in the VersionInfo ActiveX control in GenVersion.dll 8.0.138.0 in the WebHMI subsystem in ICONICS BizViz 9.x before 9.22 and GENESIS32 9.x before 9.22 allows remote attackers to execute ...
7 years ago

CVE-2014-2620 - Unspecified vulnerability in HP Intelligent Management Center (iMC) before 7.0 E02020P03 and Branch Intelligent Management System (BIMS) before 7.0 E0201P02 allows remote attackers to obtain sensitive information via unknown vectors, aka ...
7 years ago

CVE-2008-2089 - Unspecified vulnerability in the SCTP protocol implementation in Sun Solaris 10 allows remote attackers to cause a denial of service (panic) via a crafted SCTP packet. ...
7 years ago

CVE-2016-2089 - The jas_matrix_clip function in jas_seq.c in JasPer 1.900.1 allows remote attackers to cause a denial of service (invalid read and application crash) via a crafted JPEG 2000 image. ...
7 years ago

CVE-2007-2089 - Multiple PHP remote file inclusion vulnerabilities in the Jx Development Article 1.1 and earlier component for Mambo and Joomla! allow remote attackers to execute arbitrary PHP code via a URL in the absolute_path parameter to com_articles.php in (1) ...
6 years ago

CVE-2005-2089 - Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, ...
6 years ago

CVE-2018-0225 - The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. ...
6 years ago

CVE-2019-2089 - In app uninstallation, there is a possible set of permissions that may not be removed from a shared app ID. This could lead to a local escalation of privilege with no additional execution privileges needed. User interaction is needed for ...
4 years ago

CVE-2021-2089 - Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Runtime Catalog). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with ...
4 years ago

CVE-2022-2089 - The Bold Page Builder WordPress plugin before 4.3.3 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed. ...
2 years ago

CVE-2023-2089 - A vulnerability was found in SourceCodester Complaint Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/userprofile.php of the component GET Parameter Handler. The manipulation of the ...
2 years ago

CVE-2017-2089 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com

CVE-2018-2089 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2024-2089 - The Remote Content Shortcode plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'remote_content' shortcode in all versions up to, and including, 1.5 due to insufficient input sanitization and output escaping on user ...
1 year ago

CVE-2020-2089 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2020. Notes: none ...
1 year ago