CVE-2006-2347

E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) archivos/ and (3) files/ directories. NOTE: this issue might be resultant from SQL injection.

Publication date: Thu, 18 Oct 2018 21:39:00 +0000

Cyber News related to CVE-2006-2347

CVE-2004-2404 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-2347. Reason: This candidate is a duplicate of CVE-2004-2347. Notes: All CVE users should reference CVE-2004-2347 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2022-48734 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix deadlock between quota disable and qgroup rescan worker Quota disable ioctl starts a transaction before waiting for the qgroup rescan worker completes. However, this wait ...
7 months ago Tenable.com

CVE-2006-2347 - E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in (1) the id parameter to form_grupo.html, or requests to the (2) ...
1 year ago

CVE-2012-2347 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2010-5102. Reason: This candidate is a duplicate of CVE-2010-5102. Notes: All CVE users should reference CVE-2010-5102 instead of this candidate. All references and descriptions in ...
55 years ago Tenable.com

CVE-2002-2347 - Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (OJSP) demo files (1) hellouser.jsp, (2) welcomeuser.jsp and (3) usebean.jsp in Oracle 9i Application Server 9.0.2, 1.0.2.2, 1.0.2.1s and 1.0.2 allows remote attackers to inject ...
16 years ago

CVE-2014-2347 - Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request. ...
10 years ago

CVE-2015-2347 - Cross-site scripting (XSS) vulnerability in Huawei SEQ Analyst before V200R002C03LG0001CP0022 allows remote attackers to inject arbitrary web script or HTML via the command XML element in the req parameter to flexdata.action in (1) common/, (2) ...
9 years ago

CVE-2004-2347 - blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attackers to execute arbitrary commands via shell metacharacters such as '|' in the file parameter of ViewFile requests. ...
7 years ago

CVE-2008-2347 - MyPicGallery 1.0 allows remote attackers to bypass application authentication and gain administrative access by setting the userID parameter to "admin" in a direct request to admin/addUser.php. ...
7 years ago

CVE-2007-2347 - PHP remote file inclusion vulnerability in main/forum/komentar.php in OneClick CMS (aka Sisplet CMS) 05.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the site_path parameter. ...
7 years ago

CVE-2009-2347 - Multiple integer overflows in inter-color spaces conversion tools in libtiff 3.8 through 3.8.2, 3.9, and 4.0 allow context-dependent attackers to execute arbitrary code via a TIFF image with large (1) width and (2) height values, which triggers a ...
1 year ago

CVE-2010-2347 - The Telnet interface in the SAP J2EE Engine Core (SAP-JEECOR) 6.40 through 7.02, and Server Core (SERVERCORE) 7.10 through 7.30 allows remote authenticated users to bypass a security check and conduct SMB relay attacks via unspecified vectors. ...
6 years ago

CVE-2008-5381 - Buffer overflow in the URL processing in ffdshow (aka ffdshow-tryout) before SVN revision 2347 allows remote attackers to execute arbitrary code via a long URL. ...
6 years ago

CVE-2016-2347 - Integer underflow in the decode_level3_header function in lib/lha_file_header.c in Lhasa before 0.3.1 allows remote attackers to execute arbitrary code via a crafted archive. ...
6 years ago

CVE-2013-2347 - The Backup Client Service (OmniInet.exe) in HP Storage Data Protector 6.2X allows remote attackers to execute arbitrary commands or cause a denial of service via a crafted EXEC_BAR packet to TCP port 5555, aka ZDI-CAN-1885. ...
5 years ago

CVE-2017-2347 - A denial of service vulnerability in rpd daemon of Juniper Networks Junos OS allows a malformed MPLS ping packet to crash the rpd daemon if MPLS OAM is configured. Repeated crashes of the rpd daemon can result in an extended denial of service ...
5 years ago

CVE-2011-2347 - Google Chrome before 12.0.742.112 does not properly handle Cascading Style Sheets (CSS) token sequences, which allows remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors. ...
4 years ago

CVE-2021-2347 - Vulnerability in the Hyperion Infrastructure Technology product of Oracle Hyperion (component: Lifecycle Management). The supported version that is affected is 11.2.5.0. Easily exploitable vulnerability allows high privileged attacker with network ...
3 years ago

CVE-2022-2347 - There exists an unchecked length field in UBoot. The U-Boot DFU implementation does not bound the length field in USB DFU download setup packets, and it does not verify that the transfer direction corresponds to the specified command. Consequently, ...
2 years ago

CVE-2023-23568 - ...
1 year ago

CVE-2023-22428 - ...
1 year ago

CVE-2023-25074 - ...
1 year ago

CVE-2023-2347 - A vulnerability was found in SourceCodester Service Provider Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/services/manage_service.php. The manipulation of the argument id leads to ...
1 year ago

CVE-2018-2347 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com

CVE-2024-26805 - In the Linux kernel, the following vulnerability has been resolved: netlink: Fix kernel-infoleak-after-free in __skb_datagram_iter syzbot reported the following uninit-value access issue [1]: netlink_to_full_skb() creates a new `skb` and puts the ...
10 months ago Tenable.com

Latest Cyber News

CVE-2025-24973 - 17 hours ago
CVE-2025-24976 - 17 hours ago
CVE-2025-24807 - 17 hours ago
CVE-2025-24896 - 17 hours ago
CVE-2025-24897 - 17 hours ago
CVE-2025-24900 - 17 hours ago
CVE-2025-22467 - 17 hours ago
CVE-2024-47908 - 17 hours ago
CVE-2024-13813 - 17 hours ago
CVE-2024-13830 - 17 hours ago
CVE-2024-13842 - 17 hours ago
CVE-2024-13843 - 17 hours ago
CVE-2024-10644 - 17 hours ago
CVE-2024-11771 - 17 hours ago
CVE-2024-12058 - 17 hours ago
CVE-2024-12797 - 17 hours ago
CVE-2024-33659 - 18 hours ago
CVE-2025-1231 - 19 hours ago
CVE-2025-26492 - 19 hours ago
CVE-2025-26493 - 19 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2024-10334 - 1 day ago
CVE-2025-1149 - 1 day ago
CVE-2024-11831 - 1 day ago
CVE-2024-12133 - 1 day ago
CVE-2024-12243 - 1 day ago
CVE-2024-57950 - 1 day ago
CVE-2025-21686 - 1 day ago
CVE-2025-21687 - 1 day ago
CVE-2025-21688 - 1 day ago
CVE-2025-21689 - 1 day ago
CVE-2025-21690 - 1 day ago
CVE-2025-21691 - 1 day ago
CVE-2025-21692 - 1 day ago
CVE-2025-21693 - 1 day ago
CVE-2025-24031 - 1 day ago
CVE-2025-24032 - 1 day ago
CVE-2025-24892 - 1 day ago
CVE-2025-25186 - 1 day ago
CVE-2025-1150 - 1 day ago
CVE-2025-1151 - 1 day ago