CyberSecurityBoard
Sponsor Register Login

CVE-2006-2358

Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Publication date: Mon, 15 May 2006 15:02:00 +0000


Cyber News related to CVE-2006-2358

CVE-2006-2358 - Multiple cross-site scripting (XSS) vulnerabilities in various scripts in Web-Labs CMS allow remote attackers to inject arbitrary web script or HTML via (1) the search parameter and (2) unspecified fields related to e-mail alerts. NOTE: the ...
7 years ago
CVE-2013-2360 - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2359. ...
5 years ago
CVE-2013-2359 - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2358, and CVE-2013-2360. ...
5 years ago
CVE-2013-2358 - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2357, CVE-2013-2359, and CVE-2013-2360. ...
5 years ago
CVE-2013-2357 - Unspecified vulnerability in HP System Management Homepage (SMH) before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors, a different vulnerability than CVE-2013-2358, CVE-2013-2359, and CVE-2013-2360. ...
5 years ago
CVE-2007-2358 - ** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in b2evolution allow remote attackers to execute arbitrary PHP code via a URL in the (1) inc_path parameter to (a) a_noskin.php, (b) a_stub.php, (c) admin.php, (d) contact.php, (e) ...
6 years ago
CVE-2002-2358 - Cross-site scripting (XSS) vulnerability in the FTP view feature in Opera 6.0 and 6.01 through 6.04 allows remote attackers to inject arbitrary web script or HTML via the title tag of an FTP URL. ...
16 years ago
CVE-2005-2358 - EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list arbitrary directories via an HTTP request for a directory that ends in a "." (trailing dot). ...
16 years ago
CVE-2014-2358 - Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative web interface in the proxy server on Fox-IT Fox DataDiode appliances before 1.7.2 allow remote attackers to hijack the authentication of administrators for requests that ...
10 years ago
CVE-2004-2358 - Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB 2.0.6c allows remote attackers to inject arbitrary web script or HTML via the id parameter. ...
7 years ago
CVE-2017-2358 - An issue was discovered in certain Apple products. macOS before 10.12.3 is affected. The issue involves the "Graphics Drivers" component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service ...
7 years ago
CVE-2010-2358 - PHP remote file inclusion vulnerability in modules/catalog/upload_photo.php in Nakid CMS 0.5.2, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ...
7 years ago
CVE-2008-2358 - Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature ...
7 years ago
CVE-2009-2358 - TekRADIUS 3.0 uses BUILTIN\Users:R permissions for the TekRADIUS.ini file, which allows local users to obtain obfuscated database credentials by reading this file. ...
6 years ago
CVE-2016-2358 - Milesight IP security cameras through 2016-11-14 have a default set of 10 privileged accounts with hardcoded credentials. They are accessible if the customer has not configured 10 actual user accounts. ...
5 years ago
CVE-2011-2358 - Google Chrome before 13.0.782.107 does not ensure that extension installations are confirmed by a browser dialog, which makes it easier for remote attackers to modify the product's functionality via a Trojan horse extension. ...
4 years ago
CVE-2012-2358 - Moodle 2.0.x before 2.0.9, 2.1.x before 2.1.6, and 2.2.x before 2.2.3 allows remote authenticated users to bypass an activity's read-only state and modify the database by leveraging the student role and editing database activity entries that ...
4 years ago
CVE-2021-2358 - Vulnerability in the Oracle Access Manager product of Oracle Fusion Middleware (component: Rest interfaces for Access Mgr). The supported version that is affected is 11.1.2.3.0. Easily exploitable vulnerability allows high privileged attacker with ...
3 years ago
CVE-2010-4260 - Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and ...
2 years ago
CVE-2023-2358 - ...
1 year ago
CVE-2018-2358 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com
CVE-2024-2358 - A path traversal vulnerability in the '/apply_settings' endpoint of parisneo/lollms-webui allows attackers to execute arbitrary code. The vulnerability arises due to insufficient sanitization of user-supplied input in the configuration ...
11 months ago
CVE-2019-2358 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2019. Notes: none ...
1 year ago
CVE-2025-2358 - A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The ...
1 month ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)