CVE-2006-2650

SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter.

Publication date: Tue, 30 May 2006 15:02:00 +0000

Cyber News related to CVE-2006-2650

CVE-2014-2984 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-2650. Reason: This candidate is a reservation duplicate of CVE-2014-2650. Notes: All CVE users should reference CVE-2014-2650 instead of this candidate. All references and ...
54 years ago Tenable.com

CVE-2006-2650 - SQL injection vulnerability in cosmicshop/search.php in CosmicShoppingCart allows remote attackers to execute arbitrary SQL commands via the max parameter. ...
7 years ago

ICONICS and Mitsubishi Electric Products - RISK EVALUATION. Successful exploitation of these vulnerabilities could result in denial of service, improper privilege management, or potentially remote code execution. A denial-of-service vulnerability due to an allocation of resources without ...
3 months ago Cisa.gov

CVE-2016-0462 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework, a different ...
8 years ago

CVE-2004-2650 - Spooler in Apache Foundation James 2.2.0 allows local users to cause a denial of service (memory consumption) by triggering various error conditions in the retrieve function, which prevents a lock from being released and causes a memory leak. ...
16 years ago

CVE-2005-2650 - Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters. ...
16 years ago

CVE-2011-2650 - Cross-site scripting (XSS) vulnerability in Kiwi before 3.74.2, as used in SUSE Studio 1.1 before 1.1.4, allows remote attackers to inject arbitrary web script or HTML via a crafted pattern name that is included in an RPM info display. ...
7 years ago

CVE-2009-2650 - Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file. ...
7 years ago

CVE-2015-2650 - Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.53 and 8.54 allows remote authenticated users to affect confidentiality via unknown vectors related to Multichannel Framework. ...
7 years ago

CVE-2008-2650 - Directory traversal vulnerability in cmsimple/cms.php in CMSimple 3.1, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the sl parameter to index.php. NOTE: this can be ...
7 years ago

CVE-2018-2650 - Vulnerability in the Oracle Hospitality Reporting and Analytics component of Oracle Hospitality Applications (subcomponent: Report). Supported versions that are affected are 8.5.1 and 9.0.0. Easily exploitable vulnerability allows low privileged ...
5 years ago

CVE-2010-2707 - Unspecified vulnerability on the HP ProCurve 2626 and 2650 switches before H.10.80 allows remote attackers to obtain sensitive information, modify data, and cause a denial of service via unknown vectors. Per: http://secunia.com/advisories/40865 ...
4 years ago

CVE-2017-2650 - It was found that the use of Pipeline: Classpath Step Jenkins plugin enables a bypass of the Script Security sandbox for users with SCM commit access, as well as users with e.g. Job/Configure permission in Jenkins. ...
4 years ago

CVE-2014-2650 - Unify OpenStage / OpenScape Desk Phone IP before V3 R3.11.0 SIP has an OS command injection vulnerability in the web based management interface ...
4 years ago

CVE-2010-2650 - Unspecified vulnerability in Google Chrome before 5.0.375.99 has unknown impact and attack vectors, related to an "annoyance with print dialogs." ...
4 years ago

CVE-2019-2650 - Vulnerability in the Oracle WebLogic Server component of Oracle Fusion Middleware (subcomponent: WLS - Web Services). Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0 and 12.2.1.3.0. Easily exploitable vulnerability allows ...
4 years ago

CVE-2007-2650 - The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as ...
3 years ago

CVE-2022-2650 - Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2. ...
1 year ago

CVE-2016-2650 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
54 years ago Tenable.com

CVE-2024-2650 - The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the alignment parameter in the Woo Product Carousel widget in all versions up ...
5 months ago Tenable.com

CVE-2020-2650 - Vulnerability in the Oracle Retail Customer Management and Segmentation Foundation product of Oracle Retail Applications (component: Promotions). The supported version that is affected is 16.0. Easily exploitable vulnerability allows unauthenticated ...
2 years ago

CVE-2023-2650 - Issue summary: Processing some specially crafted ASN.1 object identifiers or ...
8 months ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
9 months ago

Latest Cyber News

CVE-2024-9536 - 11 hours ago
CVE-2024-47377 - 11 hours ago
CVE-2024-47376 - 11 hours ago
CVE-2024-47375 - 11 hours ago
CVE-2024-47374 - 11 hours ago
CVE-2024-47373 - 11 hours ago
CVE-2024-47372 - 11 hours ago
CVE-2024-47371 - 11 hours ago
CVE-2024-47370 - 11 hours ago
CVE-2024-47369 - 11 hours ago
CVE-2024-47624 - 12 hours ago
CVE-2024-47623 - 12 hours ago
CVE-2024-47622 - 12 hours ago
CVE-2024-47621 - 12 hours ago
CVE-2024-47395 - 12 hours ago
CVE-2024-47394 - 12 hours ago
CVE-2024-47393 - 12 hours ago
CVE-2024-47392 - 12 hours ago
CVE-2024-47391 - 12 hours ago
CVE-2024-47390 - 12 hours ago

Cyber Trends (last 7 days)

Okta - 10 months ago
23andMe - 10 months ago
Kimsuky - 10 months ago
LogoFAIL - 9 months ago
Gh0st rat - 10 months ago

Trending Cyber News (last 7 days)

CVE-2024-9536 - 11 hours ago
CVE-2024-47377 - 11 hours ago
CVE-2024-47376 - 11 hours ago
CVE-2024-47375 - 11 hours ago
CVE-2024-47374 - 11 hours ago
CVE-2024-47373 - 11 hours ago
CVE-2024-47372 - 11 hours ago
CVE-2024-47371 - 11 hours ago
CVE-2024-47370 - 11 hours ago
CVE-2024-47369 - 11 hours ago
CVE-2024-9535 - 13 hours ago
CVE-2024-9534 - 13 hours ago
CVE-2024-47630 - 13 hours ago
CVE-2024-47629 - 13 hours ago
CVE-2024-47628 - 13 hours ago
CVE-2024-47627 - 13 hours ago
CVE-2024-47626 - 13 hours ago
CVE-2024-47625 - 13 hours ago
CVE-2024-47624 - 12 hours ago
CVE-2024-47623 - 12 hours ago