CyberSecurityBoard
Sponsor Register Login

CVE-2006-2983

PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Publication date: Tue, 13 Jun 2006 06:02:00 +0000


Cyber News related to CVE-2006-2983

CVE-2006-2983 - PHP remote file inclusion vulnerability in Enterprise Timesheet and Payroll Systems (EPS) 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the absolutepath parameter in cal.php. NOTE: the provenance of this ...
14 years ago
CVE-2013-2983 - Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling File Gateway 2.2 and Sterling B2B Integrator allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different issue than CVE-2013-0468. ...
11 years ago
CVE-2013-0468 - Cross-site scripting (XSS) vulnerability in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than ...
7 years ago
CVE-2010-2983 - The workgroup bridge (aka WGB) functionality in Cisco Unified Wireless Network (UWN) Solution 7.x before 7.0.98.0 allows remote attackers to cause a denial of service (dropped connection) via a series of spoofed EAPoL-Logoff frames, related to an ...
14 years ago
CVE-2012-2983 - file/edit_html.cgi in Webmin 1.590 and earlier does not perform an authorization check before showing a file's unedited contents, which allows remote attackers to read arbitrary files via the file field. ...
12 years ago
CVE-2015-2983 - Cross-site request forgery (CSRF) vulnerability in admin.php in PHP Kobo Photo Gallery CMS for PC, smartphone and feature phone 1.0.1 Free and earlier allows remote attackers to hijack the authentication of arbitrary users. ...
9 years ago
CVE-2005-2983 - SQL injection vulnerability in Oracle Reports that use Lexical References allows remote attackers to execute arbitrary SQL commands via the values in the parameter form that appears when the paramform parameter is set to yes. ...
1 year ago
CVE-2017-2983 - Adobe Shockwave versions 12.2.7.197 and earlier have an insecure library loading (DLL hijacking) vulnerability. Successful exploitation could lead to escalation of privilege. ...
8 years ago
CVE-2007-2983 - Multiple buffer overflows in the British Telecommunications Consumer webhelper ActiveX control before 2.0.0.8 in btwebcontrol.dll allow remote attackers to execute arbitrary code via unspecified vectors. ...
7 years ago
CVE-2011-2983 - Mozilla Firefox before 3.6.20, Thunderbird 2.x and 3.x before 3.1.12, SeaMonkey 1.x and 2.x, and possibly other products does not properly handle the RegExp.input property, which allows remote attackers to bypass the Same Origin Policy and read data ...
7 years ago
CVE-2008-2983 - SQL injection vulnerability in index.php in Demo4 CMS 01 Beta allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2016-2983 - IBM Tealeaf Customer Experience 8.7, 8.8, and 9.0.2 could allow a remote attacker under unusual circumstances to read operational data or TLS session state for any active sessions, cause denial of service, or bypass security. IBM X-Force ID: 113999. ...
7 years ago
CVE-2014-2983 - Drupal 6.x before 6.31 and 7.x before 7.27 does not properly isolate the cached data of different anonymous users, which allows remote anonymous users to obtain sensitive interim form input information in opportunistic situations via unspecified ...
4 years ago
CVE-2022-2983 - The Salat Times WordPress plugin before 3.2.2 does not sanitize and escapes its settings, allowing high-privilege users such as admin to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed. ...
2 years ago
CVE-2023-2983 - Privilege Defined With Unsafe Actions in GitHub repository pimcore/pimcore prior to 10.5.23. ...
2 years ago
CVE-2024-2983 - A vulnerability was found in Tenda FH1202 1.2.0.14(408) and classified as critical. Affected by this issue is the function formSetClientState of the file /goform/SetClientState. The manipulation of the argument deviceId/limitSpeed/limitSpeedUp leads ...
1 year ago
CVE-2025-2983 - A vulnerability has been found in Legrand SMS PowerView 1.x and classified as critical. Affected by this vulnerability is an unknown functionality. The manipulation of the argument redirect leads to os command injection. The exploit has been ...
3 months ago
CVE-2009-2983 - Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 allow attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via unspecified vectors. Per: ...
6 years ago
CVE-2020-2983 - Vulnerability in the Oracle Data Masking and Subsetting product of Oracle Enterprise Manager (component: Data Masking). Supported versions that are affected are 13.3.0.0 and 13.4.0.0. Easily exploitable vulnerability allows low privileged attacker ...
5 years ago
CVE-2019-2983 - Vulnerability in the Java SE, Java SE Embedded product of Oracle Java SE (component: Serialization). Supported versions that are affected are Java SE: 7u231, 8u221, 11.0.4 and 13; Java SE Embedded: 8u221. Difficult to exploit vulnerability allows ...
2 years ago
CVE-2025-22121 - In the Linux kernel, the following vulnerability has been resolved: ...
3 months ago
CVE-2024-37356 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com
CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)