CVE-2006-2990

Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter.

Publication date: Tue, 13 Jun 2006 06:02:00 +0000

Cyber News related to CVE-2006-2990

CVE-2006-2990 - Cross-site scripting (XSS) vulnerability in default.asp in VanillaSoft Helpdesk 2005 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter. ...
6 years ago

CVE-2005-2990 - AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user passwords in log files. ...
13 years ago

CVE-2012-2990 - The MASetupCaller ActiveX control before 1.4.2012.508 in MASetupCaller.dll in MarkAny ContentSAFER, as distributed in Samsung KIES before 2.3.2.12074_13_13, does not properly implement unspecified methods, which allows remote attackers to download an ...
11 years ago

CVE-2015-2990 - Directory traversal vulnerability in zhtml.cgi in NEOJAPAN desknet NEO 2.0R1.0 through 2.5R1.4 allows remote authenticated users to read arbitrary files via a crafted parameter. ...
8 years ago

CVE-2011-2990 - The implementation of Content Security Policy (CSP) violation reports in Mozilla Firefox 4.x through 5, SeaMonkey 2.x before 2.3, and possibly other products does not remove proxy-authorization credentials from the listed request headers, which ...
6 years ago

CVE-2008-2990 - PHP remote file inclusion vulnerability in facileforms.frame.php in the FacileForms (com_facileforms) component 1.4.4 for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the ff_compath parameter. ...
6 years ago

CVE-2007-2990 - Unspecified vulnerability in inetd in Sun Solaris 10 before 20070529 allows local users to cause a denial of service (daemon termination) via unspecified manipulations of the /var/run/.inetd.uds Unix domain socket file. ...
6 years ago

CVE-2010-2990 - Citrix Online Plug-in for Windows for XenApp & XenDesktop before 11.2, Citrix Online Plug-in for Mac for XenApp & XenDesktop before 11.0, Citrix ICA Client for Linux before 11.100, Citrix ICA Client for Solaris before 8.63, and Citrix ...
5 years ago

CVE-2009-2990 - Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors. Per: ...
5 years ago

CVE-2017-2990 - Adobe Flash Player versions 24.0.0.194 and earlier have an exploitable memory corruption vulnerability in the h264 decompression routine. Successful exploitation could lead to arbitrary code execution. ...
1 year ago

CVE-2022-2990 - An incorrect handling of the supplementary groups in the Buildah container engine might lead to the sensitive information disclosure or possible data modification if an attacker has direct access to the affected container where supplementary groups ...
1 year ago

CVE-2018-2990 - Vulnerability in the PeopleSoft Enterprise PeopleTools component of Oracle PeopleSoft Products (subcomponent: Integration Broker). Supported versions that are affected are 8.55 and 8.56. Difficult to exploit vulnerability allows unauthenticated ...
4 years ago

CVE-2019-2990 - Vulnerability in the Oracle iStore product of Oracle E-Business Suite (component: Order Tracker). Supported versions that are affected are 12.1.1-12.1.3 and 12.2.3-12.2.9. Easily exploitable vulnerability allows unauthenticated attacker with network ...
4 years ago

CVE-2023-2990 - Fortra Globalscape EFT versions before 8.1.0.16 suffer from a denial of service vulnerability, where a compressed message that decompresses to itself can cause infinite recursion and crash the service ...
1 year ago

CVE-2013-2990 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2013. Notes: none ...
54 years ago Tenable.com

CVE-2024-2990 - A vulnerability, which was classified as critical, was found in Tenda FH1203 2.0.1.6. This affects the function formexeCommand of the file /goform/execCommand. The manipulation of the argument cmdinput leads to stack-based buffer overflow. It is ...
3 months ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
6 months ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-5424 - Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than ...
6 years ago

CVE-2006-6653 - The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which ...
12 years ago

Latest Cyber News

Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities - 24 minutes ago
Indonesian government didn't backup ransomwared data The Register - 44 minutes ago
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - 44 minutes ago
Portainer: Open-source Docker and Kubernetes management - 44 minutes ago
Why every company needs a DDoS response plan - 44 minutes ago
Microsoft tells more customers their emails have been stolen The Register - 1 hour ago
Preparing for Q-Day as NIST nears approval of PQC standards - 2 hours ago
Infosec products of the month: June 2024 - 2 hours ago
CVE-2024-38525 - 5 hours ago
CVE-2024-6418 - 6 hours ago
CVE-2024-6417 - 6 hours ago
CVE-2023-48733 - 6 hours ago
Cybersecurity Today: Cyber Security Today, Week in Review for week ending Friday, June 28, 2024 - 7 hours ago
CVE-2024-6416 - 7 hours ago
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO - 8 hours ago
Google Chrome to let Isolated Web App access sensitive USB devices - 8 hours ago
CVE-2024-34703 - 8 hours ago
CVE-2024-28794 - 10 hours ago
CVE-2023-50964 - 10 hours ago
The dangers of voice fraud: We can't detect what we can't see - 10 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 6 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

Water Sigbin Hackers Exploit Oracle WebLogic Vulnerabilities - 24 minutes ago
Why every company needs a DDoS response plan - 44 minutes ago
Portainer: Open-source Docker and Kubernetes management - 44 minutes ago
Product showcase: Protect digital identities with Swissbit's iShield Key Pro - 44 minutes ago
Indonesian government didn't backup ransomwared data The Register - 44 minutes ago
Microsoft tells more customers their emails have been stolen The Register - 1 hour ago
Preparing for Q-Day as NIST nears approval of PQC standards - 2 hours ago
Infosec products of the month: June 2024 - 2 hours ago
CVE-2024-6416 - 7 hours ago
CVE-2024-6418 - 6 hours ago
CVE-2024-6417 - 6 hours ago
CVE-2024-34703 - 8 hours ago
Cybersecurity Today: Cyber Security Today, Week in Review for week ending Friday, June 28, 2024 - 7 hours ago
Generative AI is new attack vector endangering enterprises, says CrowdStrike CTO - 8 hours ago
CVE-2024-28797 - 11 hours ago
CVE-2023-50952 - 11 hours ago
CVE-2024-31898 - 11 hours ago
CVE-2023-50953 - 11 hours ago
CVE-2024-28794 - 10 hours ago
CVE-2023-50964 - 10 hours ago