CVE-2006-3319

Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter.

Publication date: Fri, 30 Jun 2006 06:05:00 +0000

Cyber News related to CVE-2006-3319

CVE-2006-6824 - Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, ...
6 years ago

CVE-2009-3319 - SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018. ...
6 years ago

CVE-2006-3319 - Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. ...
6 years ago

CVE-2021-3319 - DOS: Incorrect 802154 Frame Validation for Omitted Source / Dest Addresses. Zephyr versions > > v2.4.0 contain NULL Pointer Dereference (CWE-476), Attempt to Access Child of a Non-structure Pointer (CWE-588). For more information, see ...
2 years ago

CVE-2020-3319 - A vulnerability in Cisco Webex Network Recording Player and Cisco Webex Player for Microsoft Windows could allow an attacker to cause a process crash resulting in a Denial of service (DoS) condition for the player application on an affected system. ...
3 years ago

CVE-2010-3319 - IBM Records Manager (RM) 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file. ...
14 years ago

CVE-2011-3319 - Buffer overflow in the WRF parsing functionality in the Cisco WebEx Recording Format (WRF) player T26 before SP49 EP40 and T27 before SP28 allows remote attackers to execute arbitrary code via a crafted WRF file. ...
12 years ago

CVE-2007-3319 - The Avaya 4602SW IP Phone (Model 4602D02A) with 2.2.2 and earlier SIP firmware does not use the cnonce parameter in the Authorization header of SIP requests during MD5 digest authentication, which allows remote attackers to conduct man-in-the-middle ...
7 years ago

CVE-2012-3319 - IBM Rational Business Developer 8.x before 8.0.1.4 allows remote attackers to obtain potentially sensitive information via a connection to a web service created with the Rational Business Developer product. ...
7 years ago

CVE-2013-3319 - The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128. ...
7 years ago

CVE-2014-3319 - Directory traversal vulnerability in the Real-Time Monitoring Tool (RTMT) in Cisco Unified Communications Manager (CM) 10.0(1) allows remote authenticated users to read arbitrary files via a crafted URL, aka Bug ID CSCup57676. ...
7 years ago

CVE-2008-3319 - admin/index.php in Maian Links 3.1 and earlier allows remote attackers to bypass authentication and gain administrative access by sending an arbitrary links_cookie cookie. ...
7 years ago

CVE-2017-3319 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: X Plugin). Supported versions that are affected are 5.7.16 and earlier. Difficult to exploit vulnerability allows low privileged attacker with network access via ...
6 years ago

CVE-2015-3319 - Hotspot Express hotEx Billing Manager 73 does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. ...
6 years ago

CVE-2016-3319 - The PDF library in Microsoft Windows 8.1, Windows Server 2012 Gold and R2, Windows 10 Gold and 1511, and Microsoft Edge allows remote attackers to execute arbitrary code via a crafted PDF file, aka "Microsoft PDF Remote Code Execution ...
6 years ago

CVE-2005-3319 - The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file ...
6 years ago

CVE-2023-3319 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in iDisplay PlatPlay DS allows Stored XSS.This issue affects PlatPlay DS: before 3.14. ...
1 year ago

CVE-2024-3319 - An issue was identified in the Identity Security Cloud (ISC) Transform preview and IdentityProfile preview API endpoints that allowed an authenticated administrator to execute user-defined templates as part of attribute transforms which could allow ...
5 months ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
11 months ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

Latest Cyber News

CVE-2024-10146 - 17 hours ago
CVE-2024-9186 - 17 hours ago
CVE-2023-34049 - 18 hours ago
CVE-2024-5082 - 20 hours ago
CVE-2024-5083 - 21 hours ago
CVE-2024-40408 - 1 day ago
CVE-2024-40410 - 1 day ago
CVE-2024-40404 - 1 day ago
CVE-2024-40405 - 1 day ago
CVE-2024-40407 - 1 day ago
CVE-2024-50955 - 1 day ago
CVE-2024-50956 - 1 day ago
CVE-2024-51027 - 1 day ago
CVE-2024-45878 - 1 day ago
CVE-2024-45879 - 1 day ago
CVE-2024-52549 - 1 day ago
CVE-2024-52550 - 1 day ago
CVE-2024-52551 - 1 day ago
CVE-2024-52552 - 1 day ago
CVE-2024-52553 - 1 day ago

Cyber Trends (last 7 days)

Okta - 11 months ago
23andMe - 11 months ago
Kimsuky - 11 months ago
LogoFAIL - 11 months ago
Gh0st rat - 11 months ago

Trending Cyber News (last 7 days)

CVE-2024-10877 - 1 day ago
CVE-2024-9059 - 1 day ago
CVE-2024-9668 - 1 day ago
CVE-2024-9682 - 1 day ago
CVE-2024-11028 - 1 day ago
CVE-2024-8001 - 1 day ago
CVE-2024-11159 - 1 day ago
CVE-2024-48989 - 1 day ago
CVE-2024-11165 - 1 day ago
CVE-2024-48510 - 1 day ago
CVE-2024-48900 - 1 day ago
CVE-2024-49504 - 1 day ago
CVE-2024-49505 - 1 day ago
CVE-2024-49506 - 1 day ago
CVE-2024-50852 - 1 day ago
CVE-2024-50853 - 1 day ago
CVE-2024-50854 - 1 day ago
CVE-2024-9477 - 1 day ago
CVE-2024-10012 - 1 day ago
CVE-2024-10013 - 1 day ago