CyberSecurityBoard
Sponsor Register Login

CVE-2006-3479

Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter in a del_block op on the block page in index.php. Upgrade to Nuked-Klan version 1.7.6 or 1.7 SP4.3

Publication date: Tue, 11 Jul 2006 01:05:00 +0000


Cyber News related to CVE-2006-3479

CVE-2006-3479 - Cross-site request forgery (CSRF) vulnerability in the del_block function in modules/Admin/block.php in Nuked-Klan 1.7.5 and earlier and 1.7 SP4.2 allows remote attackers to delete arbitrary "blocks" via a link with a modified bid parameter ...
7 years ago
CVE-2009-3488 - Cross-site scripting (XSS) vulnerability in the Bibliography (aka Biblio) module 6.x-1.6 for Drupal allows remote authenticated users, with certain content-creation privileges, to inject arbitrary web script or HTML via the Title field, probably a ...
7 years ago
CVE-2020-3479 - A vulnerability in the implementation of Multiprotocol Border Gateway Protocol (MP-BGP) for the Layer 2 VPN (L2VPN) Ethernet VPN (EVPN) address family in Cisco IOS Software and Cisco IOS XE Software could allow an unauthenticated, remote attacker to ...
1 year ago
CVE-2005-3479 - Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter. ...
16 years ago
CVE-2009-3479 - Cross-site scripting (XSS) vulnerability in Bibliography (Biblio) 5.x before 5.x-1.17 and 6.x before 6.x-1.6, a module for Drupal, allows remote attackers, with "create content displayed by the Bibliography module" permissions, to inject ...
15 years ago
CVE-2013-3479 - Cross-site request forgery (CSRF) vulnerability in the ShareThis plugin before 7.0.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify this plugin's settings. ...
11 years ago
CVE-2012-3479 - lisp/files.el in Emacs 23.2, 23.3, 23.4, and 24.1 automatically executes eval forms in local-variable sections when the enable-local-variables option is set to :safe, which allows user-assisted remote attackers to execute arbitrary Emacs Lisp code ...
10 years ago
CVE-2010-3479 - SQL injection vulnerability in list.php in BoutikOne 1.0 allows remote attackers to execute arbitrary SQL commands via the page parameter. ...
7 years ago
CVE-2016-3479 - Unspecified vulnerability in the Portable Clusterware component in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote attackers to affect availability via unknown vectors. ...
7 years ago
CVE-2011-3479 - Symantec pcAnywhere 12.5.x through 12.5.3, and IT Management Suite pcAnywhere Solution 7.0 (aka 12.5.x) and 7.1 (aka 12.6.x), uses world-writable permissions for product-installation files, which allows local users to gain privileges by modifying a ...
6 years ago
CVE-2008-3479 - Heap-based buffer overflow in the Microsoft Message Queuing (MSMQ) service (mqsvc.exe) in Microsoft Windows 2000 SP4 allows remote attackers to read memory contents and execute arbitrary code via a crafted RPC call, related to improper processing of ...
6 years ago
CVE-2007-3479 - Stack-based buffer overflow in PCSoft WinDEV 11 (01F110053p) allows user-assisted remote attackers to execute arbitrary code via a long string in the "used DLL" field in a WDP project file. ...
6 years ago
CVE-2019-3479 - Mitigates a potential remote code execution issue in ArcSight Logger versions prior to 6.7. ...
3 years ago
CVE-2014-3479 - The cdf_check_stream_offset function in cdf.c in file before 5.19, as used in the Fileinfo component in PHP before 5.4.30 and 5.5.x before 5.5.14, relies on incorrect sector-size data, which allows remote attackers to cause a denial of service ...
2 years ago
CVE-2021-3479 - There's a flaw in OpenEXR's Scanline API functionality in versions before 3.0.0-beta. An attacker who is able to submit a crafted file to be processed by OpenEXR could trigger excessive consumption of memory, resulting in an impact to system ...
1 year ago
CVE-2022-3479 - A vulnerability found in nss. By this security vulnerability, nss client auth crash without a user certificate in the database and this can lead us to a segmentation fault or crash. ...
8 months ago
CVE-2023-3479 - Cross-site Scripting (XSS) - Reflected in GitHub repository hestiacp/hestiacp prior to 1.7.8. ...
1 year ago
CVE-2017-3479 - Vulnerability in the Oracle FLEXCUBE Private Banking component of Oracle Financial Services Applications (subcomponent: Miscellaneous). Supported versions that are affected are 2.0.0, 2.0.1, 2.2.0.1 and 12.0.1. Easily "exploitable" ...
5 years ago
CVE-2024-3479 - ...
6 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com
CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
11 months ago
CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)