CyberSecurityBoard
Sponsor Register Login

CVE-2006-3562

PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and versions than CVE-2006-2645 and CVE-2006-0725.

Publication date: Thu, 13 Jul 2006 06:05:00 +0000


Cyber News related to CVE-2006-3562

CVE-2006-4533 - Multiple PHP remote file inclusion vulnerabilities in Plume CMS 1.0.6 and earlier allow remote attackers to execute arbitrary PHP code via the _PX_config[manager_path] parameter to (1) articles.php, (2) categories.php, (3) news.php, (4) prefs.php, ...
14 years ago
CVE-2006-3562 - PHP remote file inclusion vulnerabilities in plume cms 1.0.4 allow remote attackers to execute arbitrary PHP code via a URL in the _PX_config[manager_path] parameter to (1) index.php, (2) rss.php, or (3) search.php, a different set of vectors and ...
7 years ago
CVE-2010-3574 - Unspecified vulnerability in the Networking component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. ...
7 years ago
CVE-2005-3562 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-2955. Reason: This candidate is a reservation duplicate of CVE-2005-2955. Notes: All CVE users should reference CVE-2005-2955 instead of this candidate. All references and ...
56 years ago Tenable.com
CVE-2016-3562 - Unspecified vulnerability in the RDBMS Security and SQL*Plus components in Oracle Database Server 11.2.0.4 and 12.1.0.2 allows remote administrators to affect confidentiality via vectors related to DBA. ...
8 years ago
CVE-2008-3562 - Directory traversal vulnerability in index.php in the Contact module in Chupix CMS 0.1.0, when magic_quotes_gpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the mods parameter. NOTE: the ...
8 years ago
CVE-2011-3562 - Unspecified vulnerability in the Portal component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.6, and 11.1.2.0 allows remote attackers to affect integrity via unknown vectors. ...
8 years ago
CVE-2012-3562 - Opera before 12.00 Beta allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted web page that is not properly handled during a reload, as demonstrated by a "multiple origin camera test" page. ...
8 years ago
CVE-2009-3562 - Cross-site scripting (XSS) vulnerability in Xerver HTTP Server 4.32 allows remote attackers to inject arbitrary web script or HTML via the currentPath parameter in a chooseDirectory action. ...
8 years ago
CVE-2018-3562 - Buffer over -read can occur while processing a FILS authentication frame in all Android releases from CAF (Android for MSM, Firefox OS for MSM, QRD Android) using the Linux Kernel. ...
7 years ago
CVE-2007-3562 - SQL injection vulnerability in videos.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. ...
7 years ago
CVE-2013-3562 - Multiple integer signedness errors in the tvb_unmasked function in epan/dissectors/packet-websocket.c in the Websocket dissector in Wireshark 1.8.x before 1.8.7 allow remote attackers to cause a denial of service (application crash) via a malformed ...
7 years ago
CVE-2019-3562 - A remote web page could inject arbitrary HTML code into the Oculus Browser UI, allowing an attacker to spoof UI and potentially execute code. This affects the Oculus Browser starting from version 5.2.7 until 5.7.11. ...
6 years ago
CVE-2020-3562 - A vulnerability in the SSL/TLS inspection of Cisco Firepower Threat Defense (FTD) Software for Cisco Firepower 2100 Series firewalls could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. ...
5 years ago
CVE-2010-3562 - Unspecified vulnerability in the 2D component in Oracle Java SE and Java for Business 6 Update 21, 5.0 Update 25, 1.4.2_27, and 1.3.1_28 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. NOTE: the ...
7 years ago
CVE-2017-3562 - Vulnerability in the Oracle Applications DBA component of Oracle E-Business Suite (subcomponent: AD Utilities). Supported versions that are affected are 12.1.3, 12.2.3, 12.2.4, 12.2.5 and 12.2.6. Easily exploitable vulnerability allows high ...
6 years ago
CVE-2020-25462 - Heap buffer overflow in the fxCheckArrowFunction function at moddable/xs/sources/xsSyntaxical.c:3562 in Moddable SDK before OS200903. ...
5 years ago
CVE-2022-3562 - Cross-site Scripting (XSS) - Stored in GitHub repository librenms/librenms prior to 22.10.0. ...
3 years ago
CVE-2014-3562 - Red Hat Directory Server 8 and 389 Directory Server, when debugging is enabled, allows remote attackers to obtain sensitive replicated metadata by searching the directory. ...
3 years ago
CVE-2023-3562 - A vulnerability has been found in GZ Scripts PHP CRM Platform 1.8 and classified as problematic. This vulnerability affects unknown code of the file /index.php. The manipulation of the argument action leads to cross site scripting. The attack can be ...
2 years ago
CVE-2024-3562 - The Custom Field Suite plugin for WordPress is vulnerable to PHP Code Injection in all versions up to, and including, 2.6.7 via the Loop custom field. This is due to insufficient sanitization of input prior to being used in a call to the eval() ...
1 year ago
CVE-2025-3562 - A vulnerability was found in Yonyou YonBIP MA2.7. It has been declared as problematic. Affected by this vulnerability is the function FileInputStream of the file /mobsm/common/userfile. The manipulation of the argument path leads to path traversal. ...
10 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
56 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
56 years ago Tenable.com
CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
2 years ago

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)