CVE-2006-4007

PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter.

Publication date: Tue, 08 Aug 2006 00:04:00 +0000

Cyber News related to CVE-2006-4007

CVE-2006-4007 - PHP remote file inclusion vulnerability in index.php in Knusperleicht Guestbook 3.5 allows remote attackers to execute arbitrary PHP code via a URL in the GB_PATH parameter. ...
5 years ago

CVE-2021-4007 - Rapid7 Insight Agent, versions 3.0.1 to 3.1.2.34, suffer from a local privilege escalation due to an uncontrolled DLL search path. Specifically, when Insight Agent versions 3.0.1 to 3.1.2.34 start, the Python interpreter attempts to load python3.dll ...
2 years ago

CVE-2010-4007 - Oracle Mojarra uses an encrypted View State without a Message Authentication Code (MAC), which makes it easier for remote attackers to perform successful modifications of the View State via a padding oracle attack, a related issue to CVE-2010-2057. ...
13 years ago

CVE-2009-4007 - Unspecified vulnerability in the NormaliseTrainConsist function in src/train_cmd.cpp in OpenTTD before 0.7.5-RC1 allows remote attackers to cause a denial of service (daemon crash) via certain game actions involving a wagon and a dual-headed engine. ...
14 years ago

CVE-2012-4007 - The mixi application before 4.3.0 for Android allows remote attackers to read potentially sensitive information in friends' comments via a crafted application that leverages the storage of these comments on an SD card. ...
11 years ago

CVE-2005-4007 - Multiple unspecified vulnerabilities in SAPID CMS before 1.2.3.03, related to newly registered users and possibly authorization checks, have unknown impact and attack vectors involving (1) mvc/controller/user_request_analysis.inc.php and (2) ...
11 years ago

CVE-2008-4007 - Unspecified vulnerability in the PeopleSoft Enterprise Components component in Oracle PeopleSoft Enterprise and JD Edwards EnterpriseOne 8.9.18 allows remote authenticated users to affect confidentiality, integrity, and availability via unknown ...
11 years ago

CVE-2011-4007 - Cisco IOS 15.0 and 15.1 and IOS XE 3.x do not properly handle the "set mpls experimental imposition" command, which allows remote attackers to cause a denial of service (device crash) via network traffic that triggers (1) fragmentation or (2) ...
11 years ago

CVE-2014-4007 - The SAP Upgrade tools for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors. ...
10 years ago

CVE-2013-4007 - Cross-site scripting (XSS) vulnerability in adv_sw.php in the Advanced Management Module (AMM) with firmware BBET before BBET64G and BPET before BPET64G for IBM BladeCenter systems allows remote attackers to inject arbitrary web script or HTML via ...
6 years ago

CVE-2007-4007 - PHP remote file inclusion vulnerability in index.php in Article Directory (Article Site Directory) allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. ...
6 years ago

CVE-2016-4007 - Multiple unspecified vulnerabilities in the obs-service-extract_file package before 0.3-5.1 in openSUSE Leap 42.1 and before 0.3-3.1 in openSUSE 13.2 allow attackers to execute arbitrary commands via a service definition, related to executing unzip ...
5 years ago

CVE-2018-4007 - An exploitable privilege escalation vulnerability exists in the Shimo VPN 4.1.5.1 helper service in the deleteConfig functionality. The program is able to delete any protected file on the system. An attacker would need local access to the machine to ...
1 year ago

CVE-2022-4007 - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed ...
1 year ago

CVE-2023-4007 - Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.16. ...
11 months ago

CVE-2017-4007 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-4007 - Default credential in install package in ABB ASPECT; NEXUS Series; MATRIX Series version 3.07 allows attacker to login to product instances wrongly configured. ...
4 days ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
6 months ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-5424 - Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than ...
6 years ago

Latest Cyber News

CVE-2024-39182 - 8 hours ago
CVE-2024-33862 - 8 hours ago
CVE-2023-52169 - 8 hours ago
CVE-2023-52168 - 8 hours ago
CVE-2024-6387 - 8 hours ago
CVE-2024-0986 - 8 hours ago
CVE-2023-33281 - 10 hours ago
CVE-2023-30402 - 10 hours ago
CVE-2024-6505 - 11 hours ago
CVE-2024-6426 - 11 hours ago
CVE-2024-5753 - 11 hours ago
CVE-2023-26756 - 11 hours ago
CVE-2024-39022 - 12 hours ago
CVE-2024-39020 - 12 hours ago
CVE-2024-39019 - 12 hours ago
CVE-2024-34361 - 12 hours ago
CVE-2024-39696 - 12 hours ago
CVE-2024-39691 - 12 hours ago
CVE-2024-39689 - 12 hours ago
CVE-2024-39023 - 12 hours ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-39182 - 8 hours ago
CVE-2024-33862 - 8 hours ago
CVE-2024-5753 - 11 hours ago
CVE-2024-39687 - 13 hours ago
CVE-2024-39321 - 13 hours ago
CVE-2024-39174 - 13 hours ago
CVE-2024-37903 - 13 hours ago
CVE-2024-39022 - 12 hours ago
CVE-2024-39020 - 12 hours ago
CVE-2024-39019 - 12 hours ago
CVE-2024-34361 - 12 hours ago
CVE-2024-39696 - 12 hours ago
CVE-2024-39691 - 12 hours ago
CVE-2024-39689 - 12 hours ago
CVE-2024-39023 - 12 hours ago
CVE-2024-39021 - 12 hours ago
CVE-2024-39210 - 14 hours ago
CVE-2024-37768 - 14 hours ago
CVE-2024-29319 - 14 hours ago
CVE-2024-29318 - 14 hours ago