CVE-2006-4668

Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command.

Publication date: Sat, 09 Sep 2006 05:04:00 +0000

Cyber News related to CVE-2006-4668

CVE-2006-4668 - Cross-site scripting (XSS) vulnerability in index.php in Rob Hensley AckerTodo 4.0 allows remote attackers to inject arbitrary web script or HTML via the task_id parameter in an edit_task command. ...
6 years ago

CVE-2005-4668 - The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845. ...
16 years ago

CVE-2010-4668 - The blk_rq_map_user_iov function in block/blk-map.c in the Linux kernel before 2.6.37-rc7 allows local users to cause a denial of service (panic) via a zero-length I/O request in a device ioctl to a SCSI device, related to an unaligned map. NOTE: ...
4 years ago

CVE-2017-9977 - AVG AntiVirus for MacOS with scan engine before 4668 might allow remote attackers to bypass malware detection by leveraging failure to scan inside disk image (aka DMG) files. ...
3 years ago

CVE-2007-4668 - Unspecified vulnerability in the server in Firebird before 2.0.2 allows remote attackers to determine the existence of arbitrary files, and possibly obtain other "file access," via unknown vectors, aka CORE-1312. ...
13 years ago

CVE-2012-4668 - Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email. ...
12 years ago

CVE-2014-4668 - The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty ...
7 years ago

CVE-2011-4668 - IBM Tivoli Netcool/Reporter 2.2 before 2.2.0.8 allows remote attackers to execute arbitrary code via vectors related to an unspecified CGI program used with the Apache HTTP Server. ...
7 years ago

CVE-2008-4668 - Directory traversal vulnerability in the Image Browser (com_imagebrowser) 0.1.5 component for Joomla! allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder parameter to index.php. ...
7 years ago

CVE-2015-4668 - Open redirect vulnerability in Xsuite 2.4.4.5 and earlier allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redirurl parameter. ...
6 years ago

CVE-2009-4668 - Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary code via a long ID3 tag in an MP3 file. NOTE: some of these details are obtained from third party information. ...
6 years ago

CVE-2019-4668 - IBM UrbanCode Deploy (UCD) 7.0.4.0 stores user credentials in plain in clear text which can be read by a local user. IBM X-Force ID: 171250. ...
4 years ago

CVE-2013-4668 - Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a ...
3 years ago

CVE-2020-4668 - IBM Sterling B2B Integrator Standard Edition 6.0.0.0 through 6.0.3.5, 6.1.0.0 through 6.1.0.3, and 6.1.1.0 is vulnerable to cross-site request forgery which could allow an attacker to execute malicious and unauthorized actions transmitted from a user ...
2 years ago

CVE-2022-4668 - The Easy Appointments WordPress plugin before 3.11.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site ...
1 year ago

CVE-2018-4668 - ** REJECT ** This candidate is unused by its CNA. ...
1 year ago

CVE-2023-4668 - The Ad Inserter for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.7.30 via the ai-debug-processing-fe URL parameter. This can allow unauthenticated attackers to extract sensitive data including ...
1 year ago

CVE-2016-4668 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2016. Notes: none ...
54 years ago Tenable.com

CVE-2017-4668 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
54 years ago Tenable.com

CVE-2024-4668 - The Gum Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Price Table and Post Slider widgets in all versions up to, and including, 1.3.4 due to insufficient input sanitization and output escaping on user ...
6 months ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

Latest Cyber News

CVE-2024-31892 - 23 hours ago
CVE-2024-31891 - 23 hours ago
CVE-2024-11721 - 1 day ago
CVE-2024-11720 - 1 day ago
CVE-2024-12446 - 1 day ago
CVE-2024-12628 - 1 day ago
CVE-2024-11711 - 1 day ago
CVE-2024-11712 - 1 day ago
CVE-2024-11713 - 1 day ago
CVE-2024-11714 - 1 day ago
CVE-2024-11715 - 1 day ago
CVE-2024-11710 - 1 day ago
CVE-2024-10690 - 1 day ago
CVE-2024-11752 - 1 day ago
CVE-2024-12422 - 1 day ago
CVE-2024-12459 - 1 day ago
CVE-2024-12474 - 1 day ago
CVE-2024-12501 - 1 day ago
CVE-2024-10646 - 1 day ago
CVE-2024-12578 - 1 day ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2022-43472 - 1 day ago
CVE-2022-44578 - 1 day ago
CVE-2022-45806 - 1 day ago
CVE-2022-45819 - 1 day ago
CVE-2022-45826 - 1 day ago
CVE-2022-45840 - 1 day ago
CVE-2022-45841 - 1 day ago
CVE-2022-46795 - 1 day ago
CVE-2022-46796 - 1 day ago
CVE-2022-46807 - 1 day ago
CVE-2022-46811 - 1 day ago
CVE-2022-46838 - 1 day ago
CVE-2022-46840 - 1 day ago
CVE-2022-46846 - 1 day ago
CVE-2022-47168 - 1 day ago
CVE-2022-47176 - 1 day ago
CVE-2022-47182 - 1 day ago
CVE-2022-47429 - 1 day ago
CVE-2022-47594 - 1 day ago
CVE-2023-22697 - 1 day ago