CVE-2006-5865

PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter.

Publication date: Sat, 11 Nov 2006 07:07:00 +0000

Cyber News related to CVE-2006-5865

CVE-2006-5865 - PHP remote file inclusion vulnerability in language.inc.php in MyAlbum 3.02 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the langs_dir parameter. ...
6 years ago

CVE-2009-3357 - Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, ...
5 years ago

CVE-2014-5865 - The Ask.com (aka com.ask.android) application 2.2.5 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. ...
9 years ago

CVE-2015-5865 - IOGraphics in Apple OS X before 10.11 allows attackers to obtain sensitive kernel memory-layout information via a crafted app. ...
7 years ago

CVE-2017-5865 - The password reset functionality in ownCloud Server before 8.1.11, 8.2.x before 8.2.9, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 sends different error messages depending on whether the username is valid, which allows remote attackers to enumerate ...
7 years ago

CVE-2012-5865 - SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action. ...
6 years ago

CVE-2013-5865 - Unspecified vulnerability in Oracle Solaris 11.1 allows local users to affect availability via unknown vectors related to Utility/User administration. ...
6 years ago

CVE-2008-5865 - SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to ...
6 years ago

CVE-2018-5865 - While processing a debug log event from firmware in all Android releases from CAF using the Linux kernel (Android for MSM, Firefox OS for MSM, QRD Android) before security patch level 2018-07-05, an integer underflow and/or buffer over-read can ...
5 years ago

CVE-2019-5865 - Insufficient policy enforcement in navigations in Google Chrome prior to 76.0.3809.87 allowed a remote attacker who had compromised the renderer process to bypass site isolation via a crafted HTML page. ...
2 years ago

CVE-2020-5865 - In versions prior to 3.3.0, the NGINX Controller is configured to communicate with its Postgres database server over unencrypted channels, making the communicated data vulnerable to interception via man-in-the-middle (MiTM) attacks. ...
2 years ago

CVE-2023-5865 - Insufficient Session Expiration in GitHub repository thorsten/phpmyfaq prior to 3.2.2. ...
8 months ago

CVE-2024-5865 - Vulnerability in Delinea Centrify PAS v. 21.3 and possibly others. The application is prone to the path traversal vulnerability allowing arbitrary files reading outside the web publish directory. Versions 23.1-HF7 and on have the patch. ...
5 days ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
54 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
54 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
7 months ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
5 years ago

CVE-2006-5424 - Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than ...
6 years ago

CVE-2006-6653 - The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which ...
12 years ago

CVE-2006-0264 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0259. Reason: This candidate is subsumed by CVE-2006-0259. An error during initial CVE analysis used the wrong set of affected versions for "DB10". Notes: All CVE users ...
54 years ago Tenable.com

CVE-2007-0913 - Unspecified vulnerability in Microsoft Powerpoint allows remote user-assisted attackers to execute arbitrary code via unknown attack vectors, as exploited by Trojan.PPDropper.G. NOTE: as of 20070213, it is not clear whether this is the same issue as ...
15 years ago

CVE-2007-4168 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-4168. Reason: This candidate is a duplicate of CVE-2006-4168. It was inadvertently used in a vendor advisory when the "2006" year was intended. Notes: All CVE users ...
54 years ago Tenable.com

Latest Cyber News

CVE-2024-40614 - 2 hours ago
CVE-2024-40605 - 17 hours ago
CVE-2024-40604 - 17 hours ago
CVE-2024-40603 - 17 hours ago
CVE-2024-40602 - 17 hours ago
CVE-2024-40601 - 17 hours ago
CVE-2024-40600 - 17 hours ago
CVE-2024-40599 - 17 hours ago
CVE-2024-40598 - 17 hours ago
CVE-2024-40596 - 17 hours ago
CVE-2024-40597 - 17 hours ago
CVE-2024-6095 - 23 hours ago
CVE-2024-37554 - 1 day ago
CVE-2024-37553 - 1 day ago
CVE-2024-37547 - 1 day ago
CVE-2024-37546 - 1 day ago
CVE-2024-37542 - 1 day ago
CVE-2024-37541 - 1 day ago
CVE-2024-37539 - 1 day ago
CVE-2024-39486 - 1 day ago

Cyber Trends (last 7 days)

Okta - 7 months ago
23andMe - 7 months ago
Kimsuky - 7 months ago
LogoFAIL - 6 months ago
Gh0st rat - 7 months ago

Trending Cyber News (last 7 days)

CVE-2024-40614 - 2 hours ago
CVE-2024-40605 - 17 hours ago
CVE-2024-40604 - 17 hours ago
CVE-2024-40603 - 17 hours ago
CVE-2024-40602 - 17 hours ago
CVE-2024-40601 - 17 hours ago
CVE-2024-40600 - 17 hours ago
CVE-2024-40599 - 17 hours ago
CVE-2024-40598 - 17 hours ago
CVE-2024-40596 - 17 hours ago
CVE-2024-40597 - 17 hours ago
CVE-2024-6095 - 23 hours ago
CVE-2024-37553 - 1 day ago
CVE-2024-37554 - 1 day ago
CVE-2024-37547 - 1 day ago
CVE-2024-37546 - 1 day ago
CVE-2024-37542 - 1 day ago
CVE-2024-37541 - 1 day ago
CVE-2024-37539 - 1 day ago
CVE-2024-39486 - 1 day ago