CVE-2006-1433
https://notcve.org/view.php?id=CVE-2006-1433
Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. • http://osvdb.org/ref/24/24302-annuaire_directory.txt http://secunia.com/advisories/19548 http://www.osvdb.org/24302 https://exchange.xforce.ibmcloud.com/vulnerabilities/25668 •
CVE-2006-1434
https://notcve.org/view.php?id=CVE-2006-1434
Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). • http://osvdb.org/ref/24/24302-annuaire_directory.txt http://secunia.com/advisories/19548 http://www.osvdb.org/24303 http://www.securityfocus.com/bid/17393 https://exchange.xforce.ibmcloud.com/vulnerabilities/25669 •