CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-3950
https://notcve.org/view.php?id=CVE-2006-3950
01 Aug 2006 — SQL injection vulnerability in x-statistics.php in X-Scripts X-Statistics 1.20 allows remote attackers to execute arbitrary SQL commands via the User-Agent HTTP header. Vulnerabilidad de inyección SQL en x-statistics.php en X-Scripts X-Statistics 1.20 permite a atacantes remotos ejecutar comandos SQL a través de la cabecera HTTP User-Agent. • http://archives.neohapsis.com/archives/fulldisclosure/2006-07/0722.html •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2006-3959 – X-Scripts X-Protection 1.10 - 'Protect.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-3959
01 Aug 2006 — SQL injection vulnerability in protect.php in X-Scripts X-Protection 1.10, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameter. Vulnerabilidad de inyección SQL en protect.php en X-Scripts X-Protection 1.10, con magic_quotes_gpc desactivado, permite a atacanets remotos ejecutar comandos SQL de su elecciòn a través de los parámetros (1) username y (2) password. • https://www.exploit-db.com/exploits/28303 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 3CVE-2006-3960 – X-Scripts X-Poll 1.10 - 'top.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-3960
01 Aug 2006 — SQL injection vulnerability in top.php in X-Scripts X-Poll, probably 2.30, allows remote attackers to execute arbitrary SQL commands via the poll parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. Vulnerabilidad de inyección SQL en top.phpn en X-Scripts X-Poll, posiblemente 2.30, permite a atacantes remotos ejecutar comandos SQL de su elección a tracés del parámetro poll. NOTA: la procedencia de esta información es desconocida; los detalles... • https://www.exploit-db.com/exploits/28304 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 1CVE-2006-2281
https://notcve.org/view.php?id=CVE-2006-2281
09 May 2006 — X-Scripts X-Poll (xpoll) 2.30 allows remote attackers to execute arbitrary PHP code by using admin/images/add.php to upload a PHP file, then access it. • http://attrition.org/pipermail/vim/2006-May/000752.html • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2006-2176 – PHP Linkliste 1.0 - 'Linkliste.php' Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2176
04 May 2006 — Multiple cross-site scripting (XSS) vulnerabilities in links.php in PHP Linkliste 1.0b allow remote attackers to inject arbitrary web script or HTML via the (1) new_input, (2) new_url, or (3) new_name parameter. • https://www.exploit-db.com/exploits/27812 •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0CVE-2006-1526
https://notcve.org/view.php?id=CVE-2006-1526
02 May 2006 — Buffer overflow in the X render (Xrender) extension in X.org X server 6.8.0 up to allows attackers to cause a denial of service (crash), as demonstrated by the (1) XRenderCompositeTriStrip and (2) XRenderCompositeTriFan requests in the rendertest from XCB xcb/xcb-demo, which leads to an incorrect memory allocation due to a typo in an expression that uses a "&" instead of a "*" operator. NOTE: the subject line of the original announcement used an incorrect CVE number for this issue. • http://lists.freedesktop.org/archives/xorg/2006-May/015136.html •
CVSS: 9.8EPSS: 7%CPEs: 2EXPL: 1CVE-2006-1592
https://notcve.org/view.php?id=CVE-2006-1592
03 Apr 2006 — Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. • http://aluigi.altervista.org/adv/zdaebof-adv.txt •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 1CVE-2006-1593 – Zdaemon 1.8.1 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-1593
03 Apr 2006 — The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index. • https://www.exploit-db.com/exploits/27547 • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2006-0745 – X.Org X11 (X11R6.9.0/X11R7.0) - Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2006-0745
21 Mar 2006 — X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile. • https://www.exploit-db.com/exploits/1596 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0197
https://notcve.org/view.php?id=CVE-2006-0197
13 Jan 2006 — The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. • http://www.securityfocus.com/archive/1/421256/100/0/threaded •