Show filters
240 Total Results
Displaying 221-230 of 240
Sort by:
Attacker Value
Unknown

CVE-2006-3056

Disclosure Date: June 16, 2006 (last updated October 04, 2023)
SQL injection vulnerability in language.php in VBZooM 1.01 allows remote attackers to execute arbitrary SQL commands via the Action parameter.
0
0
Attacker Value
Unknown

CVE-2006-3054

Disclosure Date: June 16, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in VBZooM 1.11 allow remote attackers to execute arbitrary SQL commands via the (1) sobjectID or (2) MAINID parameters to (a) show.php or (3) MainID parameter to (b) subject.php.
0
0
Attacker Value
Unknown

CVE-2006-3055

Disclosure Date: June 16, 2006 (last updated October 04, 2023)
Multiple SQL injection vulnerabilities in VBZooM 1.02 allow remote attackers to execute arbitrary SQL commands via the (1) QuranID, (2) ShowByQuranID, or (3) Action parameters to meaning.php.
0
0
Attacker Value
Unknown

CVE-2006-1269

Disclosure Date: March 19, 2006 (last updated February 22, 2025)
Buffer overflow in the parse function in parse.c in zoo 2.10 might allow local users to execute arbitrary code via long filename command line arguments, which are not properly handled during archive creation. NOTE: since this issue is local and not setuid, the set of attack scenarios is limited, although is reasonable to expect that there are some situations in which the zoo user might automatically list attacker-controlled filenames to add to the zoo archive.
0
0
Attacker Value
Unknown

CVE-2006-1132

Disclosure Date: March 10, 2006 (last updated February 22, 2025)
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729.
0
0
Attacker Value
Unknown

CVE-2006-1133

Disclosure Date: March 10, 2006 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in vbzoom 1.11 allow remote attackers to inject arbitrary web script or HTML via the UserID parameter to (1) comment.php or (2) contact.php. NOTE: the profile.php/UserName vector is already covered by CVE-2005-2441.
0
0
Attacker Value
Unknown

CVE-2006-0855

Disclosure Date: February 23, 2006 (last updated February 22, 2025)
Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected.
0
0
Attacker Value
Unknown

CVE-2005-4729

Disclosure Date: December 31, 2005 (last updated February 22, 2025)
SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.
0
0
Attacker Value
Unknown

CVE-2005-2441

Disclosure Date: August 03, 2005 (last updated February 22, 2025)
Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.
0
0
Attacker Value
Unknown

CVE-2004-2190

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
0
0
View More Topics  < Previous  Next >