CVE-2006-1568
published 2006-04-01CVE-2006-1568: Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1)…
PriorityP420medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
2.33%
81.4th percentile
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| redcms | redcms | — | — |
CVSS provenance
nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat5.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-g7gc-68gg-cxr8: Multiple cross-site scripting (XSS) vulnerabilities in register
ghsa_unreviewed·2022-05-01
CVE-2006-1568 [MEDIUM] GHSA-g7gc-68gg-cxr8: Multiple cross-site scripting (XSS) vulnerabilities in register
Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters.
Red Hat
strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
vendor_redhat·2018-09-24·CVSS 5.0
CVE-2018-16152 [MEDIUM] CWE-287 strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
strongswan: authentication bypass in verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c
In verify_emsa_pkcs1_signature() in gmp_rsa_public_key.c in the gmp plugin in strongSwan 4.x and 5.x before 5.7.0, the RSA implementation based on GMP does not reject excess data in the digestAlgorithm.parameters field during PKCS#1 v1.5 signature verification. Consequently, a remote attacker can forge signatures when small public exponents are being used, which could lead to impersonation when only an RSA signature is used for IKEv2 authentication. This is a variant of CVE-2006-4790 and CVE-2014-1568.
Package: strongimcv (Red Hat Enterprise Linux 7) - Not affected
No detection rules found.
http://evuln.com/vulns/115/summary.htmlhttp://secunia.com/advisories/19475http://securityreason.com/securityalert/708http://www.osvdb.org/24296http://www.securityfocus.com/archive/1/431001/100/0/threadedhttp://www.securityfocus.com/bid/17336http://www.vupen.com/english/advisories/2006/1186https://exchange.xforce.ibmcloud.com/vulnerabilities/25577http://evuln.com/vulns/115/summary.htmlhttp://secunia.com/advisories/19475http://securityreason.com/securityalert/708http://www.osvdb.org/24296http://www.securityfocus.com/archive/1/431001/100/0/threadedhttp://www.securityfocus.com/bid/17336http://www.vupen.com/english/advisories/2006/1186https://exchange.xforce.ibmcloud.com/vulnerabilities/25577
2006-04-01
Published