Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    6 vulnerabilities by v3_chat

    CVE-2006-6995 (GCVE-0-2006-6995)

    Vulnerability from nvd – Published: 2007-02-12 11:00 – Updated: 2024-08-07 20:50
    VLAI
    Summary
    mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/18543 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/437755/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/2474 vdb-entryx_refsource_VUPEN
    Date Public
    2006-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:50:05.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18543"
              },
              {
                "name": "20060617 V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
              },
              {
                "name": "ADV-2006-2474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2474"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18543"
            },
            {
              "name": "20060617 V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
            },
            {
              "name": "ADV-2006-2474",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2474"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18543"
                },
                {
                  "name": "20060617 V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
                },
                {
                  "name": "ADV-2006-2474",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2474"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6995",
        "datePublished": "2007-02-12T11:00:00.000Z",
        "dateReserved": "2007-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:50:05.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3365 (GCVE-0-2006-3365)

    Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:23
    VLAI
    Summary
    V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:23:21.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "v3chat-index-path-disclosure(27395)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
              },
              {
                "name": "18543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18543"
              },
              {
                "name": "1016340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016340"
              },
              {
                "name": "20060617 V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
              },
              {
                "name": "ADV-2006-2474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2474"
              },
              {
                "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "v3chat-index-path-disclosure(27395)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
            },
            {
              "name": "18543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18543"
            },
            {
              "name": "1016340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016340"
            },
            {
              "name": "20060617 V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
            },
            {
              "name": "ADV-2006-2474",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2474"
            },
            {
              "name": "20060622 Re: V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3365",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "v3chat-index-path-disclosure(27395)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
                },
                {
                  "name": "18543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18543"
                },
                {
                  "name": "1016340",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016340"
                },
                {
                  "name": "20060617 V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
                },
                {
                  "name": "ADV-2006-2474",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2474"
                },
                {
                  "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3365",
        "datePublished": "2006-07-06T20:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:23:21.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3366 (GCVE-0-2006-3366)

    Vulnerability from nvd – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:23
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/18543 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1016340 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/437755/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/2474 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/438069/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:23:21.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18543"
              },
              {
                "name": "1016340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016340"
              },
              {
                "name": "20060617 V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
              },
              {
                "name": "ADV-2006-2474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2474"
              },
              {
                "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when \"editing a profile\"; and (7) cust_name parameter in (h) messenger/expire.php.  NOTE: The vendor disputes the vectors involving files in the messenger directory, stating \"... the referenced folder \u0027messenger\u0027 was never available to the general public...\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18543"
            },
            {
              "name": "1016340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016340"
            },
            {
              "name": "20060617 V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
            },
            {
              "name": "ADV-2006-2474",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2474"
            },
            {
              "name": "20060622 Re: V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when \"editing a profile\"; and (7) cust_name parameter in (h) messenger/expire.php.  NOTE: The vendor disputes the vectors involving files in the messenger directory, stating \"... the referenced folder \u0027messenger\u0027 was never available to the general public...\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18543"
                },
                {
                  "name": "1016340",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016340"
                },
                {
                  "name": "20060617 V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
                },
                {
                  "name": "ADV-2006-2474",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2474"
                },
                {
                  "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3366",
        "datePublished": "2006-07-06T20:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:23:21.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-6995 (GCVE-0-2006-6995)

    Vulnerability from cvelistv5 – Published: 2007-02-12 11:00 – Updated: 2024-08-07 20:50
    VLAI
    Summary
    mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/18543 vdb-entryx_refsource_BID
    http://www.securityfocus.com/archive/1/437755/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/2474 vdb-entryx_refsource_VUPEN
    Date Public
    2006-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T20:50:05.696Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18543"
              },
              {
                "name": "20060617 V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
              },
              {
                "name": "ADV-2006-2474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2474"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-16T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18543"
            },
            {
              "name": "20060617 V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
            },
            {
              "name": "ADV-2006-2474",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2474"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-6995",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "mycontacts.php in V3 Chat allows remote authenticated users to gain privileges as other users via a modified membername parameter."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18543"
                },
                {
                  "name": "20060617 V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
                },
                {
                  "name": "ADV-2006-2474",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2474"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-6995",
        "datePublished": "2007-02-12T11:00:00.000Z",
        "dateReserved": "2007-02-12T00:00:00.000Z",
        "dateUpdated": "2024-08-07T20:50:05.696Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3365 (GCVE-0-2006-3365)

    Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:23
    VLAI
    Summary
    V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2006-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:23:21.280Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "v3chat-index-path-disclosure(27395)",
                "tags": [
                  "vdb-entry",
                  "x_refsource_XF",
                  "x_transferred"
                ],
                "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
              },
              {
                "name": "18543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18543"
              },
              {
                "name": "1016340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016340"
              },
              {
                "name": "20060617 V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
              },
              {
                "name": "ADV-2006-2474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2474"
              },
              {
                "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "v3chat-index-path-disclosure(27395)",
              "tags": [
                "vdb-entry",
                "x_refsource_XF"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
            },
            {
              "name": "18543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18543"
            },
            {
              "name": "1016340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016340"
            },
            {
              "name": "20060617 V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
            },
            {
              "name": "ADV-2006-2474",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2474"
            },
            {
              "name": "20060622 Re: V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3365",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "V3 Chat allows remote attackers to obtain the installation path via (1) an invalid id parameter to mail/index.php or (2) membername parameter to messenger/online.php, which displays the path in an error page due to an incorrect SQL statement."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "v3chat-index-path-disclosure(27395)",
                  "refsource": "XF",
                  "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27395"
                },
                {
                  "name": "18543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18543"
                },
                {
                  "name": "1016340",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016340"
                },
                {
                  "name": "20060617 V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
                },
                {
                  "name": "ADV-2006-2474",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2474"
                },
                {
                  "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3365",
        "datePublished": "2006-07-06T20:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:23:21.280Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2006-3366 (GCVE-0-2006-3366)

    Vulnerability from cvelistv5 – Published: 2006-07-06 20:00 – Updated: 2024-08-07 18:23
    VLAI
    Summary
    Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when "editing a profile"; and (7) cust_name parameter in (h) messenger/expire.php. NOTE: The vendor disputes the vectors involving files in the messenger directory, stating "... the referenced folder 'messenger' was never available to the general public...".
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    URL Tags
    http://www.securityfocus.com/bid/18543 vdb-entryx_refsource_BID
    http://securitytracker.com/id?1016340 vdb-entryx_refsource_SECTRACK
    http://www.securityfocus.com/archive/1/437755/100… mailing-listx_refsource_BUGTRAQ
    http://www.vupen.com/english/advisories/2006/2474 vdb-entryx_refsource_VUPEN
    http://www.securityfocus.com/archive/1/438069/100… mailing-listx_refsource_BUGTRAQ
    Date Public
    2006-06-17 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T18:23:21.239Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "18543",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/18543"
              },
              {
                "name": "1016340",
                "tags": [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
                  "x_transferred"
                ],
                "url": "http://securitytracker.com/id?1016340"
              },
              {
                "name": "20060617 V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
              },
              {
                "name": "ADV-2006-2474",
                "tags": [
                  "vdb-entry",
                  "x_refsource_VUPEN",
                  "x_transferred"
                ],
                "url": "http://www.vupen.com/english/advisories/2006/2474"
              },
              {
                "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                "tags": [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2006-06-17T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when \"editing a profile\"; and (7) cust_name parameter in (h) messenger/expire.php.  NOTE: The vendor disputes the vectors involving files in the messenger directory, stating \"... the referenced folder \u0027messenger\u0027 was never available to the general public...\"."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2018-10-18T14:57:01.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "18543",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/18543"
            },
            {
              "name": "1016340",
              "tags": [
                "vdb-entry",
                "x_refsource_SECTRACK"
              ],
              "url": "http://securitytracker.com/id?1016340"
            },
            {
              "name": "20060617 V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
            },
            {
              "name": "ADV-2006-2474",
              "tags": [
                "vdb-entry",
                "x_refsource_VUPEN"
              ],
              "url": "http://www.vupen.com/english/advisories/2006/2474"
            },
            {
              "name": "20060622 Re: V3Chat Instant Messenger - XSS",
              "tags": [
                "mailing-list",
                "x_refsource_BUGTRAQ"
              ],
              "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2006-3366",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Multiple cross-site scripting (XSS) vulnerabilities in V3 Chat allow remote attackers to inject arbitrary web script or HTML via crafted HTML tags, as demonstrated by the IMG tag, in the (1) id parameter in (a) mail/index.php and (b) mail/reply.php; (2) login_id parameter in (c) members/is_online.php; (3) site_id parameter in (d) messenger/online.php, (e) messenger/search.php, and (f) messenger/profile.php; (4) contact_name parameter in messenger/search.php; (5) membername parameter in (g) messenger/profileview.php; (6) unspecified parameters used when \"editing a profile\"; and (7) cust_name parameter in (h) messenger/expire.php.  NOTE: The vendor disputes the vectors involving files in the messenger directory, stating \"... the referenced folder \u0027messenger\u0027 was never available to the general public...\"."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "18543",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/18543"
                },
                {
                  "name": "1016340",
                  "refsource": "SECTRACK",
                  "url": "http://securitytracker.com/id?1016340"
                },
                {
                  "name": "20060617 V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/437755/100/200/threaded"
                },
                {
                  "name": "ADV-2006-2474",
                  "refsource": "VUPEN",
                  "url": "http://www.vupen.com/english/advisories/2006/2474"
                },
                {
                  "name": "20060622 Re: V3Chat Instant Messenger - XSS",
                  "refsource": "BUGTRAQ",
                  "url": "http://www.securityfocus.com/archive/1/438069/100/200/threaded"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2006-3366",
        "datePublished": "2006-07-06T20:00:00.000Z",
        "dateReserved": "2006-07-06T00:00:00.000Z",
        "dateUpdated": "2024-08-07T18:23:21.239Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }