Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6382 | Unspecified vulnerability in Positive Software H-Sphere 2.4.3 The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. | 6.8 |
| 2006-12-07 | CVE-2006-6381 | Directory Traversal vulnerability in Ultimate HelpDesk Directory traversal vulnerability in getfile.asp in Ultimate HelpDesk allows remote attackers to read arbitrary files via a .. | 7.5 |
| 2006-12-07 | CVE-2006-6380 | Cross-Site Scripting vulnerability in Ultimate HelpDesk Index.ASP Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. network ultimate-helpdesk | 6.8 |
| 2006-12-07 | CVE-2006-6378 | Remote Security vulnerability in Widcomm Btsavemysql 1.2 BTSaveMySql 1.2 stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain configuration and save files via direct requests. | 7.5 |
| 2006-12-07 | CVE-2006-6377 | Unspecified vulnerability in Uploadscript Uploadscript 1.2 and earlier stores sensitive data under the web root with insufficient access control, which allows remote attackers to obtain the admin password hash via a direct request for /password.txt. | 7.5 |
| 2006-12-07 | CVE-2006-6376 | Directory Traversal vulnerability in Onedotoh Simple File Manager 0.24A Multiple directory traversal vulnerabilities in fm.php in Simple File Manager (SFM) 0.24a allow remote attackers to use ".." sequences to (1) read arbitrary files via the filename parameter in a download action, (2) delete arbitrary files via the delete parameter, and (3) modify arbitrary files via the edit parameter, which can be leveraged to execute arbitrary code. | 7.5 |
| 2006-12-07 | CVE-2006-6375 | HTML Injection vulnerability in SMF Image File Cross-site scripting (XSS) vulnerability in display.php in Simple Machines Forum (SMF) 1.1 Final and earlier allows remote attackers to inject arbitrary web script or HTML via the contents of a file that is uploaded with the image parameter set, which can be interpreted as script by Internet Explorer's automatic type detection. network simple-machines | 6.8 |
| 2006-12-07 | CVE-2006-6374 | Remote Security vulnerability in PHPmyadmin 2.7.0Pl2 Multiple CRLF injection vulnerabilities in PhpMyAdmin 2.7.0-pl2 allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a phpMyAdmin cookie in (1) css/phpmyadmin.css.php, (2) db_create.php, (3) index.php, (4) left.php, (5) libraries/session.inc.php, (6) libraries/transformations/overview.php, (7) querywindow.php, (8) server_engines.php, and possibly other files. | 7.5 |
| 2006-12-07 | CVE-2006-6373 | Information Disclosure vulnerability in PHPmyadmin 2.7.0Pl2 PhpMyAdmin 2.7.0-pl2 allows remote attackers to obtain sensitive information via a direct request for libraries/common.lib.php, which reveals the path in an error message. | 5.0 |
| 2006-12-07 | CVE-2006-6372 | Cross-Site Scripting vulnerability in James Barnsley JAB Guest Book 20061205 Multiple cross-site scripting (XSS) vulnerabilities in pbguestbook.php in JAB Guest Book 20061205 allow remote attackers to inject arbitrary web script or HTML via the (1) topic or (2) message parameter. network james-barnsley | 6.8 |