Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6364 | Cross-Site Scripting vulnerability in Inside Systems Inside Systems Mail2.0 Cross-site scripting (XSS) vulnerability in error.php in Inside Systems Mail (ISMail) 2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the error parameter. network inside-systems | 6.8 |
| 2006-12-07 | CVE-2006-6363 | Cross-Site Scripting vulnerability in BlueSocket BSC 2100 Admin.PL Cross-site scripting (XSS) vulnerability in admin.pl in BlueSocket Secure Controller (BSC) before 5.2, or without 5.1.1-BluePatch, allows remote attackers to inject arbitrary web script or HTML via the ad_name parameter. network bluesocket | 6.8 |
| 2006-12-07 | CVE-2006-6361 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Bitflux Upload Progress Meter 8215/8275 Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests. | 10.0 |
| 2006-12-07 | CVE-2006-6360 | Remote File Include vulnerability in Sergey Korostel PHP Upload Center 2.0 PHP remote file inclusion vulnerability in activate.php in PHP Upload Center 2.0 allows remote attackers to execute arbitrary PHP code via a URL in the footerpage parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6359 | Cross-Site Scripting vulnerability in Stefan Frech Online-Bookmarks 0.6.12 Cross-site scripting (XSS) vulnerability in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
| 2006-12-07 | CVE-2006-6358 | Input Validation vulnerability in Stefan Frech Online-Bookmarks 0.6.12 SQL injection vulnerability in the login function in auth.inc in Stefan Frech online-bookmarks 0.6.12 allows remote attackers to execute arbitrary SQL commands via the (1) username and possibly the (2) password parameter. | 7.5 |
| 2006-12-07 | CVE-2006-6235 | A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory. | 10.0 |
| 2006-12-07 | CVE-2006-6357 | Cross-Site Scripting vulnerability in PHPNews Cross-site scripting (XSS) vulnerability in templates/cat_temp.php in PHPNews 1.3.0 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network phpnews | 6.8 |
| 2006-12-07 | CVE-2006-6356 | Cross-Site Scripting vulnerability in PHPnews 1.3 Multiple cross-site scripting (XSS) vulnerabilities in templates/link_temp.php in PHPNews 1.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) url, (2) id, (3) subject, (4) username, or (5) time parameter. network phpnews | 6.8 |
| 2006-12-07 | CVE-2006-6355 | SQL Injection vulnerability in DUClassmate ICity Parameter SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. | 10.0 |