Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-28 | CVE-2006-6781 | Input Validation vulnerability in Hlstats 1.20/1.34 HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message. | 5.0 |
2006-12-28 | CVE-2006-6780 | Input Validation vulnerability in Hlstats 1.20/1.34 SQL injection vulnerability in the login form in HLstats 1.20 through 1.34 allows remote attackers to execute arbitrary SQL commands via the killLimit parameter. | 7.5 |
2006-12-28 | CVE-2006-6779 | Unspecified vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. network jelsoft | 6.8 |
2006-12-28 | CVE-2006-6778 | Cross-Site Scripting vulnerability in Timberwolf 1.2.2 Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. network timberwolf | 6.8 |
2006-12-28 | CVE-2006-6777 | Input Validation vulnerability in Future Internet Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. network future-internet | 6.8 |
2006-12-28 | CVE-2006-6776 | Input Validation vulnerability in Future Internet Multiple SQL injection vulnerabilities in Future Internet allow remote attackers to execute arbitrary SQL commands via the (1) newsId or (2) categoryid parameter in a Portal.Showpage action in index.cfm, or (3) the langId parameter in index.cfm. | 7.5 |
2006-12-27 | CVE-2006-6775 | Remote Denial of Service vulnerability in Acftp 1.5 acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command. network acftp | 3.5 |
2006-12-27 | CVE-2006-6774 | Remote File Include vulnerability in Ciberia Content Federator 1.0 PHP remote file inclusion vulnerability in socios/maquetacion_socio.php (members/maquetacion_member.php) in Ciberia Content Federator 1.0 allows remote attackers to execute arbitrary PHP code via the path parameter. network ciberia | 6.8 |
2006-12-27 | CVE-2006-6773 | Unspecified vulnerability in Fishyshoop 0.930Beta pages/register/register.php in Fishyshoop 0.930 beta allows remote attackers to create arbitrary administrative users by setting the is_admin HTTP POST parameter to 1. | 7.5 |
2006-12-27 | CVE-2006-6771 | Remote File Include vulnerability in Irokez CMS 0.7.1 Multiple PHP remote file inclusion vulnerabilities in Irokez CMS 0.7.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[PTH][func] parameter in (a) scripts/gallery.scr.php; the (2) GLOBALS[PTH][spaw] parameter in (b) scripts/xtextarea.scr.php; and the (3) GLOBALS[PTH][classes] parameter in (c) sitemap.scr.php, (d) news.scr.php, (e) polls.scr.php, (f) rss.scr.php, (g) search.scr.php in scripts/, and (h) form.fun.php, (i) general.func.php, (j) groups.func.php, (k) js.func.php, (l) sections.func.php, and (m) users.func.php in functions/. network irokez | 6.8 |