Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-02 | CVE-2006-2772 | HTML Injection vulnerability in Hogstorps Hogstorp Guestbook 2.0 Cross-site scripting (XSS) vulnerability in add.asp in Hogstorps hogstorp guestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, and (3) headline parameters. network hogstorps | 6.8 |
| 2006-06-02 | CVE-2006-2771 | Unspecified vulnerability in Hogstorps Hogstorp Guestbook 2.0 admin/radera/tabort.asp in Hogstorps hogstorp guestbook 2.0 does not verify user credentials, which allows remote attackers to delete arbitrary posts via a modified delID parameter. | 6.4 |
| 2006-06-02 | CVE-2006-2770 | Directory Traversal vulnerability in PPPBlog Directory traversal vulnerability in randompic.php in pppBLOG 0.3.8 and earlier, when register_globals is enabled, allows remote attackers to read arbitrary files via a .. | 5.4 |
| 2006-06-02 | CVE-2006-2769 | Permissions, Privileges, and Access Controls vulnerability in Sourcefire Snort The HTTP Inspect preprocessor (http_inspect) in Snort 2.4.0 through 2.4.4 allows remote attackers to bypass "uricontent" rules via a carriage return (\r) after the URL and before the HTTP declaration. | 5.0 |
| 2006-06-02 | CVE-2006-2768 | Remote File Include vulnerability in IPW Systems Metajour 2.1 PHP remote file inclusion vulnerability in METAjour 2.1, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the (1) system_path parameter in a large number of files in the (a) app/edocument/, (b) app/eproject/, (c) app/erek/, and (d) extension/ directories, and the (2) GLOBALS[system_path] parameter in (e) extension/sitemap/sitemap.datatype.php. | 5.1 |
| 2006-06-02 | CVE-2006-2767 | Code Injection vulnerability in Ottoman 1.1.2 PHP remote file inclusion vulnerability in Ottoman 1.1.2, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the default_path parameter in (1) error.php, (2) index.php, and (3) classes/main_class.php. | 5.1 |
| 2006-06-02 | CVE-2006-2766 | Unspecified vulnerability in Microsoft IE and Internet Explorer Buffer overflow in INETCOMM.DLL, as used in Microsoft Internet Explorer 6.0 through 6.0 SP2, Windows Explorer, Outlook Express 6, and possibly other programs, allows remote user-assisted attackers to cause a denial of service (application crash) via a long mhtml URI in the URL value in a URL file. | 2.6 |
| 2006-06-02 | CVE-2006-2662 | Unspecified vulnerability in VMWare Server 1.0.1Build29996 VMware Server before RC1 does not clear user credentials from memory after a console connection is made, which might allow local attackers to gain privileges. | 4.6 |
| 2006-06-02 | CVE-2006-2765 | Cross-Site Scripting vulnerability in Interlink Advantage Cross-site scripting (XSS) vulnerability in news_information.php in Interlink Advantage allows remote attackers to inject arbitrary web script or HTML via the flag parameter. | 2.6 |
| 2006-06-02 | CVE-2006-2764 | Cross-Site Scripting vulnerability in Xander Ladage Guestbookxl 1.3 Cross-site scripting (XSS) vulnerability in GuestbookXL 1.3 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in an IMG tag in a comment field to (1) guestwrite.php or (2) guestbook.php. network xander-ladage | 4.3 |