Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-26 | CVE-2006-2615 | Remote Arbitrary Command Execution vulnerability in Russcom Ping ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter. | 7.5 |
| 2006-05-26 | CVE-2006-2614 | Local Password Disclosure vulnerability in SUN N1 System Manager 1.1 Sun N1 System Manager 1.1 for Solaris 10 before patch 121161-01 records system passwords in the world-readable scripts (1) /cr/hd_jobs_db.sh, (2) /cr/hd_plan_checkin.sh, and (3) /cr/oracle_plan_checkin.sh, which allows local users to obtain System Manager passwords. | 4.6 |
| 2006-05-26 | CVE-2006-2613 | Information Exposure vulnerability in multiple products Mozilla Suite 1.7.13, Mozilla Firefox 1.5.0.3 and possibly other versions before before 1.8.0, and Netscape 7.2 and 8.1, and possibly other versions and products, allows remote user-assisted attackers to obtain information such as the installation path by causing exceptions to be thrown and checking the message contents. | 4.3 |
| 2006-05-26 | CVE-2006-2612 | Local Security vulnerability in Novell Client 4.8/4.9 Novell Client for Windows 4.8 and 4.9 does not restrict access to the clipboard contents while a machine is locked, which allows users with physical access to read the current clipboard contents by pasting them into the "User Name" field on the login prompt. | 2.1 |
| 2006-05-26 | CVE-2006-2611 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in includes/Sanitizer.php in the variable handler in MediaWiki 1.6.x before r14349 allows remote attackers to inject arbitrary Javascript via unspecified vectors, possibly involving the usage of the | (pipe) character. network mediawiki | 4.3 |
| 2006-05-26 | CVE-2006-2610 | Cross-Site Scripting vulnerability in Spiffyjr PHPraid 2.9.5 Cross-site scripting (XSS) vulnerability in view.php in phpRaid 2.9.5 allows remote attackers to inject arbitrary web script or HTML via the (1) URL query string and the (2) Sort parameter. | 2.6 |
| 2006-05-26 | CVE-2006-2609 | Remote Security vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1.2 artmedic newsletter 4.1.2 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the email parameter to newsletter_log.php. | 5.1 |
| 2006-05-26 | CVE-2006-2608 | Remote Script Execution vulnerability in Artmedic Webdesign Artmedic Newsletter 4.1 artmedic newsletter 4.1 and possibly other versions, when register_globals is enabled, allows remote attackers to modify arbitrary files and execute arbitrary PHP code via the logfile parameter in a direct request to log.php, which causes the $logfile variable to be redefined to an attacker-controlled value, as demonstrated by injecting PHP code into info.php. | 5.1 |
| 2006-05-25 | CVE-2006-2607 | Local Privilege Escalation vulnerability in Paul Vixie Cron 4.1 do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf. | 7.2 |
| 2006-05-25 | CVE-2006-2606 | HTML Injection vulnerability in Chatty 1.0.2 Cross-site scripting (XSS) vulnerability in Chatty, possibly 1.0.2 and other versions, allows remote attackers to inject arbitrary web script or HTML via the username. network chatty | 4.3 |