Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-24 | CVE-2006-2573 | SQL-Injection vulnerability in Dian Gemilang Dgbook 1.0 SQL injection vulnerability in index.php in DGBook 1.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the (1) name, (2) email, (3) homepage, (4) address, (5) comment, and (6) ip parameters. | 5.1 |
| 2006-05-24 | CVE-2006-2572 | HTML Injection vulnerability in Dian Gemilang Dgbook 1.0 Cross-site scripting (XSS) vulnerability in index.php in DGBook 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) homepage, (3) email, and (4) address parameters. | 2.6 |
| 2006-05-24 | CVE-2006-2571 | Cross-Site Scripting vulnerability in Opencms 6.0.0/6.0.2/6.0.3 Cross-site scripting (XSS) vulnerability in search.html in Alkacon OpenCms 6.0.0, 6.0.2, and 6.0.3 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search action. | 2.6 |
| 2006-05-24 | CVE-2006-2570 | Remote File Include vulnerability in Calogic Calendars 1.2.2 PHP remote file inclusion vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS["CLPath"] parameter to (1) reconfig.php and (2) srxclr.php. | 7.5 |
| 2006-05-24 | CVE-2006-2569 | SQL Injection vulnerability in Woltlab Burning Board Links.PHP SQL injection vulnerability in links.php in 4R Linklist 1.0 RC2 and earlier, a module for Woltlab Burning Board, allows remote attackers to execute arbitrary SQL commands via the cat parameter. | 7.5 |
| 2006-05-24 | CVE-2006-2568 | Remote File Include vulnerability in UBB.threads Addpost_newpoll.PHP PHP remote file inclusion vulnerability in addpost_newpoll.php in UBB.threads 6.4 through 6.5.2 and 6.5.1.1 (trial) allows remote attackers to execute arbitrary PHP code via a URL in the thispath parameter. | 5.1 |
| 2006-05-24 | CVE-2006-2549 | Denial-Of-Service vulnerability in PDF Tools AG PDF Form Filling and Flattening Tool 3.0 Stack-based buffer overflow in PDF Form Filling and Flattening Tool before 3.1.0.12 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via long field names. | 7.5 |
| 2006-05-24 | CVE-2006-2567 | Cross-Site Scripting vulnerability in Alstrasoft Article Manager PRO 1.6 Cross-site scripting (XSS) vulnerability in submit_article.php in Alstrasoft Article Manager Pro 1.6 allows remote attackers to inject arbitrary web script or HTML when submitting an article, as demonstrated using a javascript URI in a Cascading Style Sheets (CSS) property of a STYLE attribute of an element. network alstrasoft | 4.3 |
| 2006-05-24 | CVE-2006-2566 | Information Disclosure vulnerability in Alstrasoft Article Manager PRO 1.6 Alstrasoft Article Manager Pro 1.6 allows remote attackers to obtain sensitive information via (1) a quote character or possibly an invalid value in the action parameter in a request to mrarticles.php or (2) a login QUERY_STRING to admin.php without any additional parameters, which reveal the path in various error messages. | 5.0 |
| 2006-05-24 | CVE-2006-2565 | SQL-Injection vulnerability in Alstrasoft Article Manager PRO 1.6 SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote attackers to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. | 7.5 |