Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-24 | CVE-2006-2564 | HTML Injection vulnerability in Alstrasoft E-Friends 4.0 Multiple cross-site scripting (XSS) vulnerabilities in index.php in AlstraSoft E-Friends allow remote attackers to inject arbitrary web script or HTML by (1) posting a blog, (2) posting a listing, (3) posting an event, (4) adding comments, or (5) sending a message. network alstrasoft | 4.3 |
| 2006-05-24 | CVE-2006-1862 | Denial-Of-Service vulnerability in Linux Kernel 2.6.9 The virtual memory implementation in Linux kernel 2.6.x allows local users to cause a denial of service (panic) by running lsof a large number of times in a way that produces a heavy system load. | 4.9 |
| 2006-05-24 | CVE-2006-2314 | SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications that use multibyte encodings that allow the "\" (backslash) byte 0x5c to be the trailing byte of a multibyte character, such as SJIS, BIG5, GBK, GB18030, and UHC, which cannot be handled correctly by a client that does not understand multibyte encodings, aka a second variant of "Encoding-Based SQL Injection." NOTE: it could be argued that this is a class of issue related to interaction errors between the client and PostgreSQL, but a CVE has been assigned since PostgreSQL is treating this as a preventative measure against this class of problem. | 7.5 |
| 2006-05-24 | CVE-2006-2313 | SQL Injection vulnerability in PostgreSQL Multibyte Character Encoding PostgreSQL 8.1.x before 8.1.4, 8.0.x before 8.0.8, 7.4.x before 7.4.13, 7.3.x before 7.3.15, and earlier versions allows context-dependent attackers to bypass SQL injection protection methods in applications via invalid encodings of multibyte characters, aka one variant of "Encoding-Based SQL Injection." | 7.5 |
| 2006-05-24 | CVE-2006-2558 | HTML Injection vulnerability in Iplogger 1.7 Cross-site scripting (XSS) vulnerability in IpLogger 1.7 and earlier allows remote attackers to inject arbitrary HTML or web script via the User-Agent (useragent) header in an HTTP request, which is not filtered when the log files are viewed. network iplogger | 5.8 |
| 2006-05-24 | CVE-2006-2557 | Remote PHP Script Code Injection vulnerability in Florian Amrhein Newsportal 0.36 PHP remote file inclusion vulnerability in extras/poll/poll.php in Florian Amrhein NewsPortal before 0.37, and TR Newsportal (TRanx rebuilded), allows remote attackers to execute arbitrary PHP code via a URL in the file_newsportal parameter. | 6.4 |
| 2006-05-24 | CVE-2006-2556 | Cross-Site Scripting vulnerability in Florian Amrhein Newsportal 0.36 Cross-site scripting (XSS) vulnerability in Florian Amrhein NewsPortal before 0.37, and possibly TR Newsportal (TRanx rebuilded), allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network florian-amrhein | 5.8 |
| 2006-05-24 | CVE-2006-2555 | Remote Buffer Overflow and Denial Of Service vulnerability in Genecys The parse_command function in Genecys 0.2 and earlier allows remote attackers to cause a denial of service (crash) via a command with a missing ":" (colon) separator, which triggers a null dereference. | 5.0 |
| 2006-05-24 | CVE-2006-2554 | Remote Buffer Overflow and Denial Of Service vulnerability in Genecys 0.2 Buffer overflow in the tell_player_surr_changes function in Genecys 0.2 and earlier might allow remote attackers to execute arbitrary code via long arguments. | 6.4 |
| 2006-05-24 | CVE-2006-2553 | Cross-Site Scripting vulnerability in Jemscripts Downloadcontrol 1.0 Cross-site scripting (XSS) vulnerability in Jemscripts DownloadControl 1.0 allows remote attackers to inject arbitrary HTML or web script via the dcid parameter to dc.php. network jemscripts | 4.3 |