Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-23 | CVE-2006-2542 | Denial-Of-Service vulnerability in TI KAN Xmcd 2.6.17.1 xmcdconfig in xmcd for Debian GNU/Linux 2.6-17.1 creates /var/lib/cddb and /var/lib/xmcd/discog with world writable permissions, which allows local users to cause a denial of service (disk consumption). | 2.1 |
| 2006-05-23 | CVE-2006-2541 | SQL Injection vulnerability in John Andersson Zixforum 1.12 SQL injection vulnerability in settings.asp in Zixforum 1.12 allows remote attackers to execute arbitrary SQL commands via the layid parameter to (1) login.asp and (2) main.asp. | 7.5 |
| 2006-05-23 | CVE-2006-2540 | Information Disclosure vulnerability in Diesel Job Site Privacy leak in install.php for Diesel PHP Job Site sends sensitive information such as user credentials to an e-mail address controlled by the product developers. | 5.0 |
| 2006-05-23 | CVE-2006-0747 | Numeric Errors vulnerability in Freetype Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values. | 5.0 |
| 2006-05-22 | CVE-2006-2539 | Unspecified vulnerability in Sybase Easerver 5.0/5.2/5.3 Sybase EAServer 5.0 for HP-UX Itanium, 5.2 for IBM AIX, HP-UX PA-RISC, Linux x86, and Sun Solaris SPARC, and 5.3 for Sun Solaris SPARC does not properly protect passwords when they are being entered via the GUI, which allows local users to obtain the cleartext passwords via the getSelectedText function in javax.swing.JPasswordField component. | 3.5 |
| 2006-05-22 | CVE-2006-2538 | Denial-Of-Service vulnerability in Ie Tab IE Tab 1.0.9 plugin for Mozilla Firefox 1.5.0.3 allows remote user-assisted attackers to cause a denial of service (application crash), possibly due to a null dereference, via certain Javascript, as demonstrated using a url parameter to the content/reloaded.html page in a chrome:// URI. | 2.6 |
| 2006-05-22 | CVE-2006-2537 | Format String vulnerability in Beats Of Rage Multiple format string vulnerabilities in (a) OpenBOR 2.0046 and earlier, (b) Beats of Rage (BOR) 1.0029 and earlier, and (c) Horizontal Shooter BOR (HOR) 2.0000 and earlier allow remote attackers to execute code via format string specifiers in configurations used in various mod files, as demonstrated by the (1) music identifier in data/scenes/intro.txt, which is not properly handled in the update function, and (2) background identifier in data/easy/1aeasy.txt, which is not properly handled in the shutdown function. | 7.5 |
| 2006-05-22 | CVE-2006-2536 | HTML Injection vulnerability in Greg Donald Destiney Links Script 2.1.2 Cross-site scripting (XSS) vulnerability in Destiney Links Script 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) "Search" (term parameter in index.php) and (2) "Add a Site" (add.php) fields. network greg-donald | 5.8 |
| 2006-05-22 | CVE-2006-2535 | Information Exposure vulnerability in Greg Donald Destiney Links Script 2.1.2 index.php in Destiney Links Script 2.1.2 allows remote attackers to obtain the installation path via an invalid show parameter referencing a non-existent file, which reveals the path in the resulting error message. | 5.0 |
| 2006-05-22 | CVE-2006-2534 | Remote Security vulnerability in Greg Donald Destiney Links Script 2.1.2 Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the (1) include and (2) themes/original directories. | 5.0 |