Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2533 | HTML Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0 Cross-site scripting (XSS) vulnerability in (1) addWeblog.php and (2) leaveComments.php in Destiney Rated Images Script 0.5.0 does not properly filter all vulnerable HTML tags, which allows remote attackers to inject arbitrary web script or HTML via Javascript in a DIV tag. network greg-donald | 5.8 |
| 2006-05-22 | CVE-2006-2532 | SQL-Injection vulnerability in Greg Donald Destiney Rated Images Script 0.5.0 stats.php in Destiney Rated Images Script 0.5.0 allows remote attackers to obtain the installation path via an invalid s parameter, which displays the path in an error message. | 6.4 |
| 2006-05-22 | CVE-2006-2531 | Authentication Bypass vulnerability in Ipswitch Whatsup Professional2006 Ipswitch WhatsUp Professional 2006 only verifies the user's identity via HTTP headers, which allows remote attackers to spoof being a trusted console and bypass authentication by setting HTTP User-Agent header to "Ipswitch/1.0" and the User-Application header to "NmConsole". | 7.5 |
| 2006-05-22 | CVE-2006-2530 | Permissions, Privileges, and Access Controls vulnerability in Snitz Communications Avatar MOD 1.3 avatar_upload.asp in Avatar MOD 1.3 for Snitz Forums 3.4, and possibly other versions, allows remote attackers to bypass file type checks and upload arbitrary files via a null byte in the file name, as discovered by the Codescan product. | 5.0 |
| 2006-05-22 | CVE-2006-2529 | Unspecified vulnerability in Fckeditor 2.2 editor/filemanager/upload/php/upload.php in FCKeditor before 2.3 Beta, when the upload feature is enabled, does not verify the Type parameter, which allows remote attackers to upload arbitrary file types. | 5.0 |
| 2006-05-22 | CVE-2006-1520 | Remote Security vulnerability in Libspf 1.0.0P4 Format string vulnerability in ANSI C Sender Policy Framework library (libspf) before 1.0.0-p5, when debugging is enabled, allows remote attackers to execute arbitrary code via format string specifiers, possibly in an e-mail address. | 6.4 |
| 2006-05-22 | CVE-2006-2528 | Remote File Include vulnerability in Smartisoft PHPbazar 2.1.0 PHP remote file inclusion vulnerability in classified_right.php in phpBazar 2.1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the language_dir parameter. | 6.4 |
| 2006-05-22 | CVE-2006-2527 | Unspecified vulnerability in Smartisoft PHPbazar 2.1.0 Admin/admin.php in phpBazar 2.1.0 and earlier allows remote attackers to bypass the authentication process and gain unauthorized access to the administrative section by setting the action parameter to edit_member and the value parameter to 1. | 7.5 |
| 2006-05-22 | CVE-2006-2526 | Remote File Include vulnerability in Power Place PHP Easy Galerie 1.1 PHP remote file inclusion vulnerability in index.php in PHP Easy Galerie 1.1 allows remote attackers to execute arbitrary PHP code via a URL in the includepath parameter. | 6.4 |
| 2006-05-22 | CVE-2006-2525 | SQL-Injection vulnerability in Usebb 1.0Rc1 SQL injection vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to execute arbitrary SQL commands via the member list search module. | 6.4 |