Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2524 | Cross-Site Scripting vulnerability in Usebb 1.0Rc1 Cross-site scripting (XSS) vulnerability in UseBB 1.0 RC1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors when processing the user date format. network usebb | 6.8 |
| 2006-05-22 | CVE-2006-2523 | Remote Security vulnerability in Smartisoft PHPlistpro 2.0 PHP remote file inclusion vulnerability in config.php in phpListPro 2.0.1 and earlier, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary PHP code via a URL in the Language cookie. | 7.5 |
| 2006-05-22 | CVE-2006-2522 | Remote Security vulnerability in Dayfox Blog Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges. | 7.5 |
| 2006-05-22 | CVE-2006-2521 | Code Injection vulnerability in Accomplishtechnology PHPmydirectory PHP remote file inclusion vulnerability in cron.php in phpMyDirectory 10.4.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | 7.5 |
| 2006-05-22 | CVE-2006-2520 | Remote Directory Traversal vulnerability in BitZipper Directory traversal vulnerability in BitZipper 4.1.2 SR-1 and earlier allows remote attackers to create files in arbitrary directories via a .. | 5.0 |
| 2006-05-22 | CVE-2006-2519 | Local File Include vulnerability in PHPwcms 1.2.5Dev Directory traversal vulnerability in include/inc_ext/spaw/spaw_control.class.php in phpwcms 1.2.5-DEV allows remote attackers to include arbitrary local files via .. | 2.6 |
| 2006-05-22 | CVE-2006-2518 | Cross-Site Scripting vulnerability in PHPwcms 1.2.5Dev Cross-site scripting (XSS) vulnerability in phpwcms 1.2.5-DEV allows remote attackers to inject arbitrary web script or HTML via the BL[be_cnt_plainhtml] parameter to include/inc_tmpl/content/cnt6.inc.php. | 2.6 |
| 2006-05-22 | CVE-2006-2517 | SQL-Injection vulnerability in Myweb Portal Office SQL injection vulnerability in MyWeb Portal Office, Standard Edition, Public Edition, Medical Edition, Citizen Edition, School Edition, and Light Edition allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-05-22 | CVE-2006-2516 | Path Traversal vulnerability in Xoops mainfile.php in XOOPS 2.0.13.2 and earlier, when register_globals is enabled, allows remote attackers to overwrite variables such as $xoopsOption['nocommon'] and conduct directory traversal attacks or include PHP files via (1) xoopsConfig[language] to misc.php or (2) xoopsConfig[theme_set] to index.php, as demonstrated by injecting PHP sequences into a log file. | 5.1 |
| 2006-05-22 | CVE-2006-2515 | Cross-Site Scripting vulnerability in Hiox India Guest Book 3.1 Cross-site scripting (XSS) vulnerability in index.php in Hiox Guestbook 3.1 allows remote attackers to inject arbitrary web script or HTML via the input forms for signing the guestbook. network hiox-india | 6.8 |