Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2514 | File-Upload vulnerability in Coppermine Photo Gallery Coppermine galleries before 1.4.6, when running on Apache with mod_mime installed, allows remote attackers to upload arbitrary files via a filename with multiple file extensions. | 7.5 |
| 2006-05-22 | CVE-2006-2513 | Authentication Bypass vulnerability in SUN Java System Directory Server 5.2 Unspecified vulnerability in the installation process in Sun Java System Directory Server 5.2 causes wrong user data to be written to a file created by the installation, which allows remote attackers or local users to gain privileges. | 7.5 |
| 2006-05-22 | CVE-2006-2512 | SQL Injection vulnerability in Hitachi EUR SQL injection vulnerability in Hitachi EUR Professional Edition, EUR Viewer, EUR Print Service, and EUR Print Service for ILF allows remote authenticated users to execute arbitrary SQL commands via unknown attack vectors. | 6.5 |
| 2006-05-22 | CVE-2006-2511 | File-Upload vulnerability in Iheat The ActiveX version of FrontRange iHEAT allows remote authenticated users to run arbitrary programs or access arbitrary files on the host machine by uploading a file with an extension that is not associated with an application, and selecting a file from the "Open With..." dialog. | 6.5 |
| 2006-05-22 | CVE-2006-2510 | HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script Cross-site scripting (XSS) vulnerability in the URL submission form in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to inject arbitrary web script or HTML via an unspecified form for submitting URLs. network yourfreeworld | 6.8 |
| 2006-05-22 | CVE-2006-2509 | HTML Injection vulnerability in YourFreeWorld Short Url & Url Tracker Script SQL injection vulnerability in login.php in YourFreeWorld.com Short Url & Url Tracker Script allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-05-22 | CVE-2006-2508 | HTML Injection vulnerability in YourFreeWorld Stylish Text Ads Script SQL injection vulnerability in tr1.php in YourFreeWorld.com Stylish Text Ads Script allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly involving an attack vector using advertise.php. | 6.4 |
| 2006-05-22 | CVE-2006-2507 | Remote File Include vulnerability in Foing Multiple PHP remote file inclusion vulnerabilities in Teake Nutma Foing 0.2.0 through 0.7.0, as used with phpBB, allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) index.php, (2) song.php, (3) faq.php, (4) list.php, (5) gen_m3u.php, and (6) playlist.php. | 7.5 |
| 2006-05-22 | CVE-2006-2506 | Cross-Site Scripting vulnerability in Sphider Multiple cross-site scripting (XSS) vulnerabilities in search.php in Sphider allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO and (2) the category parameter. | 6.8 |
| 2006-05-22 | CVE-2006-2505 | SQL Injection vulnerability in Oracle Database Server Release2 Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package. | 3.6 |