Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-22 | CVE-2006-2504 | SQL Injection vulnerability in AZBoard List.ASP Multiple SQL injection vulnerabilities in mono AZBOARD 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) search and (2) cate parameters to (a) list.asp, and the (3) id and cate parameters to (b) admin_ok.asp. | 7.5 |
| 2006-05-22 | CVE-2006-2503 | SQL Injection vulnerability in Deluxebb 1.06 SQL injection vulnerability in misc.php in DeluxeBB 1.06 allows remote attackers to execute arbitrary SQL commands via the name parameter. | 7.5 |
| 2006-05-22 | CVE-2006-2185 | Local Information Disclosure vulnerability in Novell Netware 6.5 PORTAL.NLM in Novell Netware 6.5 SP5 writes the username and password in cleartext to the abend.log log file when the groupOperationsMethod function fails, which allows context-dependent attackers to gain privileges. | 4.0 |
| 2006-05-22 | CVE-2006-2502 | Remote Buffer Overflow vulnerability in Cyrus Imapd 2.3.2 Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command. | 5.1 |
| 2006-05-22 | CVE-2006-1858 | Improper Input Validation vulnerability in Linux Kernel SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a chunk length that is inconsistent with the actual length of provided parameters. | 7.8 |
| 2006-05-22 | CVE-2006-1857 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Buffer overflow in SCTP in Linux kernel before 2.6.16.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a malformed HB-ACK chunk. | 9.0 |
| 2006-05-20 | CVE-2006-2501 | Cross-Site Scripting vulnerability in Sun ONE and Sun Java System Applications Error Page Cross-site scripting (XSS) vulnerability in Sun ONE Web Server 6.0 SP9 and earlier, Java System Web Server 6.1 SP4 and earlier, Sun ONE Application Server 7 Platform and Standard Edition Update 6 and earlier, and Java System Application Server 7 2004Q2 Standard and Enterprise Edition Update 2 and earlier, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving error messages. network sun | 6.8 |
| 2006-05-20 | CVE-2006-2500 | HTML Injection vulnerability in Xfairguy Codeavalanche News 1.2 Cross-site scripting (XSS) vulnerability in add_news.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to inject arbitrary web script or HTML via the Headline field. network xfairguy | 6.8 |
| 2006-05-20 | CVE-2006-2499 | SQL Injection vulnerability in Xfairguy Codeavalanche News 1.2 SQL injection vulnerability in default.asp in CodeAvalanche News (CANews) 1.2 allows remote attackers to execute arbitrary SQL commands via the password field. | 7.5 |
| 2006-05-20 | CVE-2006-2498 | Arbitrary PHP Code Execution vulnerability in Invision Power Board Invision Power Board (IPB) before 2.1.6 allows remote attackers to execute arbitrary PHP script via attack vectors involving (1) the post_icon variable in classes/post/class_post.php and (2) the df value in action_public/moderate.php. | 6.4 |