Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-20 | CVE-2006-2497 | Cross-Site Scripting vulnerability in Aspbb 0.5.2 Multiple cross-site scripting (XSS) vulnerabilities in AspBB 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) action parameter to default.asp or (2) get parameter to profile.asp. network aspbb | 5.8 |
| 2006-05-20 | CVE-2006-2496 | Buffer Overflow vulnerability in Novell Edirectory and Imonitor Buffer overflow in iMonitor 2.4 in Novell eDirectory 8.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unknown attack vectors. | 10.0 |
| 2006-05-20 | CVE-2006-2495 | Cross-Site Request Forgery vulnerability in Serendipity Cross-site request forgery (CSRF) vulnerability in the Entry Manager in Serendipity before 1.0-beta3 allows remote attackers to perform unauthorized actions as a logged-in user via a link or IMG tag. | 7.5 |
| 2006-05-20 | CVE-2006-2494 | Buffer Overflow vulnerability in IntelliTamper Map Files Stack-based buffer overflow in IntelliTamper 2.07 allows remote attackers to execute arbitrary code via a crafted .map file. | 5.1 |
| 2006-05-20 | CVE-2006-2492 | Classic Buffer Overflow vulnerability in Microsoft Office and Works Suite Buffer overflow in Microsoft Word in Office 2000 SP3, Office XP SP3, Office 2003 Sp1 and SP2, and Microsoft Works Suites through 2006, allows user-assisted attackers to execute arbitrary code via a malformed object pointer, as originally reported by ISC on 20060519 for a zero-day attack. | 8.8 |
| 2006-05-19 | CVE-2006-2491 | Cross-Site Scripting vulnerability in BoastMachine Cross-site scripting (XSS) vulnerability in (1) index.php and (2) bmc/admin.php in BoastMachine (bMachine) 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string, which is not properly filtered when it is accessed using the $_SERVER["PHP_SELF"] variable. | 6.8 |
| 2006-05-19 | CVE-2006-2490 | Cross-Site Scripting vulnerability in Mobotix IP Network Camera Multiple cross-site scripting (XSS) vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in (1) the query string to help/help, (2) the get_image_info_abspath parameter to control/eventplayer, and (3) the source_ip parameter to events.tar. | 4.3 |
| 2006-05-19 | CVE-2006-2489 | Remote Content-Length Integer Overflow vulnerability in Nagios Integer overflow in CGI scripts in Nagios 1.x before 1.4.1 and 2.x before 2.3.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a content length (Content-Length) HTTP header. | 7.5 |
| 2006-05-19 | CVE-2006-2488 | Cross-Site Scripting vulnerability in Spymac web OS 5.0 Multiple cross-site scripting (XSS) vulnerabilities in Spymac WebOS (WOS) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) del_folder, (2) nick, or (3) action parameters to (a) notes/index.php, (4) curr parameter to (b) ipod/get_ipod.php, and in (c) login.php. network spymac | 4.3 |
| 2006-05-19 | CVE-2006-2487 | Remote File Include vulnerability in ScozNet ScozNews Multiple PHP remote file inclusion vulnerabilities in ScozNews 1.2.1 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[main_path] parameter in (1) functions.php, (2) template.php, (3) news.php, (4) help.php, (5) mail.php, (6) Admin/admin_cats.php, (8) Admin/admin_edit.php, (9) Admin/admin_import.php, and (10) Admin/admin_templates.php. | 7.5 |