Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-19 | CVE-2006-2464 | Local Security vulnerability in BEA Weblogic Server 7.0/8.1 stopWebLogic.sh in BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6 displays the administrator password to stdout when executed, which allows local users to obtain the password by viewing a local display. | 4.6 |
2006-05-19 | CVE-2006-2463 | Remote Security vulnerability in OUT of the Trees web Design Selectapix 1.31 view_album.php in SelectaPix 1.31 and earlier allows remote attackers to obtain the installation path via a certain request, which displays the path in an error message, possibly due to an invalid or missing parameter. | 5.0 |
2006-05-19 | CVE-2006-2462 | Remote Security vulnerability in BEA Weblogic Server 7.0/8.1 BEA WebLogic Server 8.1 before Service Pack 4 and 7.0 before Service Pack 6, may send sensitive data over non-secure channels when using JTA transactions, which allows remote attackers to read potentially sensitive network traffic. | 5.0 |
2006-05-19 | CVE-2006-2461 | Remote Security vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server before 8.1 Service Pack 4 does not properly set the Quality of Service in certain circumstances, which prevents some transmissions from being encrypted via SSL, and allows remote attackers to more easily read potentially sensitive network traffic. | 5.0 |
2006-05-19 | CVE-2006-2460 | Remote and Local File Include vulnerability in Sugar Suite Open Source Sugar Suite Open Source (SugarCRM) 4.2 and earlier, when register_globals is enabled, does not protect critical variables such as $_GLOBALS and $_SESSION from modification, which allows remote attackers to conduct attacks such as directory traversal or PHP remote file inclusion, as demonstrated by modifying the GLOBALS[sugarEntry] parameter. | 6.4 |
2006-05-19 | CVE-2006-2459 | SQL Injection vulnerability in PHP Fusion PHP Fusion 6.00.306/6.00.307 SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter. | 6.4 |
2006-05-18 | CVE-2006-2458 | Heap Buffer Overflow vulnerability in Libextractor 0.5.13 Multiple heap-based buffer overflows in Libextractor 0.5.13 and earlier allow remote attackers to execute arbitrary code via (1) the asf_read_header function in the ASF plugin (plugins/asfextractor.c), and (2) the parse_trak_atom function in the QT plugin (plugins/qtextractor.c). | 4.0 |
2006-05-18 | CVE-2006-1855 | Local Denial of Service vulnerability in Linux Kernel Choose_New_Parent choose_new_parent in Linux kernel before 2.6.11.12 includes certain debugging code, which allows local users to cause a denial of service (panic) by causing certain circumstances involving termination of a parent process. | 2.1 |
2006-05-18 | CVE-2006-2443 | Information Disclosure vulnerability in Knowledgetree 2.0.7 The Debian package of knowledgetree 2.0.7 creates environment.php with world-readable permissions, which allows local users to obtain sensitive information such as the username and password for the KnowledgeTree database. | 4.6 |
2006-05-18 | CVE-2006-2442 | Local Information Disclosure vulnerability in Kphone 4.2 kphone 4.2 creates .qt/kphonerc with world-readable permissions, which allows local users to read usernames and SIP passwords. | 4.6 |