Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-17 | CVE-2006-2430 | Remote Security vulnerability in Websphere Application Server IBM WebSphere Application Server 5.0.2 and earlier, 5.1.1 and earlier, and 6.0.2 up to 6.0.2.7 records user credentials in plaintext in addNode.log, which allows attackers to gain privileges. | 10.0 |
| 2006-05-17 | CVE-2006-2429 | Remote Security vulnerability in Websphere Application Server Unspecified vulnerability in IBM WebSphere Application Server 6.0.2, 6.0.2.1, 6.0.2.3, 6.0.2.5, and 6.0.2.7 has unknown impact and remote attack vectors related to "HTTP request handlers". | 10.0 |
| 2006-05-17 | CVE-2006-2426 | Remote Denial Of Service vulnerability in SUN Jdk, JRE and SDK Sun Java Runtime Environment (JRE) 1.5.0_6 and earlier, JDK 1.5.0_6 and earlier, and SDK 1.5.0_6 and earlier allows remote attackers to cause a denial of service (disk consumption) by using the Font.createFont function to create temporary files of arbitrary size in the %temp% directory. | 6.4 |
| 2006-05-17 | CVE-2006-2425 | Cross-Site Scripting vulnerability in PHPRemoteView PRV.PHP Multiple cross-site scripting (XSS) vulnerabilities in PRV.php in PhpRemoteView, possibly 2003-10-23 and earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) f, (2) d, and (3) ref parameters, and the (4) "MAKE DIR" and (5) "Full file name" fields. network phpremoteview | 4.3 |
| 2006-05-17 | CVE-2006-2424 | Remote File Include vulnerability in Ezusermanager 1.5/1.6 PHP remote file inclusion vulnerability in ezUserManager 1.6 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the ezUserManager_Path parameter to ezusermanager_pwd_forgott.php, possibly due to an issue in ezusermanager_core.inc.php. | 5.1 |
| 2006-05-17 | CVE-2006-2423 | Cross-Site Scripting vulnerability in Confixx 3.0.6/3.0.8 Cross-site scripting (XSS) vulnerability in ftplogin/index.php in Confixx 3.1.2 allows remote attackers to inject arbitrary web script or HTML via the login parameter. network swsoft | 4.3 |
| 2006-05-17 | CVE-2006-2422 | Information Disclosure vulnerability in phpCOIN Email Address phpCOIN 1.2.3 and earlier stores messages based upon e-mail addresses, which allows remote authenticated users to read messages for other users by adding the sender's e-mail address as an "additional contact". | 5.0 |
| 2006-05-17 | CVE-2006-2421 | Remote Buffer Overflow vulnerability in Pragma FortressSSH SSH_MSG_KEXINIT Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. | 7.5 |
| 2006-05-17 | CVE-2006-1953 | Remote Directory Traversal vulnerability in Caucho Technology Resin 3.0.17/3.0.18 Directory traversal vulnerability in Caucho Resin 3.0.17 and 3.0.18 for Windows allows remote attackers to read arbitrary files via a "C:%5C" (encoded drive letter) in a URL. | 7.8 |
| 2006-05-16 | CVE-2006-2420 | Cross-Site Scripting vulnerability in Mozilla Bugzilla 2.20/2.21/2.21.1 Bugzilla 2.20rc1 through 2.20 and 2.21.1, when using RSS 1.0, allows remote attackers to conduct cross-site scripting (XSS) attacks via a title element with HTML encoded sequences such as ">", which are automatically decoded by some RSS readers. | 4.3 |