Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-12 | CVE-2006-2344 | SQL Injection vulnerability in Alipager 1.00/1.12 SQL injection vulnerability in inc/elementz.php in AliPAGER 1.5, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the ubild parameter. | 6.4 |
| 2006-05-12 | CVE-2006-2343 | Cross-Site Scripting vulnerability in Adventnet Manageengine Opmanager 6.0 Cross-site scripting (XSS) vulnerability in Search.do in ManageEngine OpManager 6.0 allows remote attackers to inject arbitrary web script or HTML via the searchTerm parameter. network adventnet | 5.8 |
| 2006-05-12 | CVE-2006-2342 | Unspecified vulnerability in IBM Websphere Application Server 6.0.2 IBM WebSphere Application Server 6.0.2 before FixPack 3 allows remote attackers to bypass authentication for the Welcome Page via a request to the default context root. | 7.5 |
| 2006-05-12 | CVE-2006-2341 | Information Exposure vulnerability in Symantec Enterprise Firewall and Gateway Security The HTTP proxy in Symantec Gateway Security 5000 Series 2.0.1 and 3.0, and Enterprise Firewall 8.0, when NAT is being used, allows remote attackers to determine internal IP addresses by using malformed HTTP requests, as demonstrated using a get request without a space separating the URI. | 5.0 |
| 2006-05-12 | CVE-2006-2340 | HTML Injection vulnerability in PassMasterFlex Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log. network lethal-penguin | 5.8 |
| 2006-05-12 | CVE-2006-2339 | SQL Injection vulnerability in Evo-Dev Evotopsites and Evotopsites PRO SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters. | 6.4 |
| 2006-05-12 | CVE-2006-2338 | Remote Security vulnerability in Planet Concept Planetstat 20050127 PlaNet Concept plaNetStat 20050127 allows remote attackers to gain administrative privileges, and view and configure log files, via a direct request to the (1) admin.php or (2) settings.php page. | 7.5 |
| 2006-05-12 | CVE-2006-2337 | Path Traversal vulnerability in D-Link Dsl-G604T Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter. | 5.0 |
| 2006-05-12 | CVE-2006-2336 | SQL Injection vulnerability in Mybulletinboard 1.1.1 SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter. | 6.4 |
| 2006-05-12 | CVE-2006-2335 | Remote Security vulnerability in Jelsoft Vbulletin 3.5.8 Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed. | 6.5 |