Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-11 | CVE-2006-2306 | Cross-Site Scripting vulnerability in EPublisherPro Moreinfo.ASP Cross-site scripting (XSS) vulnerability in moreinfo.asp in EPublisherPro allows remote attackers to inject arbitrary web script or HTML via the title parameter. | 9.3 |
| 2006-05-11 | CVE-2006-2305 | Cross-Site Scripting vulnerability in Jadu CMS Multiple cross-site scripting (XSS) vulnerabilities in Jadu CMS allow remote attackers to inject arbitrary web script or HTML via the (1) forename, (2) surname, (3) reg_email, (4) email_conf, (5) company, (6) city, (7) postcode, or (8) telephone parameters to site/scripts/register.php. network jadu-limited | 5.8 |
| 2006-05-11 | CVE-2006-2304 | Buffer Overflow vulnerability in Novell Client 4.83/4.90/4.91 Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field that specifies a large number of elements, which triggers the overflows in the ndps_xdr_array function. | 10.0 |
| 2006-05-11 | CVE-2006-2303 | Unspecified vulnerability in Mirabilis ICQ 5.04Build2321 Cross-Application Scripting (XAS) vulnerability in ICQ Client 5.04 build 2321 and earlier allows remote attackers to inject arbitrary web script from one application into another via a banner, which is processed in the My Computer zone using the Internet Explorer COM object. | 6.4 |
| 2006-05-11 | CVE-2006-2302 | SQL Injection vulnerability in DUWare DUGallery Login SQL injection vulnerability in admin_default.asp in DUGallery 2.x allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password field. | 7.5 |
| 2006-05-11 | CVE-2006-2301 | SQL Injection vulnerability in Ozzywork Galeri 2.0 SQL injection vulnerability in admin_default.asp in OzzyWork Galeri allows remote attackers to execute arbitrary SQL commands via the (1) Login or (2) password fields. | 7.5 |
| 2006-05-11 | CVE-2006-2300 | SQL Injection vulnerability in EImagePro Multiple SQL injection vulnerabilities in EImagePro allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to subList.asp, (2) SubjectID parameter to imageList.asp, or (3) Pic parameter to view.asp. | 7.5 |
| 2006-05-10 | CVE-2006-2298 | Denial Of Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1 The Internet Key Exchange version 1 (IKEv1) implementation in the libike library in Solaris 9 and 10 allows remote attackers to cause a denial of service (in.iked daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
| 2006-05-10 | CVE-2006-0994 | Remote Heap Overflow vulnerability in Sophos Anti-Virus CAB File Scanning Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code via a CAB file with "invalid folder count values," which leads to heap corruption. | 7.5 |
| 2006-05-10 | CVE-2006-2297 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Infotech Storage System Library Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow while decompiling. | 4.0 |