Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-10 | CVE-2006-0993 | Information Disclosure vulnerability in 3Com Tippingpoint SMS Server 2.2.1.4477 The web management interface in 3Com TippingPoint SMS Server before 2.2.1.4478 does not restrict access to certain directories, which might allow remote attackers to obtain potentially sensitive information such as configuration settings. | 5.0 |
| 2006-05-10 | CVE-2006-2082 | Information Disclosure vulnerability in Quake 3 Engine Server Directory traversal vulnerability in Quake 3 engine, as used in products including Quake3 Arena, Return to Castle Wolfenstein, Wolfenstein: Enemy Territory, and Star Trek Voyager: Elite Force, when the sv_allowdownload cvar is enabled, allows remote attackers to read arbitrary files from the server via ".." sequences in a .pk3 file request. | 7.5 |
| 2006-05-10 | CVE-2006-2296 | SQL Injection vulnerability in EDirectoryPro Search_result.ASP SQL injection vulnerability in search_result.asp in EDirectoryPro 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 6.4 |
| 2006-05-10 | CVE-2006-2295 | Input Validation vulnerability in Timobraun Dynamic Galerie 1.0 Directory traversal vulnerability in Dynamic Galerie 1.0 allows remote attackers to access arbitrary files via an absolute path in the pfad parameter to (1) index.php and (2) galerie.php. | 7.5 |
| 2006-05-10 | CVE-2006-2294 | Input Validation vulnerability in Timobraun Dynamic Galerie 1.0 Cross-site scripting (XSS) vulnerability in Dynamic Galerie 1.0 allows remote attackers to inject arbitrary web script or HTML via the pfad parameter in (1) index.php and (2) galerie.php. network timobraun | 6.8 |
| 2006-05-10 | CVE-2006-2293 | SQL Injection vulnerability in Expinion.Net Multicalendars 3.0 SQL injection vulnerability in all_calendars.asp in MultiCalendars 3.0 allows remote attackers to execute arbitrary SQL commands via the calsids parameter. | 6.4 |
| 2006-05-10 | CVE-2006-2292 | Input Validation vulnerability in IA-Calendar Multiple SQL injection vulnerabilities in IA-Calendar allow remote attackers to execute arbitrary SQL commands via the (1) type parameter in (a) calendar_new.asp and (b) default.asp, and (2) ID parameter in (c) calendar_detail.asp. | 6.4 |
| 2006-05-10 | CVE-2006-2291 | Input Validation vulnerability in IA-Calendar Cross-site scripting (XSS) vulnerability in calendar_new.asp in IA-Calendar allows remote attackers to inject arbitrary web script or HTML via the TypeName1 parameter. network inhouse-associates | 5.8 |
| 2006-05-10 | CVE-2006-2290 | Cross-Site Scripting vulnerability in XN--Gol-kma 2005-Comments-Script Komentare.PHP Multiple cross-site scripting (XSS) vulnerabilities in kommentar.php in 2005-Comments-Script allow remote attackers to inject arbitrary web script or HTML via the (1) id, (2) email, and (3) url parameter. network www-goel-ch | 6.8 |
| 2006-05-10 | CVE-2006-2287 | HTML Injection vulnerability in Vision Source CMS User Profile Multiple cross-site scripting (XSS) vulnerabilities in Vision Source 0.6 and earlier allow remote attackers to inject arbitrary web script or HTML via the fields in a user's profile. network vision-source | 5.8 |