Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-09 | CVE-2006-2257 | Cross-Site Scripting vulnerability in Faktorystudios Easyevent 1.0/1.1/1.2 Cross-site scripting (XSS) vulnerability in index.php in easyEvent 1.2 allows remote attackers to inject arbitrary web script or HTML via the curr_year parameter. network faktorystudios | 5.8 |
| 2006-05-09 | CVE-2006-2256 | Remote File Include vulnerability in EQDKP DBal.PHP PHP remote file inclusion vulnerability in includes/dbal.php in EQdkp 1.3.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the eqdkp_root_path parameter. | 6.4 |
| 2006-05-09 | CVE-2006-2255 | SQL Injection vulnerability in Creative Software Community Portal 1.1 Multiple SQL injection vulnerabilities in Creative Community Portal 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to (a) ArticleView.php, (2) forum_id parameter to (b) DiscView.php or (c) Discussions.php, (3) event_id parameter to (d) EventView.php, (4) AddVote and (5) answer_id parameter to (e) PollResults.php, or (7) mid parameter to (f) DiscReply.php. | 7.5 |
| 2006-05-09 | CVE-2006-2254 | Remote Buffer Overflow vulnerability in Intervations Filecopa 1.01 Buffer overflow in filecpnt.exe in FileCOPA 1.01 allows remote attackers to cause a denial of service (application crash) via a username with a large number of newline characters. | 5.0 |
| 2006-05-09 | CVE-2006-2253 | Remote File Include vulnerability in Otterware Statit 420060207 PHP remote file inclusion vulnerability in visible_count_inc.php in Statit 4 (060207) allows remote attackers to execute arbitrary PHP code via a URL in the statitpath parameter. | 7.5 |
| 2006-05-09 | CVE-2006-2252 | HTML Injection vulnerability in Openfaq 0.4.0 Cross-site scripting vulnerability in submit.php in OpenFAQ 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 6.4 |
| 2006-05-09 | CVE-2006-2251 | SQL Injection vulnerability in Invision Community Blog Mod.PHP SQL injection vulnerability in the do_mmod function in mod.php in Invision Community Blog (ICB) 1.1.2 final through 1.2 allows remote attackers with moderator privileges to execute arbitrary SQL commands via the selectedbids parameter. | 6.4 |
| 2006-05-09 | CVE-2006-2250 | Information Disclosure vulnerability in Cutephp Cutenews 1.4.1 CuteNews 1.4.1 allows remote attackers to obtain sensitive information via a direct request to (1) /inc/show.inc.php or (2) /inc/functions.inc.php, which reveal the path in an error message. | 6.4 |
| 2006-05-09 | CVE-2006-2249 | Cross-Site Scripting vulnerability in CuteNews Multiple cross-site scripting (XSS) vulnerabilities in search.php in CuteNews 1.4.1 and earlier, and possibly 1.4.5, allow remote attackers to inject arbitrary web script or HTML via the (1) user, (2) story, or (3) title parameters. network cutephp | 4.3 |
| 2006-05-09 | CVE-2006-2248 | Unspecified vulnerability in Northern Solutions Xeneo web Server 2.2.22.0 Xeneo Web Server 2.2.22.0 allows remote attackers to obtain the source code of script files via crafted requests containing dot, space, and slash characters in the file extension. | 5.0 |