Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-05 | CVE-2006-2228 | Unspecified vulnerability in W-Agora 4.2.0 Cross-site scripting (XSS) vulnerability in w-Agora (aka Web-Agora) 4.2.0 allows remote attackers to inject arbitrary web script or HTML via a post with a BBCode tag that contains a JavaScript event name followed by whitespace before the '=' (equals) character, which bypasses a restrictive regular expression that attempts to remove onmouseover and other events. network w-agora | 4.3 |
| 2006-05-05 | CVE-2006-2227 | Input Validation vulnerability in Punbb 1.2.11 Cross-site scripting (XSS) vulnerability in misc.php in PunBB 1.2.11 allows remote attackers to inject arbitrary web script or HTML via the req_message parameter, because the value of the redirect_url parameter is not sanitized. network punbb | 4.3 |
| 2006-05-05 | CVE-2006-2226 | Buffer Overflow vulnerability in Dxmsoft XM Easy Personal FTP Server 4.2/5.0.1 Buffer overflow in XM Easy Personal FTP Server 4.2 and 5.0.1 allows remote authenticated users to cause a denial of service via a long argument to the PORT command. | 5.0 |
| 2006-05-05 | CVE-2006-2225 | Authentication Buffer Overflow vulnerability in XM Easy Personal FTP Server Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username. | 7.5 |
| 2006-05-05 | CVE-2006-2224 | Improper Authentication vulnerability in Quagga Routing Software Suite RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly enforce RIPv2 authentication requirements, which allows remote attackers to modify routing state via RIPv1 RESPONSE packets. | 5.0 |
| 2006-05-05 | CVE-2006-2223 | Improper Input Validation vulnerability in Quagga 0.98.5/0.99.3 RIPd in Quagga 0.98 and 0.99 before 20060503 does not properly implement configurations that (1) disable RIPv1 or (2) require plaintext or MD5 authentication, which allows remote attackers to obtain sensitive information (routing state) via REQUEST packets such as SEND UPDATE. | 5.0 |
| 2006-05-05 | CVE-2006-2222 | Remote HTTP GET Denial Of Service vulnerability in Norz Zawhttpd 0.8.23 Buffer overflow in zawhttpd 0.8.23, and possibly previous versions, allows remote attackers to cause a denial of service (daemon crash) via a request for a URI composed of several "\" (backslash) characters. | 5.0 |
| 2006-05-05 | CVE-2006-2221 | A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. | 2.1 |
| 2006-05-05 | CVE-2006-2218 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and nested object tags, a variant of CVE-2006-1992. | 9.3 |
| 2006-05-05 | CVE-2006-2217 | SQL Injection vulnerability in Invision Power Board SQL injection vulnerability in index.php in Invision Power Board allows remote attackers to execute arbitrary SQL commands via the pid parameter in a reputation action. | 7.5 |