Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-05 | CVE-2006-2216 | Remote Security vulnerability in Devsyn Open Bulletin Board 1.0.8 Open Bulletin Board (OpenBB) 1.0.8 allows remote attackers to obtain the full path of the web server via an invalid pforums parameter to (1) misc.php and (2) member.php. | 5.0 |
| 2006-05-05 | CVE-2006-2214 | SQL Injection vulnerability in 4Images Image Gallery Management System 1.7.1 Multiple SQL injection vulnerabilities in 4images 1.7.1 and earlier allow remote attackers to execute arbitrary SQL commands via the sessionid parameter in (1) top.php and (2) member.php. | 7.5 |
| 2006-05-05 | CVE-2006-2213 | Remote Denial Of Service vulnerability in Hostapd 0.3.72 Hostapd 0.3.7-2 allows remote attackers to cause a denial of service (segmentation fault) via an unspecified value in the key_data_length field of an EAPoL frame. | 5.0 |
| 2006-05-05 | CVE-2006-2212 | Authentication Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.2 Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command. | 6.4 |
| 2006-05-05 | CVE-2006-2211 | Input Validation vulnerability in 321Soft PHP-Gallery 0.9 Absolute path traversal vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to browse arbitrary directories via the path parameter. | 5.0 |
| 2006-05-05 | CVE-2006-2210 | Input Validation vulnerability in 321Soft PHP-Gallery 0.9 Cross-site scripting (XSS) vulnerability in index.php in 321soft PhP-Gallery 0.9 allows remote attackers to inject arbitrary web script or HTML via the path parameter. network 321soft | 5.8 |
| 2006-05-05 | CVE-2006-2209 | SQL Injection vulnerability in PHP Arena Pacheckbook 1.1 Multiple SQL injection vulnerabilities in index.php in PHP Arena paCheckBook 1.1 allow remote attackers to execute arbitrary SQL commands via (1) the transtype parameter in an add action or (2) entry parameter in an edit action. | 6.4 |
| 2006-05-05 | CVE-2006-2206 | Authentication vulnerability in Ultravnc 1.0.1 The MS-Logon authentication scheme in UltraVNC (aka Ultr@VNC) 1.0.1 uses weak encryption (XOR) for challenge/response, which allows remote attackers to gain privileges by sniffing and decrypting passwords. | 10.0 |
| 2006-05-05 | CVE-2006-2205 | Local Denial of Service vulnerability in Netbsd 3.0 The audio_write function in NetBSD 3.0 allows local users to cause a denial of service (kernel crash) by using the audiosetinfo ioctl to change the sample rate of an audio device. | 2.1 |
| 2006-05-05 | CVE-2006-2204 | SQL Injection vulnerability in Invision Power Board Func_mod.PHP SQL injection vulnerability in the topic deletion functionality (post_delete function in func_mod.php) for Invision Power Board 2.1.5 allows remote authenticated moderators to execute arbitrary SQL commands via the selectedpids parameter, which bypasses an integer value check when the $id variable is an array. | 5.5 |