Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-05 | CVE-2006-2203 | Remote Security vulnerability in Kerio Mailserver Unspecified vulnerability in Kerio MailServer before 6.1.4 has unknown impact and remote attack vectors related to a "possible bypass of attachment filter." | 6.4 |
| 2006-05-05 | CVE-2006-1518 | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length values. | 6.5 |
| 2006-05-05 | CVE-2006-1517 | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to obtain sensitive information via a COM_TABLE_DUMP request with an incorrect packet length, which includes portions of memory in an error message. | 5.0 |
| 2006-05-05 | CVE-2006-1516 | Remote Information Disclosure and Buffer Overflow vulnerability in MySQL The check_connection function in sql_parse.cc in MySQL 4.0.x up to 4.0.26, 4.1.x up to 4.1.18, and 5.0.x up to 5.0.20 allows remote attackers to read portions of memory via a username without a trailing null byte, which causes a buffer over-read. | 5.0 |
| 2006-05-05 | CVE-2006-1052 | Local Denial of Service vulnerability in Linux Kernel SELinux_PTrace The selinux_ptrace logic in hooks.c in SELinux for Linux 2.6.6 allows local users with ptrace permissions to change the tracer SID to an SID of another process. | 2.1 |
| 2006-05-04 | CVE-2006-2202 | SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.6 SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album parameter. | 6.4 |
| 2006-05-04 | CVE-2006-2201 | Unspecified vulnerability in Broadcom Resource Initialization Manager 1.0 Unspecified vulnerability in CA Resource Initialization Manager (CAIRIM) 1.x before 20060502, as used in z/OS Common Services and the LMP component in multiple products, allows attackers to violate integrity via a certain "problem state program" that uses SVC to gain access to supervisor state, key 0. | 4.3 |
| 2006-05-04 | CVE-2006-2189 | SQL Injection vulnerability in Servous Sblog 0.7.2 SQL injection vulnerability in search.php in Servous sBLOG 0.7.2 allows remote attackers to execute arbitrary SQL commands via the keyword parameter. | 10.0 |
| 2006-05-04 | CVE-2006-2188 | HTML Injection vulnerability in CmScout Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post. network cmscout | 6.8 |
| 2006-05-04 | CVE-2006-2187 | Cross-Site Scripting vulnerability in Zenphoto Multiple cross-site scripting (XSS) vulnerabilities in zenphoto 1.0.1 beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) a parameter in i.php, and the (2) album and (3) image parameters in index.php. network zenphoto | 6.8 |