Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-05-04 | CVE-2006-2165 | Cross-Site Scripting vulnerability in Avactis Shopping Cart Multiple cross-site scripting (XSS) vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php and (2) prod_id parameter in (c) product_info.php. | 2.6 |
| 2006-05-04 | CVE-2006-2164 | SQL-Injection vulnerability in Avactis Shopping Cart Multiple SQL injection vulnerabilities in Avactis Shopping Cart 0.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category_id parameter in (a) store_special_offers.php and (b) store.php, and (2) prod_id parameter in (c) cart.php and (d) product_info.php. | 7.5 |
| 2006-05-04 | CVE-2006-2163 | Cross-Site Scripting vulnerability in Desert DOG Software Pinnacle Cart 3.33 Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart 3.33 and earlier allows remote attackers to inject arbitrary web script or HTML via the setbackurl parameter. | 2.6 |
| 2006-05-03 | CVE-2006-1527 | Remote Denial of Service vulnerability in Linux Kernel 2.6.16.12 The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. | 5.0 |
| 2006-05-03 | CVE-2006-2162 | Remote Negative Content-Length Buffer Overflow vulnerability in Nagios 2.0.1/2.1.3 Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. | 5.0 |
| 2006-05-03 | CVE-2006-2160 | HTML Injection vulnerability in Russcomm Network LoginPHP Username Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. network russcom-network | 4.3 |
| 2006-05-03 | CVE-2006-2159 | Unspecified vulnerability in Russcom Network Loginphp CRLF injection vulnerability in help.php in Russcom Network Loginphp allows remote attackers to spoof e-mails and inject MIME headers via CRLF sequences in the email address. | 5.0 |
| 2006-05-03 | CVE-2006-2158 | Remote File Include vulnerability in Stadtaus Guestbook Dynamic variable evaluation vulnerability in index.php in Stadtaus Guestbook Script 1.7 and earlier, when register_globals is enabled, allows remote attackers to modify arbitrary program variables via parameters, which are evaluated as PHP variable variables, as demonstrated by performing PHP remote file inclusion using the include_files array parameter. | 6.4 |
| 2006-05-03 | CVE-2006-2157 | SQL Injection vulnerability in Plogger 2.1 SQL injection vulnerability in gallery.php in Plogger Beta 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, when the level is set to "slideshow". | 7.5 |
| 2006-05-03 | CVE-2006-2156 | Local File Include vulnerability in X7 Chat Directory traversal vulnerability in help/index.php in X7 Chat 2.0 and earlier allows remote attackers to include arbitrary files via .. | 6.4 |