Vulnerabilities

DATE	CVE	VULNERABILITY TITLE	RISK
2006-04-26	CVE-2006-2054	Remote Denial Of Service vulnerability in 3Com 3C16486 1.0.2 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets. network low complexity 3com	5.0
2006-04-26	CVE-2006-2053	SQL-Injection vulnerability in Quickestore 7.9 Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. network low complexity quickestore	6.4
2006-04-26	CVE-2006-2052	Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0 Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. network verosky-media	5.8
2006-04-26	CVE-2006-2051	HTML Injection vulnerability in NextAge Shopping Cart Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. network nextage	5.8
2006-04-26	CVE-2006-2050	Input Validation vulnerability in Dcscripts Dcforumlite 3.0 SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter. network low complexity dcscripts	5.0
2006-04-26	CVE-2006-2049	Input Validation vulnerability in Dcscripts Dcforumlite 3.0 Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. network dcscripts	4.3
2006-04-26	CVE-2006-2048	Cross-Site Scripting vulnerability in PHPwebftp 2.3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. network phpwebftp	4.3
2006-04-26	CVE-2006-2047	SQL-Injection vulnerability in Application Dynamics Cartweaver Coldfusion 2.16.11 Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. network low complexity application-dynamics	5.0
2006-04-26	CVE-2006-2046	SQL Injection vulnerability in Application Dynamics Cartweaver ColdFusion Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. network low complexity application-dynamics	6.4
2006-04-26	CVE-2006-2045	Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34Firmware The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data. local low complexity ip3-networks	3.6

Vulnerabilities {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities"}]}

Vulnerabilities