Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-26 | CVE-2006-2054 | Remote Denial Of Service vulnerability in 3Com 3C16486 1.0.2 3Com Baseline Switch 2848-SFP Plus Model #3C16486 with firmware before 1.0.2.0 allows remote attackers to cause a denial of service (unstable operation) via long DHCP packets. | 5.0 |
2006-04-26 | CVE-2006-2053 | SQL-Injection vulnerability in Quickestore 7.9 Multiple SQL injection vulnerabilities in QuickEStore 7.9 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the OrderID parameter in (a) shipping.cfm and (b) checkout.cfm, (2) ItemID parameter in (c) proddetail.cfm, (3) SubCatID parameter in (d) index.cfm, the (4) CategoryID parameter in (e) prodpage.cfm, and (5) ProdID parameter in (f) Details.cfm. | 6.4 |
2006-04-26 | CVE-2006-2052 | Cross-Site Scripting vulnerability in Verosky Media Instant Photo Gallery 1.0 Cross-site scripting (XSS) vulnerability in Verosky Media Instant Photo Gallery allows remote attackers to inject arbitrary web script or HTML via the member parameter in a viewpro action in member.php. network verosky-media | 5.8 |
2006-04-26 | CVE-2006-2051 | HTML Injection vulnerability in NextAge Shopping Cart Multiple cross-site scripting (XSS) vulnerabilities in myadmin/index.php in NextAge Shopping Cart allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password parameters. network nextage | 5.8 |
2006-04-26 | CVE-2006-2050 | Input Validation vulnerability in Dcscripts Dcforumlite 3.0 SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter. | 5.0 |
2006-04-26 | CVE-2006-2049 | Input Validation vulnerability in Dcscripts Dcforumlite 3.0 Cross-site scripting (XSS) vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to inject arbitrary web script or HTML via the az parameter. network dcscripts | 4.3 |
2006-04-26 | CVE-2006-2048 | Cross-Site Scripting vulnerability in PHPwebftp 2.3 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Edwin van Wijk phpWebFTP 2.3 allow remote attackers to inject arbitrary web script or HTML via the (1) port, (2) server, and (3) user parameters. network phpwebftp | 4.3 |
2006-04-26 | CVE-2006-2047 | SQL-Injection vulnerability in Application Dynamics Cartweaver Coldfusion 2.16.11 Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allows remote attackers to obtain sensitive information via an invalid (1) secondary, (2) PageNum_Results, (3) category, or (4) keywords parameter in (a) Results.cfm; or an invalid (5) ProdID parameter in (b) Details.cfm; which reveal the path in various error messages. | 5.0 |
2006-04-26 | CVE-2006-2046 | SQL Injection vulnerability in Application Dynamics Cartweaver ColdFusion Multiple SQL injection vulnerabilities in Application Dynamics Cartweaver ColdFusion 2.16.11 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) category and (2) keywords parameters in (a) Results.cfm, and the (3) ProdID parameter in (b) Details.cfm. | 6.4 |
2006-04-26 | CVE-2006-2045 | Local vulnerability in IP3 Networks IP3 Netaccess 75 4.0.34Firmware The (1) shadow password file in na-img-4.0.34.bin for the IP3 Networks NetAccess NA75 has world readable permissions, which allows local users to view encrypted passwords; and the (2) NetAccess database file has world readable and writable permissions, which allows local users to view sensitive information and modify data. | 3.6 |