Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-26 | CVE-2006-2034 | Input Validation vulnerability in Flexbb 0.5.5 SQL injection vulnerability in function/showprofile.php in FlexBB 0.5.5 allows remote attackers to execute arbitrary SQL commands, and view all usernames and passwords, via the id parameter to the showprofile page in index.php. | 7.5 |
| 2006-04-26 | CVE-2006-2033 | Input Validation vulnerability in Corenews 2.0.1 PHP remote file inclusion vulnerability in Core CoreNews 2.0.1 and earlier allows remote authenticated users to execute arbitrary commands via the show parameter. | 6.4 |
| 2006-04-26 | CVE-2006-2032 | Input Validation vulnerability in CoreNews Multiple SQL injection vulnerabilities in Core CoreNews 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) icon_id and (2) userid parameters in preview.php. | 6.4 |
| 2006-04-26 | CVE-2006-2031 | Cross-Site Scripting vulnerability in phpMyAdmin Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin 2.8.0.3, 2.8.0.2, 2.8.1-dev, and 2.9.0-dev allows remote attackers to inject arbitrary web script or HTML via the lang parameter. | 2.6 |
| 2006-04-26 | CVE-2006-2030 | Denial-Of-Service vulnerability in At-9724Ts The Allied Telesyn AT-9724TS switch allows remote attackers to cause a denial of service via a large amount of UDP data to the switch, which leads to unstable operation and possibly failure of the management interface or routing. | 5.0 |
| 2006-04-26 | CVE-2006-2029 | SQL-Injection vulnerability in Simplog Multiple SQL injection vulnerabilities in Jeremy Ashcraft Simplog 0.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) tid parameter in (a) preview.php; the (2) cid, (3) pid, and (4) eid parameters in (b) archive.php; and the (5) pid parameter in (c) comments.php. | 6.4 |
| 2006-04-26 | CVE-2006-2028 | Cross-Site Scripting vulnerability in Simplog Cross-site scripting (XSS) vulnerability in imagelist.php in Jeremy Ashcraft Simplog 0.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the imagedir parameter. network simplog | 5.8 |
| 2006-04-26 | CVE-2006-2027 | Buffer Overflow vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0 Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execute arbitrary code by sending a command with a long argument, which triggers a buffer overflow when an admin selects the Logging section in the FTP server main window. | 6.5 |
| 2006-04-26 | CVE-2006-0048 | Remote Denial of Service vulnerability in Francesco Stablum Tcpick 0.2.1 Francesco Stablum tcpick 0.2.1 allows remote attackers to cause a denial of service (segmentation fault) via certain fragmented packets, possibly involving invalid headers and an attacker-controlled payload length. | 5.0 |
| 2006-04-25 | CVE-2006-2026 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Libtiff Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image that triggers errors related to "setfield/getfield methods in cleanup functions." This vulnerability is addressed in the following product release: libTIFF, libTIFF, 3.8.1 | 6.5 |