Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-25 | CVE-2006-1995 | Directory Traversal vulnerability in Scry Gallery Scry Gallery 1.1 Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | 5.0 |
| 2006-04-25 | CVE-2006-1994 | Remote File Include vulnerability in Dforum 1.5 PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php. | 7.5 |
| 2006-04-25 | CVE-2006-1993 | Resource Management Errors vulnerability in Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. | 5.1 |
| 2006-04-25 | CVE-2006-1513 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Abc2Ps Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files. | 5.1 |
| 2006-04-25 | CVE-2006-1992 | Resource Management Errors vulnerability in Microsoft Internet Explorer 6.0.2900 mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. | 2.6 |
| 2006-04-25 | CVE-2006-1057 | Race Condition vulnerability in Gnome GDM 2.14 Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file. | 3.7 |
| 2006-04-25 | CVE-2006-0232 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | 5.0 |
| 2006-04-25 | CVE-2006-0231 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | 6.4 |
| 2006-04-25 | CVE-2006-0230 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses a client-side check to verify a password, which allows remote attackers to gain administrator privileges via a modified client that sends certain XML requests. | 10.0 |
| 2006-04-24 | CVE-2006-1991 | Resource Management Errors vulnerability in PHP 5.1.2 The substr_compare function in string.c in PHP 5.1.2 allows context-dependent attackers to cause a denial of service (memory access violation) via an out-of-bounds offset argument. | 6.4 |