Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-21 | CVE-2006-1961 | Local Privilege Escalation vulnerability in Multiple Linux-Based Cisco Products Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13, Hosting Solution Engine (HSE) and User Registration Tool (URT) before 20060419, and all versions of Ethernet Subscriber Solution Engine (ESSE) and CiscoWorks2000 Service Management Solution (SMS) allow local users to gain Linux shell access via shell metacharacters in arguments to the "show" command in the application's command line interface (CLI), aka bug ID CSCsd21502 (WLSE), CSCsd22861 (URT), and CSCsd22859 (HSE). | 7.5 |
| 2006-04-21 | CVE-2006-1960 | Cross-Site Scripting vulnerability in Cisco Wireless Lan Solution Engine ArchiveApplyDisplay.JSP Cross-site scripting (XSS) vulnerability in the appliance web user interface in Cisco CiscoWorks Wireless LAN Solution Engine (WLSE) and WLSE Express before 2.13 allows remote attackers to inject arbitrary web script or HTML, possibly via the displayMsg parameter to archiveApplyDisplay.jsp, aka bug ID CSCsc01095. network cisco | 5.8 |
| 2006-04-21 | CVE-2006-1959 | Remote File Include vulnerability in ActualScripts Actualanalyzer 2.72/7.63 PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbitrary code via a URL in the rf parameter. | 7.5 |
| 2006-04-21 | CVE-2006-1958 | SQL Injection vulnerability in Wired Community Software Wwwthreads RC3 Multiple SQL injection vulnerabilities in WWWThreads RC 3 allow remote attackers to execute arbitrary SQL commands via (1) the forumreferrer cookie to register.php and (2) the messages parameter in message_list.php. | 6.4 |
| 2006-04-20 | CVE-2006-1950 | Cross-Site Scripting vulnerability in Perlcoders Group Bannerfarm 2.3 Multiple cross-site scripting (XSS) vulnerabilities in banners.cgi in PerlCoders BannerFarm 2.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) aff and (2) cat parameters. network perlcoders-group | 4.3 |
| 2006-04-20 | CVE-2006-1949 | SQL-Injection vulnerability in Plexcart SQL injection vulnerability in plexcart.pl in NicPlex PlexCart X3 and earlier allows remote attackers to execute arbitrary SQL commands via the catid parameter. | 7.5 |
| 2006-04-20 | CVE-2006-1948 | Remote Security vulnerability in IBM Lotus Notes 6.0/6.5 The "Add Sender to Address Book" operation (AddSenderToAddressBook.lss) and NameHelper.lss in IBM Lotus Notes 6.0 and 6.5 before 20060331 do not properly store information in the Personal Address Book when multiple messages are checked and a message uses AltFrom, which might allow user-assisted remote attackers to trick a user into sending e-mail to an unauthorized recipient. | 4.0 |
| 2006-04-20 | CVE-2006-1947 | SQL Injection vulnerability in Plexum Multiple SQL injection vulnerabilities in plexum.php in NicPlex Plexum X5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) pagesize, (2) maxrec, and (3) startpos parameters. | 7.5 |
| 2006-04-20 | CVE-2006-1946 | Cross-Site Scripting vulnerability in Visale Multiple cross-site scripting (XSS) vulnerabilities in Visale 1.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the keyval parameter in pbpgst.cgi, (2) the catsubno parameter in pblscg.cgi, and (3) the listno parameter in pblsmb.cgi. | 2.6 |
| 2006-04-20 | CVE-2006-1945 | Cross-Site Scripting vulnerability in AWStats AWstats.PL Cross-site scripting (XSS) vulnerability in awstats.pl in AWStats 6.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the config parameter. | 2.6 |