Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-20 | CVE-2006-1944 | Cross-Site Scripting vulnerability in CommuniMail Multiple cross-site scripting (XSS) vulnerabilities in SibSoft CommuniMail 1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the list_id parameter in mailadmin.cgi and (2) the form_id parameter in templates.cgi. | 2.6 |
| 2006-04-20 | CVE-2006-1943 | Cross-Site Scripting vulnerability in Smarter Scripts Intellilink PRO 5.06 Multiple cross-site scripting (XSS) vulnerabilities in Smarter Scripts IntelliLink Pro 5.06 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) url parameter in addlink_lwp.cgi and the (2) id, (3) forgotid, and (4) forgotpass parameters in edit.cgi. | 2.6 |
| 2006-04-20 | CVE-2006-1942 | Mozilla Firefox 1.5.0.2 and possibly other versions before 1.5.0.4, Netscape 8.1, 8.0.4, and 7.2, and K-Meleon 0.9.13 allows user-assisted remote attackers to open local files via a web page with an IMG element containing a SRC attribute with a non-image file:// URL, then tricking the user into selecting View Image for the broken image, as demonstrated using a .wma file to launch Windows Media Player, or by referencing an "alternate web page." | 5.1 |
| 2006-04-20 | CVE-2006-1941 | Remote Clock Synchronization Denial of Service vulnerability in Neon Software Neon Responder 5.4 Neon Responder 5.4 for LANsurveyor allows remote attackers to cause a denial of service (application outage) via a crafted Clock Synchronisation packet that triggers an access violation. | 5.0 |
| 2006-04-20 | CVE-2006-1931 | Denial of Service vulnerability in Yukihiro Matsumoto Ruby XMLRPC Server The HTTP/XMLRPC server in Ruby before 1.8.2 uses blocking sockets, which allows attackers to cause a denial of service (blocked connections) via a large amount of data. | 5.0 |
| 2006-04-20 | CVE-2006-1929 | Remote File Include vulnerability in I-RATER Platinum Common.PHP PHP remote file inclusion vulnerability in include/common.php in I-Rater Platinum allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. | 5.0 |
| 2006-04-20 | CVE-2006-1928 | Denial of Service vulnerability in Cisco IOS XR MPLS Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 routers, allows remote attackers to cause a denial of service (Modular Services Cards (MSC) crash or "MPLS packet handling problems") via certain MPLS packets, as identified by Cisco bug IDs (1) CSCsd15970 and (2) CSCsd55531. | 5.0 |
| 2006-04-20 | CVE-2006-1927 | Denial of Service vulnerability in Cisco IOS XR MPLS Cisco IOS XR, when configured for Multi Protocol Label Switching (MPLS) and running on Cisco CRS-1 or Cisco 12000 series routers, allows remote attackers to cause a denial of service (Line card crash) via certain MPLS packets, as identified by Cisco bug ID CSCsc77475. | 5.0 |
| 2006-04-20 | CVE-2006-1926 | SQL Injection vulnerability in ThWboard Showtopic.PHP SQL injection vulnerability in showtopic.php in ThWboard 2.84 beta 3 and earlier allows remote attackers to execute arbitrary SQL commands via the pagenum parameter. | 5.0 |
| 2006-04-20 | CVE-2006-1925 | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1 Directory traversal vulnerability in the editnews module (inc/editnews.mdu) in index.php in CuteNews 1.4.1 allows remote attackers to read or modify files via the source parameter in the (1) editnews or (2) doeditnews action. network cutephp | 4.3 |