Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-20 | CVE-2006-1914 | Information Disclosure vulnerability in Dbbs DbbS 2.0-alpha and earlier allows remote attackers to obtain sensitive information via an invalid (1) fcategoryid parameter to topics.php or (2) unavariabile, (3) GLOBALS, or (4) _SERVER[] parameters to script.php. | 5.0 |
| 2006-04-20 | CVE-2006-1913 | Cross-Site Scripting vulnerability in Jax Guestbook Page Parameter Cross-site scripting (XSS) vulnerability in jax_guestbook.php in Jax Guestbook 3.1, 3.31, and 3.50 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network jax-scripts | 6.8 |
| 2006-04-20 | CVE-2006-1912 | Cross-Site Scripting vulnerability in Mybulletinboard 1.10 MyBB (MyBulletinBoard) 1.1.0 does not set the constant KILL_GLOBAL variable in (1) global.php and (2) inc/init.php, which allows remote attackers to initialize arbitrary variables that are processed by an @extract command, which could then be leveraged to conduct cross-site scripting (XSS) or SQL injection attacks. network mybulletinboard | 5.8 |
| 2006-04-20 | CVE-2006-1911 | Cross-Site Scripting vulnerability in Mybulletinboard 1.1 Cross-site scripting (XSS) vulnerability in MyBB (MyBulletinBoard) 1.1 allows remote attackers to inject arbitrary web script or HTML via the attachment content disposition in an HTML attachment. network mybulletinboard | 4.3 |
| 2006-04-20 | CVE-2006-1910 | Unspecified vulnerability in S9Y Serendipity 1.0Beta2 config.php in S9Y Serendipity 1.0 beta 2 allows remote attackers to inject arbitrary PHP code by editing values that are stored in config.php and later executed. | 7.5 |
| 2006-04-20 | CVE-2006-1909 | Local File Include vulnerability in Coppermine Photo Gallery 1.4.4 Directory traversal vulnerability in index.php in Coppermine 1.4.4 allows remote attackers to read arbitrary files via a .//./ (modified dot dot slash) in the file parameter, which causes a regular expression to collapse the sequences into standard "../" sequences. | 5.0 |
| 2006-04-20 | CVE-2006-1908 | Cross-Site Scripting vulnerability in myEvent Cross-site scripting vulnerability in addevent.php in myEvent 1.x allows remote attackers to inject arbitrary web script or HTML via the event_desc parameter. | 2.6 |
| 2006-04-20 | CVE-2006-1907 | SQL-Injection vulnerability in myEvent Multiple SQL injection vulnerabilities in myEvent 1.x allow remote attackers to inject arbitrary SQL commands via the event_id parameter to (1) addevent.php or (2) del.php or (3) event_desc parameter to addevent.php. | 7.5 |
| 2006-04-20 | CVE-2006-1906 | Cross-Site Scripting vulnerability in Jjgan852 PHPlister 0.4.1 Cross-site scripting (XSS) vulnerability in index.php in jjgan852 phpLister 0.4.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. | 2.6 |
| 2006-04-20 | CVE-2006-1905 | Remote Format String vulnerability in Xine Playlist Handling Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a playlist file. | 7.5 |