Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-12 | CVE-2006-1746 | Path Traversal vulnerability in Tincan PHPlist Directory traversal vulnerability in PHPList 2.10.2 and earlier allows remote attackers to include arbitrary local files via the (1) GLOBALS[database_module] or (2) GLOBALS[language_module] parameters, which overwrite the underlying $GLOBALS variable. | 5.0 |
| 2006-04-12 | CVE-2006-1745 | Cross-Site Scripting vulnerability in Bitweaver 1.3 Cross-site scripting (XSS) vulnerability in login.php in Bitweaver 1.3 allows remote attackers to inject arbitrary web script or HTML via the error parameter. | 2.6 |
| 2006-04-12 | CVE-2006-1744 | Local Buffer Overflow vulnerability in BSD-Games Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call. | 4.6 |
| 2006-04-12 | CVE-2006-1743 | SQL Injection vulnerability in Jbook 1.4 Multiple SQL injection vulnerabilities in form.php in JBook 1.4 allow remote attackers to execute arbitrary SQL commands via the (1) nom or (2) mail parameters. | 7.5 |
| 2006-04-12 | CVE-2006-0014 | Buffer Overflow vulnerability in Microsoft Outlook Express Windows Address Book File Parsing Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modified length values. | 5.1 |
| 2006-04-12 | CVE-2006-0012 | Remote Code Execution vulnerability in Microsoft Windows Shell COM Object Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM objects and "crafted files and directories," aka the "Windows Shell Vulnerability." | 5.1 |
| 2006-04-12 | CVE-2006-0003 | Remote Code Execution vulnerability in Microsoft MDAC RDS.Dataspace ActiveX Control Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote attackers to execute arbitrary code via unknown attack vectors. | 5.1 |
| 2006-04-11 | CVE-2006-1722 | Cross-Site Scripting vulnerability in Suche Shopxs 4.0 Cross-site scripting (XSS) vulnerability in suche.htm in ShopXS 4.0 allows remote attackers to inject arbitrary web script or HTML via the Suchstring1 (aka search) parameter. network suche | 6.8 |
| 2006-04-11 | CVE-2006-1721 | Improper Input Validation vulnerability in Cyrus Sasl digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation. | 2.6 |
| 2006-04-11 | CVE-2006-1720 | Cross-Site Scripting vulnerability in Arabless Saphplesson 2.0/3.0 Cross-site scripting (XSS) vulnerability in search.php in SaphpLesson 3.0 allows remote attackers to inject arbitrary web script or HTML via the Word parameter. network arabless | 4.3 |