Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-11 | CVE-2006-1696 | Cross-Site Scripting vulnerability in Gallery Cross-site scripting (XSS) vulnerability in Gallery before 1.5.3 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network gallery-project | 4.3 |
| 2006-04-11 | CVE-2006-1695 | Unspecified vulnerability in Fbida 2.01/2.02/2.03 The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID]. | 1.2 |
| 2006-04-11 | CVE-2006-1694 | SQL Injection vulnerability in XBrite Members.PHP SQL injection vulnerability in members.php in XBrite Members 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-04-11 | CVE-2006-1693 | Remote Denial of Service vulnerability in GlobalSCAPE Secure FTP Server Unspecified vulnerability in GlobalSCAPE Secure FTP Server before 3.1.4 Build 01.10.2006 allows attackers to cause a denial of service (application crash) via a "custom command" with a long argument. | 5.0 |
| 2006-04-11 | CVE-2006-1692 | SQL-Injection vulnerability in Manic web Mwnewsletter 1.0.0B Multiple SQL injection vulnerabilities in MWNewsletter 1.0.0b allow remote attackers to execute arbitrary SQL commands via the (1) user_email parameter to (a) unsubscribe.php or (b) subscribe.php; or the (2) user_name parameter to subscribe.php. | 7.5 |
| 2006-04-11 | CVE-2006-1691 | Input Validation vulnerability in Manic web Mwnewsletter 1.0.0B SQL injection vulnerability in MWNewsletter 1.0.0b allows remote attackers to execute arbitrary SQL commands via the user_name parameter to unsubscribe.php. | 7.5 |
| 2006-04-11 | CVE-2006-1690 | Input Validation vulnerability in Manic Web MWNewsletter Cross-site scripting (XSS) vulnerability in subscribe.php in MWNewsletter 1.0.0b allows remote attackers to inject arbitrary web script or HTML via the user_name parameter. network manic-web | 6.8 |
| 2006-04-11 | CVE-2006-1060 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xzgv Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or YCCK color space, which causes less memory to be allocated than required. | 7.5 |
| 2006-04-11 | CVE-2006-1689 | Local Unauthorized Access vulnerability in HP Hp-Ux 11.11 Unspecified vulnerability in su in HP HP-UX B.11.11, when using the LDAP netgroup feature, allows local users to gain unspecified access. | 7.2 |
| 2006-04-11 | CVE-2006-1687 | Cross-Site Scripting vulnerability in Apt-Webshop-System 3.0/4.0 Cross-site scripting (XSS) vulnerability in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to inject arbitrary web script or HTML via the message parameter, probably involving the basket functionality. network apt | 4.3 |