Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-11 | CVE-2006-1686 | Remote Security vulnerability in Apt-Webshop-System 3.0/4.0 Unspecified vulnerability in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allows remote attackers to access unspecified files via a modified warp parameter. | 5.0 |
| 2006-04-11 | CVE-2006-1685 | SQL Injection vulnerability in APT-webshop Modules.PHP Multiple SQL injection vulnerabilities in modules.php in APT-webshop-system 4.0 PRO, 3.0 BASIC, and 3.0 LIGHT allow remote attackers to execute arbitrary SQL commands via the (1) group, (2) seite, and (3) id parameter, possibly involving the artikel functionality. | 7.5 |
| 2006-04-11 | CVE-2006-1684 | Remote Security vulnerability in Ecotwo Shopsystem 1.0192 Unspecified vulnerability in ecotwo Shopsystem 1.0-192 and earlier allows remote attackers to include arbitrary local files via (1) the lang parameter in news.php and (2) other unspecified vectors. | 5.0 |
| 2006-04-11 | CVE-2006-1683 | SQL Injection vulnerability in Chipmunk Guestbook SQL injection vulnerability in admin/login.php in Chipmunk Guestbook allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the User name. | 7.5 |
| 2006-04-11 | CVE-2006-1682 | Cross-Site Scripting vulnerability in Talentsoft Web+ Shop 5.0 Cross-site scripting (XSS) vulnerability in webplus.exe in TalentSoft Web+Shop 5.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the deptname parameter, possibly involving the webpshop/ department.wml script. network talentsoft | 4.3 |
| 2006-04-11 | CVE-2006-1681 | Unspecified vulnerability in Cherokee Httpd Cross-site scripting (XSS) vulnerability in Cherokee HTTPD 0.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a malformed request that generates an HTTP 400 error, which is not properly handled when the error message is generated. network cherokee | 4.3 |
| 2006-04-11 | CVE-2006-1680 | Remote Security vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Jupiter CMS 1.1.5, when display_errors is enabled, allows remote attackers to obtain the full server path via a direct request to modules/online.php. | 2.6 |
| 2006-04-11 | CVE-2006-1679 | Cross-Site Scripting vulnerability in Jupiter CMS Jupiter CMS 1.1.5 Cross-site scripting (XSS) vulnerability in modules/online.php in Jupiter CMS 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the layout parameter to index.php. network jupiter-cms | 4.3 |
| 2006-04-11 | CVE-2006-1678 | Cross-Site Scripting vulnerability in PHPMyAdmin Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory. network phpmyadmin | 4.3 |
| 2006-04-10 | CVE-2006-1549 | Resource Management Errors vulnerability in PHP 4.4.2/5.1.2 PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. | 2.1 |