Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-10 | CVE-2006-1675 | Cross-Site Scripting vulnerability in PHPwebgallery 1.4.1 Multiple cross-site scripting (XSS) vulnerabilities in PHPWebGallery 1.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) num, and (3) search parameters to (a) category.php, and the (4) slideshow, (5) show_metadata, and (6) start parameters to (b) picture.php, a different vulnerability than CVE-2006-1674. | 2.6 |
| 2006-04-10 | CVE-2006-1674 | Cross-Site Scripting vulnerability in PHPwebgallery 1.4.1 Cross-site scripting (XSS) vulnerability in search.php in PHPWebGallery 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-1675. | 2.6 |
| 2006-04-10 | CVE-2006-1608 | Safe_Mode and Open_Basedir Restriction Bypass vulnerability in PHP The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI. | 2.1 |
| 2006-04-10 | CVE-2006-1494 | Safe_Mode and Open_Basedir Restriction Bypass vulnerability in PHP Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function. | 2.6 |
| 2006-04-10 | CVE-2006-0996 | Cross-Site Scripting vulnerability in PHP 4.4.2/5.1.2 Cross-site scripting (XSS) vulnerability in phpinfo (info.c) in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including (1) a large number of dimensions or (2) long values, which prevents HTML tags from being removed. | 4.3 |
| 2006-04-10 | CVE-2006-0053 | Resource Management Errors vulnerability in Tony Cook Imager Imager (libimager-perl) before 0.50 allows user-assisted attackers to cause a denial of service (segmentation fault) by writing a 2- or 4-channel JPEG image (or a 2-channel TGA image) to a scalar, which triggers a NULL pointer dereference. | 2.6 |
| 2006-04-08 | CVE-2006-0951 | Local Security vulnerability in Eset Software Nod32 Antivirus 2.5 The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspecified attack vectors. | 7.2 |
| 2006-04-07 | CVE-2006-1673 | Cross-Site Scripting vulnerability in vBulletin Cross-site scripting (XSS) vulnerability in vbugs.php in Dark_Wizard vBug Tracker 3.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the sortorder parameter. | 2.6 |
| 2006-04-07 | CVE-2006-1672 | Multiple vulnerability in Cisco Optical Networking System and Transport Controller The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermission permission to any http URL containing "fs/LAUNCHER.jar", which allows remote attackers to execute arbitrary code on a CTC workstation, aka bug ID CSCea25049. | 7.5 |
| 2006-04-07 | CVE-2006-1671 | Multiple vulnerability in Cisco Optical Networking System and Transport Controller Control cards for Cisco Optical Networking System (ONS) 15000 series nodes before 20060405 allow remote attackers to cause a denial of service (card reset) via (1) a "crafted" IP packet to a device with secure mode EMS-to-network-element access, aka bug ID CSCsc51390; (2) a "crafted" IP packet to a device with IP on the LAN interface, aka bug ID CSCsd04168; and (3) a "malformed" OSPF packet, aka bug ID CSCsc54558. | 5.0 |