Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-06 | CVE-2006-1650 | Denial-Of-Service vulnerability in Mozilla Firefox 1.5.0.1 Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. | 5.0 |
| 2006-04-06 | CVE-2006-1649 | Local Arbitrary File Creation vulnerability in Eset Software NOD32 Antivirus The "restore to" selection in the "quarantine a file" capability of ESET NOD32 before 2.51.26 allows a restore to any directory that permits read access by the invoking user, which allows local users to create new files despite write-access directory permissions. | 7.2 |
| 2006-04-06 | CVE-2006-1648 | Remote Denial of Service vulnerability in SMART Technologies SynchronEyes SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service (memory consumption) via a certain packet to the Teacher discovery port that causes SynchronEyes to connect to the attacker's machine and read a value that is used as a parameter to malloc. | 5.0 |
| 2006-04-06 | CVE-2006-1647 | Remote Denial of Service vulnerability in SMART Technologies SynchronEyes An unspecified "logical programming mistake" in SMART SynchronEyes Student and Teacher 6.0, and possibly earlier versions, allows remote attackers to cause a denial of service via a large packet to the Teacher discovery port (UDP port 5496), which causes a thread to terminate and prevents communications on that port. | 7.8 |
| 2006-04-06 | CVE-2006-1646 | Denial-Of-Service vulnerability in Internet KEY Exchange Internet KEY Exchange 1 The Internet Key Exchange version 1 (IKEv1) implementation (isakmp_agg.c) in the Shoichi Sakane KAME Project racoon, as used by NetBSD 1.6, 2.x before 20060119, certain FreeBSD releases, and possibly other distributions of BSD or Linux operating systems, when running in aggressive mode, allows remote attackers to cause a denial of service (daemon crash) via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
| 2006-04-06 | CVE-2006-1645 | HTML Injection vulnerability in ReloadCMS User-Agent Cross-site scripting (XSS) vulnerability in Anton Vlasov and Rostislav Gaitkuloff ReloadCMS 1.2.5 and earlier allows remote attackers to inject arbitrary web script or HTML and gain leverage to execute arbitrary PHP code via the User-Agent HTTP header, which is displayed by admin/modules/general/statistic.php in the administration panel. network reloadcms | 6.8 |
| 2006-04-06 | CVE-2006-1644 | Remote Security vulnerability in Interact login.php in Interact 2.1.1 generates different responses depending on whether or not a username is valid, which allows remote attackers to determine valid usernames. | 5.0 |
| 2006-04-06 | CVE-2006-1643 | Remote vulnerability in Interact SQL injection vulnerability in login.php in Interact 2.1.1 allows remote attackers to execute arbitrary SQL commands via the user_name parameter. | 7.5 |
| 2006-04-06 | CVE-2006-1642 | Cross-Site Scripting vulnerability in Interact Cross-site scripting (XSS) vulnerability in Interact 2.1.1 allows remote attackers to inject arbitrary web script or HTML via (1) the search_terms parameter to (a) search.php, and (2) the first_name, (3) last_name, (4) email, (5) password, and (6) confirm_password parameters to (b) userinput.php. | 2.6 |
| 2006-04-06 | CVE-2006-1641 | Input Validation vulnerability in Czaries Network Czarnews 1.13B Multiple SQL injection vulnerabilities in CzarNews 1.14 allow remote attackers to execute arbitrary SQL commands via the (1) usern or (2) passw parameters to (a) cn_auth.php, (3) s parameter to (b) news.php, or (4) a parameter to (c) dpost.php. | 5.1 |