Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-06 | CVE-2006-1640 | Input Validation vulnerability in Czaries Network Czarnews 1.14 Cross-site scripting (XSS) vulnerability in news.php in CzarNews 1.14 allows remote attackers to inject arbitrary web script or HTML via the email parameter. | 2.6 |
| 2006-04-06 | CVE-2006-1639 | SQL Injection vulnerability in Wire Plastik Design Wpblog 0.4 SQL injection vulnerability in index.php in wpBlog 0.4 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 5.1 |
| 2006-04-06 | CVE-2006-1638 | Input Validation vulnerability in Aweb Labs Awebbb 1.2 Multiple SQL injection vulnerabilities in aWebBB 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) Username parameter to (a) accounts.php, (b) changep.php, (c) editac.php, (d) feedback.php, (e) fpass.php, (f) login.php, (g) post.php, (h) reply.php, or (i) reply_log.php; (2) p parameter to (j) dpost.php; (3) c parameter to (k) list.php or (l) ndis.php; or (12) q parameter to (m) search.php. | 5.1 |
| 2006-04-06 | CVE-2006-1637 | Input Validation vulnerability in Aweb Labs Awebbb 1.2 Multiple cross-site scripting (XSS) vulnerabilities in aWebBB 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) tname or (2) fpost parameters to (a) post.php; (3) fullname, (4) emailadd, (5) country, (6) sig, or (7) otherav parameters to (b) editac.php; or (8) fullname, (9) emailadd, or (10) country parameters to (c) register.php. network aweb-labs | 4.3 |
| 2006-04-06 | CVE-2006-1636 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in get_header.php in VWar 1.5.0 R12 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the vwar_root parameter. | 7.5 |
| 2006-04-06 | CVE-2006-1635 | Information Disclosure vulnerability in Lucidcms 2.0.0Rc4 LucidCMS 2.0.0 RC4 allows remote attackers to obtain sensitive information via a direct request to /lucid_phplib/translator.php, which reveals the path in an error message. | 5.0 |
| 2006-04-06 | CVE-2006-1634 | Cross-Site Scripting vulnerability in Lucidcms 2.0.0Rc4 Cross-site scripting (XSS) vulnerability in index.php in LucidCMS 2.0.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the command parameter. network lucidcms | 4.3 |
| 2006-04-05 | CVE-2006-1631 | Remote Denial of Service vulnerability in Cisco 11500 Content Services Switch HTTP Compression Unspecified vulnerability in the HTTP compression functionality in Cisco CSS 11500 Series Content Services switches allows remote attackers to cause a denial of service (device reload) via (1) "valid, but obsolete" or (2) "specially crafted" HTTP requests. | 5.0 |
| 2006-04-05 | CVE-2006-1626 | Improper Input Validation vulnerability in Microsoft Internet Explorer 6.0 Internet Explorer 6 for Windows XP SP2 and earlier allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. | 4.3 |
| 2006-04-05 | CVE-2006-1625 | HTML Injection vulnerability in Mybulletinboard 1.10 Cross-site scripting (XSS) vulnerability in inc/functions_post.php in MyBB (aka MyBulletinBoard) 1.10 allows remote attackers to inject arbitrary web script or HTML via a JavaScript event in a BBCode email tag, as demonstrated using the onmousemove event. network mybulletinboard | 6.8 |