Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-05 | CVE-2006-1624 | Denial-Of-Service vulnerability in Linux Kernel 2.6.20.1 The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses. | 7.8 |
| 2006-04-05 | CVE-2006-1623 | Cross-Site Scripting vulnerability in Flexible Development Unspecified vulnerability in main.php in an unspecified "file created by Andries Bruinsma," possibly a FleXiBle Development (FXB) application, allows remote attackers to include and execute arbitrary PHP code. network andries-bruinsma | 4.3 |
| 2006-04-05 | CVE-2006-1622 | Cross-Site Scripting vulnerability in Phpselect Cross-site scripting (XSS) vulnerability in PHPSelect linksubmit allows remote attackers to inject arbitrary web script or HTML via (1) the description parameter to linklist.php and possibly other vectors involving (2) index.php and (3) linksubmit.php. network phpselect | 6.8 |
| 2006-04-05 | CVE-2006-1621 | Directory Traversal vulnerability in Hosting Controller Hosting Controller 2002Rc1 Directory traversal vulnerability in admin/folders/saveuploadfiles.asp in Hosting Controller 2002 RC 1 allows remote authenticated users to overwrite arbitrary files via an absolute path in the OpenPath parameter. | 4.0 |
| 2006-04-05 | CVE-2006-1620 | Remote vulnerability in Hosting Controller Hosting Controller 2002Rc1 admin/accounts/AccountActions.asp in Hosting Controller 2002 RC 1 allows remote attackers to modify passwords of other users, probably via an "Update User" ActionType with a modified UserName parameter and the PassCheck parameter set to TRUE. | 5.0 |
| 2006-04-05 | CVE-2006-1619 | Denial-Of-Service vulnerability in IBM Websphere Application Server 4.0.1/4.0.2/4.0.3 IBM WebSphere Application Server 4.0.1 through 4.0.3 allows remote attackers to cause a denial of service (application crash) via an HTTP request with a large header. | 5.0 |
| 2006-04-05 | CVE-2006-1618 | Remote Format String vulnerability in Doomsday 1.8.6 Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments. | 7.5 |
| 2006-04-05 | CVE-2006-1617 | Cross-Site Scripting vulnerability in Advanced Poll Advanced Poll 2.0.2 Multiple cross-site scripting (XSS) vulnerabilities in Advanced Poll 2.02 allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. network advanced-poll | 4.3 |
| 2006-04-05 | CVE-2006-1616 | SQL-Injection vulnerability in Advanced Poll Advanced Poll 2.0.2 Multiple SQL injection vulnerabilities in Advanced Poll 2.02 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to comments.php or (2) poll_id parameter to page.php. | 7.5 |
| 2006-04-05 | CVE-2006-0401 | Local Authentication Bypass vulnerability in Apple Mac OS X Intel-Based Unspecified vulnerability in Mac OS X before 10.4.6, when running on an Intel-based computer, allows attackers with physical access to bypass the firmware password and log on in Single User Mode via unspecified vectors. | 4.6 |