Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-05 | CVE-2006-0051 | Remote HTTP_Peek Buffer Overflow vulnerability in Kaffeine Buffer overflow in playlistimport.cpp in Kaffeine Player 0.4.2 through 0.7.1 allows user-assisted attackers to execute arbitrary code via long HTTP request headers when Kaffeine is "fetching remote playlists", which triggers the overflow in the http_peek function. | 5.1 |
2006-04-04 | CVE-2006-0559 | Remote Format String vulnerability in McAfee Webshield SMTP Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed. | 10.0 |
2006-04-04 | CVE-2006-1613 | Unspecified vulnerability in Aweb Labs Awebnews 1.0 Multiple SQL injection vulnerabilities in aWebNews 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) user123 variable in (a) login.php or (b) fpass.php; or (2) cid parameter to (c) visview.php. | 5.0 |
2006-04-04 | CVE-2006-1612 | Unspecified vulnerability in Aweb Labs Awebnews 1.0 Multiple cross-site scripting (XSS) vulnerabilities in visview.php in aWebNews 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) yname, (2) emailadd, (3) subject, and (4) comment parameters. | 5.1 |
2006-04-04 | CVE-2006-1611 | Unspecified vulnerability in KGB Archiver Directory traversal vulnerability in KGB Archiver before 1.1.5.22 allows remote attackers to overwrite arbitrary files wile decompressing an archive, possibly due to directory traversal sequences in a filename. | 5.0 |
2006-04-04 | CVE-2006-1610 | Code Injection vulnerability in Squery PHP remote file inclusion vulnerability in lib/armygame.php in SQuery 4.5 and earlier, as used in products such as Autonomous LAN party (ALP), allows remote attackers to execute arbitrary PHP code via a URL in the libpath parameter. | 5.1 |
2006-04-04 | CVE-2006-1609 | Denial of Service vulnerability in XFIT/S Unspecified vulnerability in Hitachi XFIT/S, XFIT/S/JCA, XFIT/S/ZGN, and XFIT/S ZENGIN TCP/IP Procedure allows remote attackers to cause a denial of service (server process and transfer control process stop) when the products "receive data unexpectedly". | 5.0 |
2006-04-04 | CVE-2006-1607 | Unspecified vulnerability in Exponent CMS Unspecified vulnerability in the banner module in Exponent CMS before 0.96.5 RC 1 allows "php injection" via unknown attack vectors. | 7.5 |
2006-04-04 | CVE-2006-1606 | Unspecified vulnerability in Exponent CMS Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows "directory disclosure" with unknown attack vectors. | 5.0 |
2006-04-04 | CVE-2006-1605 | Unspecified vulnerability in Exponent CMS Unspecified vulnerability in the image module in Exponent CMS before 0.96.5 RC 1 allows remote attackers to execute arbitrary code via unknown vectors involving "parsed PHP." | 7.5 |