Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-04 | CVE-2006-1604 | Unspecified vulnerability in Exponent CMS Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." | 10.0 |
2006-04-04 | CVE-2006-1603 | Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.19 Cross-site scripting (XSS) vulnerability in profile.php in phpBB 2.0.19 allows remote attackers to inject arbitrary web script or HTML via the cur_password parameter. network phpbb-group | 4.3 |
2006-04-04 | CVE-2006-1602 | Remote File Include vulnerability in PHPnuke-Clan 3.0.1 PHP remote file inclusion vulnerability in includes/functions_common.php in the VWar Account module (vWar_Account) in PHPNuke Clan 3.0.1 allows remote attackers to include arbitrary files via a URL in the vwar_root2 parameter. | 7.5 |
2006-04-04 | CVE-2006-1601 | Unspecified vulnerability in SUN Cluster 3.1 Unspecified vulnerability in SunPlex Manager in Sun Cluster 3.1 4/04 allows local users with solaris.cluster.gui authorization to view arbitrary files via unspecified vectors. | 1.7 |
2006-04-04 | CVE-2006-1058 | Use of Password Hash With Insufficient Computational Effort vulnerability in multiple products BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables. | 5.5 |
2006-04-03 | CVE-2006-1600 | SQL-Injection vulnerability in PHPwebgallery 1.4.1 SQL injection vulnerability in category.php in PhpWebGallery 1.4.1 allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2006-04-03 | CVE-2006-1599 | Remote Shell Code Execution vulnerability in V-Creator.Com V-Creator 1.3Pre2 Unspecified vulnerability in VCEngine.php in v-creator before 1.3-pre3, when the VC_CRYPTO_METHOD option is OPENSSL, allows remote attackers to execute arbitrary commands, possibly due to problems in the (1) encrypt and (2) decrypt functions. | 7.5 |
2006-04-03 | CVE-2006-1598 | Unspecified vulnerability in AN An-Httpd AN HTTPD 1.42n, and possibly other versions before 1.42p, allows remote attackers to obtain source code of scripts via crafted requests with (1) dot and (2) space characters in the file extension. | 7.8 |
2006-04-03 | CVE-2006-1438 | Cross-Site Scripting vulnerability in Andy Grayndler Andys PHP Knowledgebase 0.57 Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (aphpkb) 0.57 allow remote attackers to inject arbitrary web script or HTML via the (1) keyword_list parameter to (a) index.php; (2) title, (3) article, (4) author, and (5) keywords parameters to (b) submit_article.php; and (6) Question, (7) Name, and (8) Email parameters to (c) submit_question.php. network andy-grayndler | 6.8 |
2006-04-03 | CVE-2006-1435 | Input Validation vulnerability in Accounting Receiving and Inventory Administration Aria 0.996 Cross-site scripting (XSS) vulnerability in genmessage.php in Accounting Receiving and Inventory Administration (ARIA) 0.99-6 allows remote attackers to inject arbitrary web script or HTML via the Message Field (message parameter). | 6.8 |