Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-03 | CVE-2006-1434 | HTML Injection vulnerability in Annuaire Directory 1.0 Cross-site scripting (XSS) vulnerability in inscription.php in Annuaire (Directory) 1.0 allows remote attackers to inject arbitrary web script or HTML via the Comment Field (COMMENTAIRE parameter). network annuaire | 6.8 |
| 2006-04-03 | CVE-2006-1433 | Information Disclosure vulnerability in Annuaire Directory 1.0 Annuaire (Directory) 1.0 allows remote attackers to obtain sensitive information via a direct request to include/lang-en.php, which reveals the full installation path. | 5.0 |
| 2006-04-03 | CVE-2006-1596 | Unspecified vulnerability in Claroline PHP remote file inclusion vulnerability in learnPath/include/scormExport.inc.php in Claroline 1.7.4 and earlier allows remote attackers to execute arbitrary PHP code via the includePath parameter. | 7.5 |
| 2006-04-03 | CVE-2006-1595 | Cross-Site Scripting vulnerability in Claroline RQMKHTML.PHP Cross-site scripting (XSS) vulnerability in document/rqmkhtml.php in Claroline 1.7.4 and earlier allows remote attackers to read arbitrary files via ".." sequences in the file parameter in a rqEditHtml command. network claroline | 4.3 |
| 2006-04-03 | CVE-2006-1594 | Information Disclosure vulnerability in Claroline Multiple directory traversal vulnerabilities in document/rqmkhtml.php in Claroline 1.7.4 and earlier allow remote attackers to use ".." (dot dot) sequences to (1) read arbitrary files via the file parameter in a rqEditHtml command to document/rqmkhtml.php or (2) execute arbitrary code via the includePath parameter to learnPath/include/scormExport.inc.php. | 7.5 |
| 2006-04-03 | CVE-2006-1593 | Resource Management Errors vulnerability in multiple products The (1) ZD_MissingPlayer, (2) ZD_UseItem, and (3) ZD_LoadNewClientLevel functions in sv_main.cpp for (a) Zdaemon 1.08.01 and (b) X-Doom allows remote attackers to cause a denial of service (crash) via an invalid player slot or item number, which causes an invalid memory access, possibly due to an invalid array index. | 5.0 |
| 2006-04-03 | CVE-2006-1592 | Remote vulnerability in ZDaemon Buffer overflow in the is_client_wad_ok function in w_wad.cpp for (1) Zdaemon 1.08.01 and (2) X-Doom allows remote attackers to execute arbitrary code via a long filename argument. | 7.5 |
| 2006-04-03 | CVE-2006-1591 | Heap Overflow vulnerability in Microsoft Windows Help Image Processing Heap-based buffer overflow in Microsoft Windows Help winhlp32.exe allows user-assisted attackers to execute arbitrary code via crafted embedded image data in a .hlp file. | 5.1 |
| 2006-04-03 | CVE-2006-1590 | Cross-Site Scripting vulnerability in Basic Analysis and Security Engine PrintFreshPage Cross-site scripting (XSS) vulnerability in the PrintFreshPage function in (1) Basic Analysis and Security Engine (BASE) 1.2.4 and (2) Analysis Console for Intrusion Databases (ACID) 0.9.6b23 allows remote attackers to inject arbitrary web script or HTML via the (a) back parameter to base_graph_main.php, (b) netmask parameter to base_stat_ipaddr.php, or (c) submit parameter to base_qry_alert.php within BASE, or (d) query string to acid_main.php in ACID, which causes the request URI ($_SERVER['REQUEST_URI']) to be inserted into a refresh operation. | 4.3 |
| 2006-04-03 | CVE-2006-1589 | Denial-Of-Service vulnerability in NetBSD The elf_load_file function in NetBSD 2.0 through 3.0 allows local users to cause a denial of service (kernel crash) via an ELF interpreter that does not have a PT_LOAD section in its header, which triggers a null dereference. | 4.9 |