Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-04-02 | CVE-2006-1577 | Cross-Site Scripting vulnerability in Mantis View_All_Set.PHP Multiple cross-site scripting (XSS) vulnerabilities in view_all_set.php in Mantis 1.0.1, 1.0.0rc5, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) start_day, (2) start_year, and (3) start_month parameters. network mantis | 6.8 |
2006-04-02 | CVE-2006-1576 | Input Validation vulnerability in Vscripts.Pl Qlnews 1.2 Direct static code injection vulnerability in QLnews 1.2 allows remote authenticated administrators to execute arbitrary PHP code by modifying config.php. | 7.5 |
2006-04-02 | CVE-2006-1575 | Input Validation vulnerability in Vscripts.Pl Qlnews 1.2 Multiple cross-site scripting (XSS) vulnerabilities in news.php in QLnews 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) autorx and (2) newsx parameters. network vscripts-pl | 6.8 |
2006-04-01 | CVE-2006-1574 | Cross-Site Scripting vulnerability in Hitachi Groupmax World Wide Web Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web, World Wide Web Desktop, World Wide Web for Scheduler, and Desktop for Scheduler, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network hitachi | 5.8 |
2006-04-01 | CVE-2006-1573 | Remote File Include vulnerability in Mediaslash.Com Mediaslash Gallery 0 PHP remote file inclusion vulnerability in index.php in MediaSlash Gallery allows remote attackers to execute arbitrary PHP code via a URL in the rub parameter (part of the $page_menu variable). | 7.5 |
2006-04-01 | CVE-2006-1572 | SQL Injection vulnerability in O2PHP Oxygen Post.PHP SQL injection vulnerability in post.php in Oxygen 1.1.3 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a newthread action. | 5.0 |
2006-04-01 | CVE-2006-1571 | SQL Injection vulnerability in R2Xdesign Qlitenews 20050701 Multiple SQL injection vulnerabilities in loginprocess.php in qliteNews 2005.07.01 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters. | 5.1 |
2006-04-01 | CVE-2006-1570 | Cross-Site Scripting vulnerability in Esqlanelapse 2.0/2.2 Cross-site scripting (XSS) vulnerability in Esqlanelapse 2.0 and 2.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network esqlanelapse | 4.3 |
2006-04-01 | CVE-2006-1569 | Input Validation vulnerability in Redcms 0.1 Multiple SQL injection vulnerabilities in RedCMS 0.1 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameters to (a) login.php or (b) register.php; or (3) u parameter to (c) profile.php. | 5.1 |
2006-04-01 | CVE-2006-1568 | Input Validation vulnerability in Redcms 0.1 Multiple cross-site scripting (XSS) vulnerabilities in register.php in RedCMS 0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) email, (2) location, or (3) website parameters. | 5.1 |