Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-31 | CVE-2006-1557 | SQL Injection vulnerability in Skintech X-Changer 0.20 Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php. | 7.5 |
| 2006-03-31 | CVE-2006-1556 | Cross-Site Scripting vulnerability in Al-Caricatier 2.5 Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter. network al-caricatier | 6.8 |
| 2006-03-31 | CVE-2006-1555 | Authentication Bypass vulnerability in Tachyon Vsns Lemon 3.2.0 VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic. | 7.5 |
| 2006-03-31 | CVE-2006-1554 | HTML Injection vulnerability in Tachyon Vsns Lemon 3.2.0 Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment. | 2.6 |
| 2006-03-31 | CVE-2006-1553 | SQL Injection vulnerability in Tachyon Vsns Lemon 3.2.0 SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 5.1 |
| 2006-03-31 | CVE-2006-1552 | Numeric Errors vulnerability in Apple products Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom". | 5.0 |
| 2006-03-31 | CVE-2006-0052 | Denial Of Service vulnerability in GNU Mailman Attachment Scrubber Malformed MIME Message The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary. | 5.0 |
| 2006-03-30 | CVE-2006-1550 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in DIA Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth. | 7.6 |
| 2006-03-30 | CVE-2006-1548 | Remote vulnerability in Apache Struts Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message. network apache | 4.3 |
| 2006-03-30 | CVE-2006-1547 | Unspecified vulnerability in Apache Commons Beanutils and Struts ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils. | 7.5 |