Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-30 | CVE-2006-1505 | Authentication Bypass vulnerability in Basic Analysis and Security Engine Base_maintenance.PHP base_maintenance.php in Basic Analysis and Security Engine (BASE) before 1.2.4 (melissa), when running in standalone mode, allows remote attackers to bypass authentication, possibly by setting the standalone parameter to "yes". | 5.0 |
| 2006-03-30 | CVE-2006-1504 | Cross-Site Scripting vulnerability in Arab Portal Arab Portal 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Arab Portal 2.0 (aka Arab Dynamic Portal or ADP) stable allow remote attackers to inject arbitrary web script or HTML via the title parameter in (1) online.php and (2) download.php. | 5.1 |
| 2006-03-30 | CVE-2006-1503 | Code Injection vulnerability in Vwar Virtual WAR PHP remote file inclusion vulnerability in includes/functions_install.php in Virtual War (VWar) 1.5.0 R11 and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the vwar_root parameter. | 5.1 |
| 2006-03-30 | CVE-2006-1502 | Integer Overflow vulnerability in MPlayer Multiple integer overflows in MPlayer 1.0pre7try2 allow remote attackers to cause a denial of service and trigger heap-based buffer overflows via (1) a certain ASF file handled by asfheader.c that causes the asf_descrambling function to be passed a negative integer after the conversion from a char to an int or (2) an AVI file with a crafted wLongsPerEntry or nEntriesInUse value in the indx chunk, which is handled in aviheader.c. | 5.1 |
| 2006-03-30 | CVE-2006-1501 | SQL Injection vulnerability in Oneorzero 1.6.3.0 SQL injection vulnerability in index.php in OneOrZero 1.6.3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter, possibly in the kans action. | 7.5 |
| 2006-03-30 | CVE-2006-1500 | SQL Injection vulnerability in Tilde CMS 3.0 SQL injection vulnerability in index.php in Tilde CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-03-30 | CVE-2006-1499 | SQL Injection vulnerability in Source Workshop Vcounter 1.0 SQL injection vulnerability in vCounter.php in vCounter 1.0 allows remote attackers to execute arbitrary SQL commands via the URI (_SERVER[REQUEST_URI] variable). | 7.5 |
| 2006-03-30 | CVE-2006-1498 | HTML Injection vulnerability in MediaWiki Encoded Page Link Cross-site scripting (XSS) vulnerability in MediaWiki before 1.5.8 and 1.4.15 allows remote attackers to inject arbitrary web script or HTML via crafted encoded links. network mediawiki | 4.3 |
| 2006-03-30 | CVE-2006-1497 | Cross-Site Scripting vulnerability in Vihor Vihordesign 1.0.6 Directory traversal vulnerability in index.php in ViHor Design allows remote attackers to read arbitrary files via the page parameter. | 5.0 |
| 2006-03-30 | CVE-2006-1496 | Cross-Site Scripting vulnerability in VihorDesign Multiple cross-site scripting (XSS) vulnerabilities in index.php in ViHor Design allow remote attackers to inject arbitrary web script or HTML via (1) a remote URL in the page parameter, which is processed by an fopen call, or (2) HTML or script in the page parameter, which is returned to the client in an error message for the failed fopen call. network vihor | 4.3 |