Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-30 | CVE-2006-1495 | SQL Injection vulnerability in PhpCollab Sendpassword.PHP SQL injection vulnerability in general/sendpassword.php in (1) PHPCollab 2.4 and 2.5.rc3, and (2) NetOffice 2.5.3-pl1 and 2.6.0b2 allows remote attackers to execute arbitrary SQL commands via the loginForm parameter in the "forgotten password" option. | 7.5 |
2006-03-29 | CVE-2006-1493 | Input Validation vulnerability in Explorer XP Cross-site scripting (XSS) vulnerability in dir.php in Explorer XP allows remote attackers to inject arbitrary web script or HTML via the chemin parameter. network nikolay-avrionov | 4.3 |
2006-03-29 | CVE-2006-1492 | Input Validation vulnerability in Explorer XP Directory traversal vulnerability in dir.php in Explorer XP allows remote attackers to read arbitrary files via the chemin parameter. | 5.0 |
2006-03-29 | CVE-2006-1491 | Code Injection vulnerability in Horde Application Framework Eval injection vulnerability in Horde Application Framework versions 3.0 before 3.0.10 and 3.1 before 3.1.1 allows remote attackers to execute arbitrary code via the help viewer. | 7.5 |
2006-03-29 | CVE-2006-1489 | SQL Injection vulnerability in Fusionzone Couponzone 4.2 Multiple SQL injection vulnerabilities in FusionZONE CouponZONE local.cfm in 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) companyid, (2) scat, and (3) coid parameters. | 7.5 |
2006-03-29 | CVE-2006-1488 | Remote Security vulnerability in Activecampaign Supporttrio 2.50.2 ActiveCampaign SupportTrio 2.5 allows remote attackers to obtain the full path of the server via invalid (1) article or (2) print parameters in a kb action to index.php, or (3) an invalid category parameter to modules/KB/pdf.php, which leaks the path in an error message. | 5.0 |
2006-03-29 | CVE-2006-1487 | Cross-Site Scripting vulnerability in Activecampaign Supporttrio 2.50.2 Cross-site scripting (XSS) vulnerability in ActiveCampaign SupportTrio 2.50.2 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the KnowledgeBase search module. network activecampaign | 4.3 |
2006-03-29 | CVE-2006-1486 | Cross-Site Scripting vulnerability in RealestateZONE Multiple cross-site scripting (XSS) vulnerabilities in index.cfm in realestateZONE 4.2 allow remote attackers to inject arbitrary web script or HTML via the (1) bamin, (2) bemin, (3) pmin, and (4) state parameters. network fusionzone | 4.3 |
2006-03-29 | CVE-2006-1485 | Unspecified vulnerability in Greymatter gm-upload.cgi in Greymatter 1.3.1 allows remote authenticated users with upload privileges to execute arbitrary programs by uploading files to locations within the web root. | 6.5 |
2006-03-29 | CVE-2006-1484 | Local Privilege Escalation vulnerability in Genius VideoCAM NB Genius VideoCAM NB Driver does not drop privileges when saving files, which allows local users to gain privileges by opening arbitrary files via the "save as" dialog. | 7.2 |