Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-29 | CVE-2006-1483 | Unspecified vulnerability in Desiderata Software Blazix web Server Blazix Web Server before 1.2.6, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . | 5.0 |
| 2006-03-29 | CVE-2006-1482 | Cross-Site Scripting vulnerability in Conftool 1.1 Cross-site scripting (XSS) vulnerability in index.php in ConfTool 1.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network conftool | 4.3 |
| 2006-03-29 | CVE-2006-1481 | SQL Injection vulnerability in PHP Ticket PHP Ticket 0.5/0.6 SQL injection vulnerability in search.php in PHP Ticket 0.71 allows remote authenticated users to execute arbitrary SQL commands and obtain usernames and passwords via the frm_search_in parameter. | 6.5 |
| 2006-03-29 | CVE-2006-1480 | Remote Command Execution vulnerability in WEBalbum Directory traversal vulnerability in start.php in WebAlbum 2.02 allows remote attackers to include arbitrary files and execute commands by (1) injecting code into local log files via GET commands, then (2) accessing that log via a .. | 5.1 |
| 2006-03-29 | CVE-2006-1479 | Input Validation vulnerability in Serge REY Gtd-PHP 0.5 Multiple cross-site scripting (XSS) vulnerabilities in Serge Rey gtd-php (aka Getting Things Done) 0.5 allow remote attackers to inject arbitrary web script or HTML via the Description field in (1) newProject.php, (2) newList.php, and (3) newWaitingOn.php; the Title field in (4) newProject.php, (5) newList.php, (6) newWaitingOn.php, (7) newChecklist.php, (8) newContext.php, and (9) newGoal.php; the (10) Category Name field in newCategory.php; the (11) listTitle field in listReport.php; the (12) projectName field in projectReport.php; and the (13) checklistTitle field in checklistReport.php. network serge-rey | 4.3 |
| 2006-03-29 | CVE-2006-1478 | File-Upload vulnerability in Turnkey web Tools PHP Live Helper 1.8 Directory traversal vulnerability in (1) initiate.php and (2) possibly other PHP scripts in Turnkey Web Tools PHP Live Helper 1.8, and possibly later versions, allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the language cookie, as demonstrated by uploading PHP code in a gl_session cookie to users.php, which causes the code to be stored in error.log, which is then included by initiate.php. | 7.5 |
| 2006-03-29 | CVE-2006-1477 | Remote File Include vulnerability in Turnkey web Tools PHP Live Helper 1.8 Multiple PHP remote file inclusion vulnerabilities in Turnkey Web Tools PHP Live Helper 1.8 allow remote attackers to include and execute arbitrary PHP code via the abs_path parameter in (1) initiate.php, (2) waiting.php, (3) welcome.php, (4) admin/index.php, (5) javascript.php, (6) checkchat.php, and (7) blank.php. | 7.5 |
| 2006-03-29 | CVE-2006-1476 | Remote Security vulnerability in Windows XP Tablet PC Edition Windows Firewall in Microsoft Windows XP SP2 produces incorrect application block alerts when the application filename is ".exe" (with no characters before the "."), which might allow local user-assisted users to trick a user into unblocking a Trojan horse program, as demonstrated by a malicious ".exe" program in a folder named "Internet Explorer," which triggers a question about whether to unblock the "Internet Explorer" program. | 2.6 |
| 2006-03-29 | CVE-2006-1475 | Local Security vulnerability in Windows XP Tablet PC Edition Windows Firewall in Microsoft Windows XP SP2 does not produce application alerts when an application is executed using the NTFS Alternate Data Streams (ADS) filename:stream syntax, which might allow local users to launch a Trojan horse attack in which the victim does not obtain the alert that Windows Firewall would have produced for a non-ADS file. | 2.1 |
| 2006-03-29 | CVE-2006-1474 | Cross-Site Scripting vulnerability in Web Conferencing Pro Cross-site scripting (XSS) vulnerability in the "failed" functionality in Raindance Web Conferencing Pro allows remote attackers to inject arbitrary web script or HTML via the browser parameter. network raindance | 4.3 |