Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-0029 | Unspecified vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption. | 5.1 |
2006-03-14 | CVE-2006-0028 | Unspecified vulnerability in Microsoft Excel and Office Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers. | 5.1 |
2006-03-14 | CVE-2006-1234 | SQL Injection vulnerability in Dsportal Dscounter 1.2 SQL injection vulnerability in index.php in DSCounter 1.2, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field (HTTP_X_FORWARDED_FOR environment variable) in an HTTP header. | 5.1 |
2006-03-14 | CVE-2006-1233 | Cross-Site Scripting vulnerability in WMNews Multiple cross-site scripting (XSS) vulnerabilities in WMNews allow remote attackers to inject arbitrary web script or HTML via the (1) ArtCat parameter to wmview.php, (2) ctrrowcol parameter to footer.php, or (3) ArtID parameter to wmcomments.php. network mikael-software | 4.3 |
2006-03-14 | CVE-2006-1232 | SQL-Injection vulnerability in Dsportal Dsdownload 1.0 Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | 7.5 |
2006-03-14 | CVE-2006-1231 | Unspecified vulnerability in Julian Pawlowski Capi4Hylafax 1.3 CAPI4HylaFAX 1.3, when compiled with GENERATE_DEBUGSFFDATAFILE set, allows local users to modify arbitrary files via a symlink attack on the c2faxrecv_dbgdatafile.sff temporary file. | 1.2 |
2006-03-14 | CVE-2006-1230 | Cross-Site Scripting vulnerability in Belchior Foundry Vcard 2.6/2.8/2.9 Multiple cross-site scripting (XSS) vulnerabilities in create.php in vCard 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) card_id, (2) uploaded, (3) card_fontsize, or (4) card_color parameter. | 4.3 |
2006-03-14 | CVE-2006-1229 | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.9 SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |
2006-03-14 | CVE-2006-1228 | Improper Authentication vulnerability in Drupal Session fixation vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to gain privileges by tricking a user to click on a URL that fixes the session identifier. | 5.1 |
2006-03-14 | CVE-2006-1227 | Input Validation vulnerability in Drupal Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8, when menu.module is used to create a menu item, does not implement access control for the page that is referenced, which might allow remote attackers to access administrator pages. | 4.6 |