Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-1226 | Input Validation vulnerability in Drupal Cross-site scripting (XSS) vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network drupal | 4.3 |
2006-03-14 | CVE-2006-1225 | Input Validation vulnerability in Drupal CRLF injection vulnerability in Drupal 4.5.x before 4.5.8 and 4.6.x before 4.5.8 allows remote attackers to inject headers of outgoing e-mail messages and use Drupal as a spam proxy. | 5.0 |
2006-03-14 | CVE-2006-1224 | Remote Directory Traversal vulnerability in GuppY Dwnld.PHP Directory traversal vulnerability in dwnld.php in GuppY 4.5.11 allows remote attackers to overwrite arbitrary files via a "%2E." (mixed encoding) in the pg parameter. | 2.6 |
2006-03-14 | CVE-2006-1223 | HTML Injection vulnerability in Jupiter CMS Jupiter CMS 1.1.4 Cross-site scripting (XSS) vulnerability in Jupiter Content Manager 1.1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URI in the image BBcode tag. network jupiter-cms | 4.3 |
2006-03-14 | CVE-2006-1222 | HTML Injection vulnerability in Zeroboard Multiple cross-site scripting (XSS) vulnerabilities in zeroboard 4.1 pl7 allows allow remote attackers to inject arbitrary web script or HTML via the (1) memo box title, (2) user email, and (3) homepage fields. network zeroboard | 4.3 |
2006-03-14 | CVE-2006-1221 | Local Privilege Escalation vulnerability in Zonelabs Zonealarm Security Suite 6.1.744.000 Untrusted search path vulnerability in the TrueVector service (VSMON.exe) in Zone Labs ZoneAlarm 6.x and Integrity does not search ZoneAlarm's own folders before other folders that are specified in a user's PATH, which might allow local users to execute code as SYSTEM by placing malicious DLLs into a folder that has insecure permissions, but is searched before ZoneAlarm's folder. | 6.2 |
2006-03-14 | CVE-2006-0400 | Unspecified vulnerability in Apple mac OS X and mac OS X Server CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | 7.5 |
2006-03-14 | CVE-2006-0399 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0398 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0397 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |