Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-14 | CVE-2006-1198 | Unspecified vulnerability in Comvigo IM Lock Home2006/Professional2006 Comvigo IM Lock 2006 uses a simple substitution cipher to encrypt a password stored in the msnvs\prc registry value, for which all users have Read permission, which allows local users to bypass the product's blocking functionality by decrypting the password. | 3.7 |
| 2006-03-13 | CVE-2006-1197 | Local Privilege Escalation vulnerability in SafeDisc Secdrv.SYS SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. | 7.2 |
| 2006-03-13 | CVE-2006-1196 | Cross-Site Scripting vulnerability in David Barrett Qwikiwiki 1.4/1.5/1.5.1 Multiple cross-site scripting (XSS) vulnerabilities in QwikiWiki 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) from and (2) help parameters to (a) index.php; (3) action, (4) page, (5) debug, (6) help, (7) username, or (8) password parameters to (b) login.php; the (7) help parameter to (c) pageindex.php; or (8) help parameter to (d) recentchanges.php. network david-barrett | 4.3 |
| 2006-03-13 | CVE-2006-1195 | Denial of Service vulnerability in ENet The enet_protocol_handle_send_fragment function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet fragment with a large total data size, which triggers an application abort when memory allocation fails. | 5.0 |
| 2006-03-13 | CVE-2006-1194 | Denial of Service vulnerability in ENet Integer signedness error in the enet_protocol_handle_incoming_commands function in protocol.c for ENet library CVS version Jul 2005 and earlier, as used in products including (1) Cube, (2) Sauerbraten, and (3) Duke3d_w32, allows remote attackers to cause a denial of service (application crash) via a packet with a large command length value, which leads to an invalid memory access. | 5.0 |
| 2006-03-13 | CVE-2006-0049 | Unspecified vulnerability in GNU Privacy Guard gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455. | 5.0 |
| 2006-03-13 | CVE-2006-0950 | Path Traversal vulnerability in Unalz 0.53 unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename. | 2.6 |
| 2006-03-13 | CVE-2006-0820 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages. network gnome | 4.3 |
| 2006-03-13 | CVE-2006-0819 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | 7.8 |
| 2006-03-13 | CVE-2006-1183 | Local Installation Password Disclosure vulnerability in Ubuntu Linux 5.10 The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. | 7.2 |