Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-09 | CVE-2006-1128 | Unspecified vulnerability in Gallery Project Gallery Directory traversal vulnerability in the session handling class (GallerySession.class) in Gallery 2 up to 2.0.2 allows remote attackers to access and delete files by specifying the session in a cookie, which is used in constructing file paths before the session value is sanitized. | 6.4 |
2006-03-09 | CVE-2006-1127 | HTML Injection vulnerability in Gallery Album Comments Cross-site scripting (XSS) vulnerability in Gallery 2 up to 2.0.2 allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is not properly handled when adding a comment to an album. network gallery-project | 4.3 |
2006-03-09 | CVE-2006-1126 | Remote Security vulnerability in Gallery Project Gallery 2.0.2 Gallery 2 up to 2.0.2 allows remote attackers to spoof their IP address via a modified X-Forwarded-For (X_FORWARDED_FOR) HTTP header, which is checked by Gallery before other more reliable sources of IP address information, such as REMOTE_ADDR. | 6.4 |
2006-03-09 | CVE-2006-1124 | Remote Buffer Overflow vulnerability in RevilloC MailServer Buffer overflow in RevilloC MailServer and Proxy 1.21 allows remote attackers to execute arbitrary code via a long USER command. | 7.5 |
2006-03-09 | CVE-2006-1123 | Input Validation vulnerability in D2KBlog SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. | 10.0 |
2006-03-09 | CVE-2006-1122 | Input Validation vulnerability in D2KBlog Cross-site scripting (XSS) vulnerability in Default.asp in D2KBlog 1.0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network d2ksoft | 6.8 |
2006-03-09 | CVE-2006-1121 | Cross-Site Scripting vulnerability in Cutephp Cutenews 1.4.1 Cross-site scripting (XSS) vulnerability in CuteNews 1.4.1 allows remote attackers to inject arbitrary web script or HTML via the query string to index.php. network cutephp | 6.8 |
2006-03-09 | CVE-2006-1120 | Cross-Site Scripting vulnerability in DCP Portal Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 6.1.1 and earlier, with register_globals enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) its_url parameter in the documents page and (2) url parameter in the send_write page of (a) index.php; (3) subject, and (4) images parameters to (b) calendar.php; (5) bid, (6) replying_msg, (7) subject, (8) body, and (9) mid parameters to (c) forums.php; (10) subject and (11) message parameters to (d) inbox.php; (12) subject_color and (13) email parameters to (e) lostpassword.php; and the (14) c_name, (15) content_inicial, and (16) cid parameters to (f) mycontents.php. | 2.6 |
2006-03-09 | CVE-2006-1119 | Permissions, Privileges, and Access Controls vulnerability in Netenberg Fantastico DE Luxe fantastico in Cpanel does not properly handle when it has insufficient permissions to perform certain file operations, which allows remote authenticated users to obtain the full pathname, which is leaked in a PHP error message. | 4.0 |
2006-03-09 | CVE-2006-0743 | USE of Externally-Controlled Format String vulnerability in Apache Log4Net 1.2.9Beta Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors. | 5.0 |