Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-09 | CVE-2006-1106 | Input Validation vulnerability in Pixelpost Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. network pixelpost | 4.3 |
2006-03-09 | CVE-2006-1105 | Input Validation vulnerability in Pixelpost Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. | 5.0 |
2006-03-09 | CVE-2006-1104 | Input Validation vulnerability in Pixelpost Multiple SQL injection vulnerabilities in Pixelpost 1.5 beta 1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the showimage parameter in index.php; and the (2) USER_AGENT, (3) HTTP_REFERER, and (4) HTTP_HOST HTTP header fields as used in the book_vistor function in includes/functions.php. | 7.5 |
2006-03-09 | CVE-2006-1103 | Remote vulnerability in Sauerbraten Cube and Sauerbraten engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference. | 5.0 |
2006-03-09 | CVE-2006-1102 | Remote vulnerability in Sauerbraten Cube and Sauerbraten Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | 5.0 |
2006-03-09 | CVE-2006-1101 | Remote vulnerability in Sauerbraten Cube and Sauerbraten The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint. | 5.0 |
2006-03-09 | CVE-2006-1100 | Remote vulnerability in Sauerbraten Cube and Sauerbraten Buffer overflow in the sgetstr function in shared/cube.h in Sauerbraten 2006_02_28 and earlier, as derived from the Cube engine, allows remote attackers to execute arbitrary code via long streams of input data. | 7.5 |
2006-03-09 | CVE-2006-1099 | Remote File Include vulnerability in Logit 1.3/1.4 PHP remote file include vulnerability in logIT 1.3 and 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the pg parameter. | 7.5 |
2006-03-09 | CVE-2006-1097 | Cross-Site Scripting vulnerability in Datenbank Module Datenbank Module Mod2.7 Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. network datenbank-module | 4.3 |
2006-03-09 | CVE-2006-1095 | Path Traversal vulnerability in Apache MOD Python 3.2.7 Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie. | 7.2 |