Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-09 | CVE-2006-1084 | Input Validation and Information Disclosure vulnerability in PHP-Stats Multiple SQL injection vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the option[prefix] parameter in admin.php and other unspecified PHP scripts, and (2) the PC_REMOTE_ADDR HTTP header to click.php. | 7.5 |
| 2006-03-09 | CVE-2006-1083 | Input Validation and Information Disclosure vulnerability in PHP-Stats Multiple directory traversal vulnerabilities in PHP-Stats 0.1.9.1 and earlier allow remote attackers to read and possibly execute arbitrary files via a .. | 7.5 |
| 2006-03-09 | CVE-2006-1082 | Cross-Site Scripting vulnerability in PHParcadescript 2.0 Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts. network phparcadescript | 4.3 |
| 2006-03-09 | CVE-2006-1081 | SQL Injection vulnerability in Jonathan Beckett Pluggedout Nexus 0.1 SQL injection vulnerability in forgotten_password.php in Jonathan Beckett PluggedOut Nexus 0.1 allows remote attackers to execute arbitrary SQL commands via the email parameter. | 7.5 |
| 2006-03-09 | CVE-2006-1077 | HTML Injection vulnerability in Evo-Dev evoBlog Comment Post Multiple cross-site scripting (XSS) vulnerabilities in the commentary in Evo-Dev evoBlog allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter and (2) other unspecified parameters. network evo-dev | 4.3 |
| 2006-03-09 | CVE-2006-1076 | SQL Injection vulnerability in Invision Power Services Invision Power Board 2.1.5 SQL injection vulnerability in index.php, possibly during a showtopic operation, in Invision Power Board (IPB) 2.1.5 allows remote attackers to execute arbitrary SQL commands via the st parameter. | 7.5 |
| 2006-03-09 | CVE-2006-1075 | Remote Format String vulnerability in Liero Xtreme Format string vulnerability in the visualization function in Jason Boettcher Liero Xtreme 0.62b and earlier allows remote attackers to execute arbitrary code via format string specifiers in (1) a nickname, (2) a dedicated server name, or (3) a mapname in a level (aka .lxl) file. | 7.5 |
| 2006-03-09 | CVE-2006-1074 | Remote Denial Of Service vulnerability in Liero Xtreme Jason Boettcher Liero Xtreme 0.62b and earlier allow remote attackers to cause a denial of service (application crash or hang) via a long argument to the connect command. | 5.0 |
| 2006-03-09 | CVE-2006-0746 | Multiple Unspecified vulnerability in Retired - KPDF Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627. | 7.5 |
| 2006-03-08 | CVE-2006-1071 | Cross-Site Scripting vulnerability in Dvguestbook 1.2.2 Cross-site scripting (XSS) vulnerability in index.php in DVguestbook 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network dvguestbook | 4.3 |