Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-07 | CVE-2006-1048 | Security Bypass vulnerability in Joomla Joomla! 1.0.7 and earlier allows attackers to bypass intended access restrictions and gain certain privileges via certain attack vectors related to the (1) Weblink, (2) Polls, (3) Newsfeeds, (4) Weblinks, (5) Content, (6) Content Section, (7) Content Category, (8) Contact items, or (9) Contact Search, (10) Content Search, (11) Newsfeed Search, or (12) Weblink Search. | 5.0 |
2006-03-07 | CVE-2006-1047 | Remote Security vulnerability in Joomla Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. | 10.0 |
2006-03-07 | CVE-2006-1046 | Remote Denial Of Service vulnerability in Monopd 0.9.3 server.cpp in Monopd 0.9.3 allows remote attackers to cause a denial of service (CPU and memory consumption) via a string containing a large number of characters that are escaped when Monopd produces XML output. | 5.0 |
2006-03-07 | CVE-2006-1045 | Remote Information Disclosure vulnerability in Mozilla Thunderbird 1.5 The HTML rendering engine in Mozilla Thunderbird 1.5, when "Block loading of remote images in mail messages" is enabled, does not properly block external images from inline HTML attachments, which could allow remote attackers to obtain sensitive information, such as application version or IP address, when the user reads the email and the external image is accessed. | 2.6 |
2006-03-07 | CVE-2006-1044 | Multiple Unspecified vulnerability in Lsoft Listserv 14.3/14.4 Multiple buffer overflows in LISTSERV 14.3 and 14.4, including LISTSERV Lite and HPO, with the web archive interface enabled, allow remote attackers to execute arbitrary code via unknown attack vectors related to the WA CGI. | 7.5 |
2006-03-07 | CVE-2006-1043 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Visual Interdev and Visual Studio Stack-based buffer overflow in Microsoft Visual Studio 6.0 and Microsoft Visual InterDev 6.0 allows user-assisted attackers to execute arbitrary code via a long DataProject field in a (1) Visual Studio Database Project File (.dbp) or (2) Visual Studio Solution (.sln). | 5.1 |
2006-03-07 | CVE-2006-1042 | Input Validation vulnerability in Gregarius 0.5.2 Multiple SQL injection vulnerabilities in Gregarius 0.5.2 allow remote attackers to execute arbitrary SQL commands via the (1) folder parameter to feed.php or (2) rss_query parameter to search.php. | 6.4 |
2006-03-07 | CVE-2006-1041 | Input Validation vulnerability in Gregarius 0.5.2 Multiple cross-site scripting (XSS) vulnerabilities in Gregarius 0.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) rss_query parameter to search.php or (2) tag parameter to tags.php. network gregarius | 4.3 |
2006-03-07 | CVE-2006-1040 | HTML Injection vulnerability in Jelsoft Vbulletin 3.0.12/3.5.3 Cross-site scripting (XSS) vulnerability in vBulletin 3.0.12 and 3.5.3 allows remote attackers to inject arbitrary web script or HTML via the email field, which is injected in profile.php but not sanitized in sendmsg.php. network jelsoft | 4.3 |
2006-03-07 | CVE-2006-1039 | Code Injection vulnerability in SAP web Application Server 6.10/6.20/6.40 SAP Web Application Server (WebAS) Kernel before 7.0 allows remote attackers to inject arbitrary bytes into the HTTP response and obtain sensitive authentication information, or have other impacts, via a ";%20" followed by encoded HTTP headers. | 6.4 |