Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-07 | CVE-2006-1038 | Buffer Overflow vulnerability in Van Dyke SecureCRT and SecureFX Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. | 10.0 |
| 2006-03-07 | CVE-2006-1037 | Multiple vulnerability in Oracle Diagnostics and E-Business Suite SQL injection vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
| 2006-03-07 | CVE-2006-1036 | Multiple vulnerability in Oracle Diagnostics 2.0/2.1/2.2 Multiple unspecified vulnerabilities in the Oracle Diagnostics module 2.2 and earlier have unknown impact and attack vectors, related to "permissions." | 7.5 |
| 2006-03-07 | CVE-2006-1035 | Multiple vulnerability in Oracle Diagnostics and E-Business Suite Unspecified vulnerability in the Oracle Diagnostics module 2.2 and earlier allows remote attackers to access diagnostics tests via unknown attack vectors. | 7.5 |
| 2006-03-07 | CVE-2006-1034 | Cross-Site Scripting vulnerability in Woltlab Burning Board Multiple cross-site scripting (XSS) vulnerabilities in Woltlab Burning Board (wBB) allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to galerie_index.php and possibly (2) galerie_onfly.php. network woltlab | 4.3 |
| 2006-03-07 | CVE-2006-1033 | Cross-Site Scripting vulnerability in CPG Dragonfly CMS Multiple cross-site scripting (XSS) vulnerabilities in Dragonfly CMS before 9.0.6.1 allow remote attackers to inject arbitrary web script or HTML via (1) uname, (2) error, (3) profile or (4) the username filed parameter to the (a) Your_Account module, (5) catid, (6) sid, (7) Story Text or (8) Extended text text fields in the (b) News module, (9) month, (10) year or (11) sa parameter to the (c) Stories_Archive module, (12) show, (13) cid, (14) ratetype, or (15) orderby parameter to the (d) Web_Links module, (16) op, or (17) pollid parameter to the (e) Surveys module, (18) c parameter to the (f) Downloads module, (19) meta, or (20) album parameter to the (g) coppermine module, or the search box in the (21) Search, (22) Stories_Archive, (23) Downloads, and (24) Topics module. network cpg-nuke | 4.3 |
| 2006-03-07 | CVE-2006-1032 | Remote Code Execution vulnerability in PHPrpc 0.7/0.8/0.9 Eval injection vulnerability in the decode function in rpc_decoder.php for phpRPC 0.7 and earlier, as used by runcms, exoops, and possibly other programs, allows remote attackers to execute arbitrary PHP code via the base64 tag. | 7.5 |
| 2006-03-07 | CVE-2006-1031 | Code Injection vulnerability in Igenus Webmail 2.0/2.01/2.02 config/config_inc.php in iGENUS Webmail 2.02 and earlier allows remote attackers to include arbitrary local files via the SG_HOME parameter. | 7.5 |
| 2006-03-07 | CVE-2006-0047 | Resource Management Errors vulnerability in Freeciv packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values. | 5.0 |
| 2006-03-07 | CVE-2006-0883 | Resource Management Errors vulnerability in multiple products OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting multiple times to the SSH server, waiting for the password prompt, then disconnecting. | 5.0 |