Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-07 | CVE-2006-1021 | Cross-Site Scripting vulnerability in Pehepe Membership Management System and Uyelik Sistemi Cross-site scripting (XSS) vulnerability in sol_menu.php in PeHePe Uyelik Sistemi (aka PeHePe MemberShip Management System) 3 allows remote attackers to inject arbitrary web script or HTML via the kuladi parameter ($kul_adi variable). network pehepe | 4.3 |
| 2006-03-07 | CVE-2006-1020 | SQL Injection vulnerability in Johnny Vegas Forum 1.0 SQL injection vulnerability in forumlib.php in Johnny_Vegas Vegas Forum 1.0 allows remote attackers to execute arbitrary SQL commands via the postid parameter. | 7.5 |
| 2006-03-07 | CVE-2006-1019 | HTML Injection vulnerability in Ukiweb Ukiboard 3.0.1 Cross-site scripting (XSS) vulnerability in fce.php in UKiBoard 3.0.1 allows remote attackers to inject arbitrary web script or HTML via a BBCode url tag when using the show_post function. network ukiweb | 4.3 |
| 2006-03-07 | CVE-2006-1018 | SQL Injection vulnerability in Dci-Designs Dawaween 1.03 SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a diwan view action. | 7.5 |
| 2006-03-07 | CVE-2006-1017 | Unspecified vulnerability in PHP The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. | 9.3 |
| 2006-03-07 | CVE-2006-1016 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument. | 7.5 |
| 2006-03-07 | CVE-2006-1015 | Security Bypass vulnerability in PHP Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary files via the sendmail -C and -X arguments. | 6.4 |
| 2006-03-07 | CVE-2006-1014 | Security Bypass vulnerability in PHP Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and create arbitrary files by providing extra -C and -X arguments to sendmail. | 3.2 |
| 2006-03-07 | CVE-2006-1013 | Unspecified vulnerability in Smartblog 1.2 PHP remote file include vulnerability in index.php in SMartBlog (aka SMBlog) 1.2 allows remote attackers to include and execute arbitrary PHP files via (1) the pg parameter and (2) a query string without a parameter. | 7.5 |
| 2006-03-06 | CVE-2006-0815 | Remote Script Disclosure vulnerability in Networkactiv web Server 3.5.15 NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension. | 5.0 |