Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-24 | CVE-2006-0875 | Cross-Site Scripting vulnerability in RunCMS Cross-site scripting vulnerability in ratefile.php in RunCMS 1.3a5 allows remote attackers to inject arbitrary web script or HTML via the lid parameter. | 5.0 |
| 2006-02-24 | CVE-2006-0873 | File Include vulnerability in Coppermine Photo Gallery 1.4.3 Absolute path traversal vulnerability in docs/showdocs.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via the f parameter, and possibly remote files using UNC share pathnames. | 5.0 |
| 2006-02-24 | CVE-2006-0872 | File Include vulnerability in Coppermine Photo Gallery 1.4.3 Directory traversal vulnerability in init.inc.php in Coppermine Photo Gallery 1.4.3 and earlier allows remote attackers to include arbitrary files via a .. | 5.0 |
| 2006-02-24 | CVE-2006-0871 | Path Traversal vulnerability in Mambo 4.5.3H Directory traversal vulnerability in the _setTemplate function in Mambo 4.5.3, 4.5.3h, and possibly earlier versions allows remote attackers to read and include arbitrary files via the mos_change_template parameter. | 6.4 |
| 2006-02-24 | CVE-2006-0813 | Buffer Errors vulnerability in Winace 2.60 Heap-based buffer overflow in WinACE 2.60 allows user-assisted attackers to execute arbitrary code via a large header block in an ARJ archive. | 5.1 |
| 2006-02-24 | CVE-2006-0377 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail CRLF injection vulnerability in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary IMAP commands via newline characters in the mailbox parameter of the sqimap_mailbox_select command, aka "IMAP injection." | 5.0 |
| 2006-02-24 | CVE-2006-0300 | Buffer Overflow vulnerability in GNU Tar Invalid Headers Buffer overflow in tar 1.14 through 1.15.90 allows user-assisted attackers to cause a denial of service (application crash) and possibly execute code via unspecified vectors involving PAX extended headers. | 5.1 |
| 2006-02-24 | CVE-2006-0195 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail Interpretation conflict in the MagicHTML filter in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via style sheet specifiers with invalid (1) "/*" and "*/" comments, or (2) a newline in a "url" specifier, which is processed by certain web browsers including Internet Explorer. network squirrelmail | 4.3 |
| 2006-02-24 | CVE-2006-0188 | Cross-Site Scripting and IMAP Injection vulnerability in SquirrelMail webmail.php in SquirrelMail 1.4.0 to 1.4.5 allows remote attackers to inject arbitrary web pages into the right frame via a URL in the right_frame parameter. network squirrelmail | 4.3 |
| 2006-02-23 | CVE-2006-0870 | SQL Injection vulnerability in MiniNuke CMS Pages.ASP SQL injection vulnerability in pages.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |