Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-22 | CVE-2006-0841 | Input Validation vulnerability in Mantis Multiple cross-site scripting (XSS) vulnerabilities in Mantis 1.00rc4 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) hide_status, (2) handler_id, (3) user_monitor, (4) reporter_id, (5) view_type, (6) show_severity, (7) show_category, (8) show_status, (9) show_resolution, (10) show_build, (11) show_profile, (12) show_priority, (13) highlight_changed, (14) relationship_type, and (15) relationship_bug parameters in (a) view_all_set.php; the (16) sort parameter in (b) manage_user_page.php; the (17) view_type parameter in (c) view_filters_page.php; and the (18) title parameter in (d) proj_doc_delete.php. network mantis | 4.3 |
| 2006-02-22 | CVE-2006-0840 | Input Validation vulnerability in Mantis manage_user_page.php in Mantis 1.00rc4 and earlier does not properly handle a sort parameter containing a ' (quote) character, which allows remote attackers to trigger a SQL error that may be repeatedly reported to a user who makes subsequent web accesses with the MANTIS_MANAGE_COOKIE cookie. | 5.0 |
| 2006-02-22 | CVE-2006-0839 | Unspecified vulnerability in Sourcefire Snort 2.4.3 The frag3 preprocessor in Sourcefire Snort 2.4.3 does not properly reassemble certain fragmented packets with IP options, which allows remote attackers to evade detection of certain attacks, possibly related to IP option lengths. | 5.0 |
| 2006-02-22 | CVE-2006-0838 | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 stores cleartext passwords in the (1) CMS_DBPASS, (2) CMSM_DBPASS, and (3) RPT_DBPASS fields in /etc/neusecure.conf, and in (4) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to gain privileges. | 2.1 |
| 2006-02-22 | CVE-2006-0837 | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 has world-readable permissions for (1) /etc/neusecure.conf, (2) /opt/NeuSecure/etc/cms-3.0.236.buildconf, and (3) /opt/NeuSecure/bin/ns_archiver.log, which allows local users to read sensitive information such as passwords. | 2.1 |
| 2006-02-22 | CVE-2006-0836 | Remote Denial of Service vulnerability in Mozilla Thunderbird 1.5 Mozilla Thunderbird 1.5 allows user-assisted attackers to cause an unspecified denial of service by tricking the user into importing an LDIF file with a long field into the address book, as demonstrated by a long homePhone field. | 2.6 |
| 2006-02-22 | CVE-2006-0835 | SQL Injection vulnerability in Web Calendar Pro Dropbase.PHP SQL injection vulnerability in dropbase.php in MitriDAT Web Calendar Pro allows remote attackers to modify internal SQL queries and cause a denial of service (inaccessible database) via the tabls parameter. | 7.5 |
| 2006-02-22 | CVE-2006-0834 | Information Disclosure vulnerability in Uip1868p Uniden UIP1868P VoIP Telephone and Router has a default password of admin for the web-based configuration utility, which allows remote attackers to obtain sensitive information on the device such as telephone numbers called, and possibly connect to other hosts. | 7.5 |
| 2006-02-22 | CVE-2006-0833 | HTML Injection vulnerability in Boonex Barracuda Directory 1.1 Multiple cross-site scripting (XSS) vulnerabilities in Barracuda Directory 1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors to the (1) Add URL and (2) Suggest Category module. network boonex | 4.3 |
| 2006-02-22 | CVE-2006-0832 | SQL Injection vulnerability in Webpagecity WPC easy Multiple SQL injection vulnerabilities in admin.asp in WPC.easy allow remote attackers to execute arbitrary SQL commands via the (1) uid and (2) pwd parameter. | 7.5 |