Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-21 | CVE-2006-0821 | SQL-Injection vulnerability in Bxcp 0.299 SQL injection vulnerability in index.php in BXCP 0.299 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 7.5 |
| 2006-02-21 | CVE-2006-0811 | Input Validation vulnerability in Skate Board Skate Board 0.9 Cross-site scripting (XSS) vulnerability in reguser.php in Skate Board 0.9 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters involved with the registration form. network skate-board | 4.3 |
| 2006-02-21 | CVE-2006-0810 | Input Validation vulnerability in Skate Board Skate Board 0.9 Unspecified vulnerability in config.php in Skate Board 0.9 allows remote authenticated administrators to execute arbitrary PHP code by causing certain variables in config.php to be modified, possibly due to XSS or direct static code injection. network skate-board | 3.5 |
| 2006-02-21 | CVE-2006-0809 | Input Validation vulnerability in Skate Board Skate Board 0.9 Multiple SQL injection vulnerabilities in Skate Board 0.9 allow remote attackers to execute arbitrary SQL commands via the (1) usern parameter in (a) sendpass.php, and the (2) usern and (3) passwd parameters and (4) sf_cookie cookie in (b) login.php and (c) logged.php. | 7.5 |
| 2006-02-21 | CVE-2006-0808 | Denial-Of-Service vulnerability in Mute 0.4 MUTE 0.4 allows remote attackers to cause a denial of service (messages not forwarded) and obtain sensitive information about a target by filling a client's mWebCache cache with malicious "zombie" nodes. | 6.4 |
| 2006-02-21 | CVE-2006-0807 | Buffer Errors vulnerability in Njstar Chinese Word Processor and Japanese Word Processor Stack-based buffer overflow in NJStar Chinese and Japanese Word Processor 4.x and 5.x before 5.10 allows user-assisted attackers to execute arbitrary code via font names in NJStar (.njx) documents. | 5.1 |
| 2006-02-21 | CVE-2006-0806 | Cross-Site Scripting vulnerability in John LIM Adodb Multiple cross-site scripting (XSS) vulnerabilities in ADOdb 4.71, as used in multiple packages such as phpESP, allow remote attackers to inject arbitrary web script or HTML via (1) the next_page parameter in adodb-pager.inc.php and (2) other unspecified vectors related to PHP_SELF. | 4.3 |
| 2006-02-21 | CVE-2006-0805 | Unspecified vulnerability in Francisco Burzi PHP-Nuke The CAPTCHA functionality in php-Nuke 6.0 through 7.9 uses fixed challenge/response pairs that only vary once per day based on the User Agent (HTTP_USER_AGENT), which allows remote attackers to bypass CAPTCHA controls by fixing the User Agent, performing a valid challenge/response, then replaying that pair in the random_num and gfx_check parameters. | 7.5 |
| 2006-02-21 | CVE-2006-0804 | Buffer Overflow vulnerability in TIN News Reader Off-by-one error in TIN 1.8.0 and earlier might allow attackers to execute arbitrary code via unknown vectors that trigger a buffer overflow. | 7.5 |
| 2006-02-20 | CVE-2006-0802 | Input Validation vulnerability in PostNuke Cross-site scripting (XSS) vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is enabled, allows remote attackers to inject arbitrary web script or HTML via the language parameter in a missing or translation operation. | 2.6 |