Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-20 | CVE-2006-0801 | Input Validation vulnerability in PostNuke SQL injection vulnerability in the NS-Languages module for PostNuke 0.761 and earlier, when magic_quotes_gpc is off, allows remote attackers to execute arbitrary SQL commands via the language parameter to admin.php. | 5.1 |
2006-02-20 | CVE-2006-0800 | Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke Interpretation conflict in PostNuke 0.761 and earlier allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML tags with a trailing "<" character, which is interpreted as a ">" character by some web browsers but bypasses the blacklist protection in (1) the pnVarCleanFromInput function in pnAPI.php, (2) the pnSecureInput function in pnAntiCracker.php, and (3) the htmltext parameter in an edituser operation to user.php. | 2.6 |
2006-02-19 | CVE-2006-0799 | Unspecified vulnerability in Microsoft Internet Explorer 6.0.2900 Microsoft Internet Explorer allows remote attackers to spoof a legitimate URL in the status bar and conduct a phishing attack via a web page with an anchor element with a legitimate "href" attribute, a form whose action points to a malicious URL, and an INPUT submit element that is modified to look like a legitimate URL. | 4.0 |
2006-02-19 | CVE-2006-0798 | Directory Traversal vulnerability in Macallan Mail Solution IMAP Commands Multiple directory traversal vulnerabilities in the IMAP service in Macallan Mail Solution before 4.8.05.004 allow remote authenticated users to read e-mails of other users or create, modify, or delete directories via a .. | 5.5 |
2006-02-19 | CVE-2006-0797 | Remote Denial of Service vulnerability in Nokia N70 L2CAP Packets Nokia N70 cell phone allows remote attackers to cause a denial of service (reboot or shutdown) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet whose length field is less than the actual length of the packet, possibly triggering a buffer overflow, as demonstrated using the Bluetooth Stack Smasher (BSS). | 7.8 |
2006-02-19 | CVE-2006-0796 | HTML Injection vulnerability in Clever Copy Clever Copy 3.0 Cross-site scripting (XSS) vulnerability in default.php in Clever Copy 3.0 allows remote attackers to inject arbitrary web script or HTML via the Subject field when sending private messages (privatemessages.php). network clever-copy | 4.3 |
2006-02-19 | CVE-2006-0795 | Path Traversal vulnerability in Thomastsoi Quirex 2.0 Absolute path traversal vulnerability in convert.cgi in Quirex 2.0.2 and earlier allows remote attackers to read arbitrary files, and possibly execute arbitrary code, via the (1) quiz_head, (2) quiz_foot, and (3) template variables. | 5.0 |
2006-02-19 | CVE-2006-0794 | Remote Security vulnerability in V-Webmail 1.6.1/1.6.2 help.php in V-webmail 1.6.2 allows remote attackers to obtain the installation path via unspecified invalid parameters. | 5.0 |
2006-02-19 | CVE-2006-0793 | Cross-Site Scripting vulnerability in V-Webmail 1.6.1/1.6.2 frameset.php in V-webmail 1.6.2 allows remote attackers to conduct phishing attacks by referencing arbitrary websites in the rframe parameter. | 5.0 |
2006-02-19 | CVE-2006-0792 | Cross-Site Scripting vulnerability in V-Webmail 1.6.1/1.6.2 Cross-site scripting (XSS) vulnerability in preferences.personal.php in V-webmail 1.6.2 allows remote attackers to inject arbitrary web script or HTML via the newid parameter. network v-webmail | 4.3 |