Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-19 | CVE-2006-0791 | Remote File Include vulnerability in Dreamcost Hostadmin 3.0 PHP remote file inclusion vulnerability in index.php in DreamCost HostAdmin allows remote attackers to include arbitrary files via the $path variable, which is not initialized before use. | 7.5 |
2006-02-19 | CVE-2006-0790 | Remote LDAP vulnerability in Rockliffe MailSite Rockliffe MailSite 7.0 and earlier allows remote attackers to cause a denial of service by sending crafted LDAP packets to port 389/TCP, as demonstrated by the ProtoVer LDAP testsuite. | 5.0 |
2006-02-19 | CVE-2006-0789 | Remote Security vulnerability in Fs-3830N Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. | 10.0 |
2006-02-19 | CVE-2006-0788 | Unspecified vulnerability in Kyocera Fs-3830N Kyocera 3830 (aka FS-3830N) printers have a back door that allows remote attackers to read and alter configuration settings via strings that begin with "!R!SIOP0", as demonstrated using (1) a connection to to TCP port 9100 or (2) the UNIX lp command. | 5.0 |
2006-02-19 | CVE-2006-0787 | Unspecified vulnerability in Plaino Wimpy MP3 wimpy_trackplays.php in Plaino Wimpy MP3 Player, possibly 5.2 and earlier, allows remote attackers to insert arbitrary strings into trackme.txt via the (1) trackFile, (2) trackArtist, and (3) trackTitle parameters, which can result in providing false information about songs, occupying excessive disk space with very long parameter values, and storing executable code that might be invoked through a different vulnerability. | 4.0 |
2006-02-19 | CVE-2006-0786 | Remote Security vulnerability in PHPKIT Incomplete blacklist vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier, with allow_url_fopen enabled, allows remote attackers to conduct PHP remote file include attacks via a path parameter that specifies a (1) UNC share or (2) ftps URL, which bypasses the check for "http://", "ftp://", and "https://" URLs. | 5.1 |
2006-02-19 | CVE-2006-0785 | File-Upload vulnerability in PHPKIT Absolute path traversal vulnerability in include.php in PHPKIT 1.6.1 Release 2 and earlier allows remote attackers to include and execute arbitrary local files via a direct request with a path parameter with a null character and beginning with (1) '/' (slash) for an absolute pathname or (2) a drive letter (such as "C:"), which bypasses checks for ".." sequences and trailing ".php" extensions. | 6.4 |
2006-02-19 | CVE-2006-0784 | Denial Of Service vulnerability in D-Link DWL-G700AP HTTPD D-Link DWL-G700AP with firmware 2.00 and 2.01 allows remote attackers to cause a denial of service (CAMEO HTTP service crash) via a request composed of "GET" followed by a space and two newlines, possibly triggering the crash due to missing arguments. | 5.0 |
2006-02-19 | CVE-2006-0783 | HTML Injection vulnerability in Siteframe Beaumont 5.0.1/5.0.1A/5.0.2 Cross-site scripting (XSS) vulnerability in page.php in in Siteframe Beaumont, possibly 5.0.2 or 5.0.1a, allows remote attackers to inject arbitrary web script or HTML via the comment_text parameter to the user comment page (/edit/Comment). network siteframe | 4.3 |
2006-02-19 | CVE-2006-0782 | Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of (1) the reply parameter, possibly involving injection of (2) the name parameter and (3) the body parameter. | 7.5 |