Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-19 | CVE-2006-0781 | Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B Directory traversal vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to read certain files via the month parameter. | 5.0 |
2006-02-19 | CVE-2006-0780 | Input Validation and Information Disclosure vulnerability in Perlblog 1.08/1.09/1.09B Multiple cross-site scripting (XSS) vulnerabilities in weblog.pl in PerlBlog 1.09b and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) email parameters. network perlblog | 4.3 |
2006-02-19 | CVE-2006-0779 | Cross-Site Scripting vulnerability in XMB Forum XMB Cross-site scripting (XSS) vulnerability in u2u.php in XMB Forums 1.9.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the username parameter, as demonstrated using a URL-encoded iframe tag. | 4.3 |
2006-02-19 | CVE-2006-0778 | Unspecified vulnerability in XMB Forum XMB Multiple SQL injection vulnerabilities in XMB Forums 1.9.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) $u2u_select array parameter to u2u.inc.php and (2) $val variable (fidpw0 cookie value) in today.php. | 7.5 |
2006-02-19 | CVE-2006-0777 | Input Validation vulnerability in Teca Scripts Guestex 1.0 Unspecified vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to execute arbitrary shell commands via the email parameter, possibly involving shell metacharacters. | 7.5 |
2006-02-19 | CVE-2006-0776 | Input Validation vulnerability in Teca Scripts Guestex 1.0 Cross-site scripting (XSS) vulnerability in guestex.pl in Teca Scripts Guestex 1.0 allows remote attackers to inject arbitrary web script or HTML via the url parameter. network teca-scripts | 4.3 |
2006-02-19 | CVE-2006-0775 | SQL Injection vulnerability in Ridder Roeland Birthsys 3.1 Multiple SQL injection vulnerabilities in show.php in BirthSys 3.1 allow remote attackers to execute arbitrary SQL commands via the $month variable. | 7.5 |
2006-02-19 | CVE-2006-0774 | SQL Injection vulnerability in Lawrence Osiris DB_eSession Class SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID. | 7.5 |
2006-02-19 | CVE-2006-0773 | Input Validation vulnerability in Hitachi Business Logic 0203/0300 Cross-site scripting (XSS) vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in the extended receiving box function. network hitachi | 4.3 |
2006-02-19 | CVE-2006-0772 | SQL Injection vulnerability in Hitachi Business Logic 0203/0300 SQL injection vulnerability in Hitachi Business Logic - Container 02-03 through 03-00-/B on Windows, and 03-00 through 03-00-/B on Linux, allows remote attackers to execute arbitrary SQL commands via unspecified vectors in the extended receiving box function. | 7.5 |