Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-15 | CVE-2006-0708 | Denial of Service vulnerability in Nullsoft Winamp M3U File Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476. | 9.3 |
2006-02-15 | CVE-2006-0707 | Information Exposure vulnerability in Pyblosxom 1.2.1/1.3 PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | 5.0 |
2006-02-15 | CVE-2006-0706 | Cross-Site Scripting vulnerability in Gastebuch Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter. | 4.3 |
2006-02-15 | CVE-2006-0705 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | 6.5 |
2006-02-15 | CVE-2006-0704 | Information Disclosure vulnerability in IE Integrator 4.4.220114 iE Integrator 4.4.220114, when configured without a "bespoke error page" in acm.ini, allows remote attackers to obtain sensitive information via a URL that calls a non-existent .aspx script in the integrator/apps directory, which results in an error message that displays the installation path, web server name, IP, and port, session cookie information, and the IIS system username. | 2.6 |
2006-02-15 | CVE-2006-0703 | Multiple vulnerability in Imagevue 0.16.1 Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. network imagevue | 4.3 |
2006-02-15 | CVE-2006-0702 | Multiple vulnerability in Imagevue 0.16.1 admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. | 5.0 |
2006-02-15 | CVE-2006-0701 | Multiple vulnerability in Imagevue 0.16.1 readfolder.php in imageVue 16.1 allows remote attackers to list directories via modified path and ext parameters. | 5.0 |
2006-02-15 | CVE-2006-0700 | Permissions, Privileges, and Access Controls vulnerability in Imagevue 0.16.1 imageVue 16.1 allows remote attackers to obtain folder permission settings via a direct request to dir.php, which returns an XML document that lists folders and their permissions. | 5.0 |
2006-02-15 | CVE-2006-0699 | Cross-Site Scripting vulnerability in QwikiWiki Cross-site scripting (XSS) vulnerability in search.php in QWikiWiki 1.5, and possibly 1.5.1 and other versions, allows remote attackers to inject arbitrary web script or HTML via the query parameter. network david-barrett | 4.3 |