Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-13 | CVE-2006-0656 | Directory Traversal vulnerability in HP Systems Insight Manager 4.2/5.0 Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | 5.0 |
2006-02-13 | CVE-2006-0655 | Input Validation vulnerability in Hinton Design PHPht Topsites 1.3 Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network hinton-design | 4.3 |
2006-02-13 | CVE-2006-0654 | Input Validation vulnerability in Hinton Design PHPht Topsites 1.3 check.php in Hinton Design phpht Topsites 1.3 does not validate passwords when using cookies, which allows remote attackers to bypass authentication via unspecified cookies. | 7.5 |
2006-02-13 | CVE-2006-0653 | Input Validation vulnerability in Hinton Design PHPht Topsites 1.3 Multiple SQL injection vulnerabilities in Hinton Design phpht Topsites 1.3 allow remote attackers to execute arbitrary SQL commands via multiple vectors including the username parameter. | 7.5 |
2006-02-13 | CVE-2006-0652 | Information Disclosure vulnerability in Whmcompletesolution 2.0/2.1/2.2 WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. | 6.5 |
2006-02-13 | CVE-2006-0651 | SQL Injection vulnerability in vwdev SQL injection vulnerability in index.php in vwdev allows remote attackers to execute arbitrary SQL commands via the UID parameter in the definition Page. | 7.5 |
2006-02-13 | CVE-2006-0650 | Cross-Site Scripting vulnerability in CPAINT TYPE.PHP Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. network cpaint | 4.3 |
2006-02-13 | CVE-2006-0649 | Cross-Site Scripting vulnerability in DataparkSearch Engine Search Template Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network dataparksearch | 4.3 |
2006-02-13 | CVE-2006-0648 | Remote File Include vulnerability in PHP Icalendar PHP Icalendar 2.0/2.0.1/2.1 Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | 5.0 |
2006-02-13 | CVE-2006-0647 | Remote Denial Of Service vulnerability in SUN Java System Directory Server 5.2 LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite. | 5.0 |