Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-30 | CVE-2006-0301 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. | 7.5 |
| 2006-01-30 | CVE-2006-0469 | HTML Injection vulnerability in Uebimiau 2.7.9 Cross-site scripting (XSS) vulnerability in UebiMiau 2.7.9, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via a javascript: URI in the SRC attribute of an IMG tag. network uebimiau | 4.3 |
| 2006-01-30 | CVE-2006-0468 | Denial of Service vulnerability in Communigate Pro Server LDAP CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. | 7.5 |
| 2006-01-27 | CVE-2006-0466 | Cross-Site Scripting vulnerability in Goldstag Content Management System Cross-site scripting (XSS) vulnerability in search.asp in Goldstag Content Management System allows remote attackers to inject arbitrary web script or HTML via the text parameter. network goldstag | 4.3 |
| 2006-01-27 | CVE-2006-0465 | Cross-Site Scripting vulnerability in Site Manager Cross-site scripting (XSS) vulnerability in risultati_ricerca.php in active121 Site Manager allows remote attackers to inject arbitrary web script or HTML via the cerca parameter. network active121 | 4.3 |
| 2006-01-27 | CVE-2006-0464 | SQL-Injection vulnerability in Ideocontent Manager Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. | 7.5 |
| 2006-01-27 | CVE-2006-0463 | Cross-Site Scripting vulnerability in Ideocontent Manager Cross-site scripting (XSS) vulnerability in IdeoContent Manager allows remote attackers to inject arbitrary web script or HTML via the (1) goto_id parameter to index.php or (2) page parameter to news_full.php. network ideosoft-design | 4.3 |
| 2006-01-27 | CVE-2006-0462 | SQL Injection vulnerability in Andonet Blog 2004.09.02 SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter. | 7.5 |
| 2006-01-27 | CVE-2006-0461 | HTML Injection vulnerability in Pmachine Expressionengine 1.4.1 Cross-site scripting (XSS) vulnerability in core.input.php in ExpressionEngine 1.4.1 allows remote attackers to inject arbitrary web script or HTML via HTTP_REFERER (referer). network pmachine | 4.3 |
| 2006-01-27 | CVE-2006-0057 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. | 7.5 |