Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-27 | CVE-2006-0450 | Denial-Of-Service vulnerability in phpBB phpBB 2.0.19 and earlier allows remote attackers to cause a denial of service (application crash) by (1) registering many users through profile.php or (2) using search.php to search in a certain way that confuses the database. | 5.0 |
| 2006-01-27 | CVE-2006-0449 | Remote vulnerability in E-Post MailServer Early termination vulnerability in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allows remote attackers to cause a denial of service (infinite loop) by sending an APPEND command and disconnecting before the expected amount of data is sent. | 5.0 |
| 2006-01-27 | CVE-2006-0448 | Remote vulnerability in E-Post MailServer Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. | 7.5 |
| 2006-01-27 | CVE-2006-0447 | Remote vulnerability in E-Post Corporation Mail Server, Smtp Server and Spa-Pro Mail Atsolomon Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. | 7.5 |
| 2006-01-27 | CVE-2006-0446 | Remote Arbitrary Command Execution vulnerability in Webwork 2.1.3/2.2Pre1 Unspecified vulnerability in WeBWorK 2.1.3 and 2.2-pre1 allows remote privileged attackers to execute arbitrary commands as the web server via unknown attack vectors. | 6.5 |
| 2006-01-26 | CVE-2006-0445 | Input Validation vulnerability in PHPclanwebsite 1.23.1 index.php in Phpclanwebsite 1.23.1 allows remote authenticated users to obtain the installation path by specifying an invalid file name to the uploader page, as demonstrated by "\", which will display the full path of uploader.php. | 4.0 |
| 2006-01-26 | CVE-2006-0444 | Input Validation vulnerability in PHPclanwebsite 1.23.1 SQL injection vulnerability in index.php in Phpclanwebsite (aka PCW) 1.23.1 allows remote attackers to execute arbitrary SQL commands via the (1) par parameter in the post function on the forum page and possibly the (2) poll_id parameter on the poll page. network phpclanwebsite | 6.8 |
| 2006-01-26 | CVE-2006-0443 | HTML Injection vulnerability in Cheesyblog 1.0 Cross-site scripting (XSS) vulnerability in archive.php in CheesyBlog 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) realname and (2) comment parameters, or (3) via a javascript URI in the url parameter, when adding a comment. network cheesyblog | 4.3 |
| 2006-01-26 | CVE-2006-0442 | Cross-Site Scripting vulnerability in Mybb 1.0.2 Multiple cross-site scripting (XSS) vulnerabilities in usercp.php in MyBulletinBoard (MyBB) 1.02 allow remote attackers to inject arbitrary web script or HTML via the (1) notepad parameter in a notepad action and (2) signature parameter in an editsig action. | 4.3 |
| 2006-01-26 | CVE-2006-0441 | Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.1 Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | 7.5 |