Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-26 | CVE-2006-0440 | Unspecified vulnerability in Text Rider Text Rider 2.4 Text Rider 2.4 allows attackers to bypass authentication and upload files without providing a valid password by obtaining the MD5 hash of the password (possibly via another vulnerability that reads it from a data file), then including the hash in a cookie. | 5.0 |
| 2006-01-26 | CVE-2006-0439 | Remote Security vulnerability in Text Rider Text Rider 2.4 Text Rider 2.4 stores sensitive data in the data directory under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing data/userlist.txt. | 5.0 |
| 2006-01-26 | CVE-2006-0436 | Unspecified vulnerability in HP Hp-Ux 11.00/11.11/11.4 Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors. | 7.2 |
| 2006-01-26 | CVE-2006-0435 | Unspecified vulnerability in Oracle Application Server and Http Server Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | 7.5 |
| 2006-01-26 | CVE-2006-0434 | Path Traversal vulnerability in PHPxplorer Directory traversal vulnerability in action.php in phpXplorer allows remote attackers to read arbitrary files via ".." (dot dot) sequences and null bytes in the sAction parameter, a different vulnerability than CVE-2006-0244. | 5.0 |
| 2006-01-25 | CVE-2006-0432 | Multiple vulnerability in BEA Weblogic Server 9.0 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 9.0, when an Administrator uses the WebLogic Administration Console to add custom security policies, causes incorrect policies to be created, which prevents the server from properly protecting JNDI resources. | 2.1 |
| 2006-01-25 | CVE-2006-0431 | Multiple vulnerability in BEA Weblogic Server 8.1 Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP5 allows untrusted applications to obtain the server's SSL identity via unknown attack vectors. | 2.1 |
| 2006-01-25 | CVE-2006-0430 | Multiple vulnerability in BEA Weblogic Server 7.0/8.1/9.0 Certain configurations of BEA WebLogic Server and WebLogic Express 9.0, 8.1 through SP5, and 7.0 through SP6, when connection filters are enabled, cause the server to run more slowly, which makes it easier for remote attackers to cause a denial of service (server slowdown). | 5.0 |
| 2006-01-25 | CVE-2006-0429 | Multiple vulnerability in BEA Weblogic Server 9.0 BEA WebLogic Server and WebLogic Express 9.0 causes new security providers to appear active even if they have not been activated by a server reboot, which could cause an administrator to perform inappropriate, security-relevant actions. | 2.1 |
| 2006-01-25 | CVE-2006-0428 | Multiple vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. | 7.5 |