Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-25 | CVE-2006-0380 | Local Kernel Memory Disclosure vulnerability in Freebsd 5.4/6.0 A logic error in FreeBSD kernel 5.4-STABLE and 6.0 causes the kernel to calculate an incorrect buffer length, which causes more data to be copied to userland than intended, which could allow local users to read portions of kernel memory. | 2.1 |
| 2006-01-25 | CVE-2006-0379 | Local Kernel Memory Disclosure vulnerability in Freebsd 5.4/6.0 FreeBSD kernel 5.4-STABLE and 6.0 does not completely initialize a buffer before making it available to userland, which could allow local users to read portions of kernel memory. | 2.1 |
| 2006-01-25 | CVE-2006-0418 | Remote Code Injection Weakness in 123 Flash Chat Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username. | 7.5 |
| 2006-01-25 | CVE-2006-0417 | SQL Injection vulnerability in miniBloggie Login.PHP SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | 7.5 |
| 2006-01-25 | CVE-2006-0416 | Improper Authentication vulnerability in Sleeperchat SleeperChat 0.3f and earlier allows remote attackers to bypass authentication and create new entries via the txt parameter to (1) chat_no.php and (2) chat_if.php. | 5.0 |
| 2006-01-25 | CVE-2006-0415 | Cross-Site Scripting vulnerability in SleeperChat Cross-site scripting (XSS) vulnerability in index.php in SleeperChat 0.3f and earlier allows remote attackers to inject arbitrary web script or HTML via the pseudo parameter. network sleeperchat | 4.3 |
| 2006-01-25 | CVE-2006-0414 | Information Disclosure And Denial of Service vulnerability in Trac Tor before 0.1.1.20 allows remote attackers to identify hidden services via a malicious Tor server that attempts a large number of accesses of the hidden service, which eventually causes a circuit to be built through the malicious server. | 5.0 |
| 2006-01-25 | CVE-2006-0413 | SQL Injection vulnerability in Newsphp Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | 7.5 |
| 2006-01-25 | CVE-2006-0412 | SQL Injection vulnerability in Gencbeyin web Programlama Cybershop SQL injection vulnerability in CyberShop allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
| 2006-01-25 | CVE-2006-0411 | Unspecified vulnerability in Claroline 1.7.2 claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges. | 10.0 |