Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-25 | CVE-2006-0225 | Unspecified vulnerability in Openbsd Openssh scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. | 4.6 |
| 2006-01-25 | CVE-2006-0410 | SQL Injection vulnerability in John LIM Adodb 4.66/4.68/4.70 SQL injection vulnerability in ADOdb before 4.71, when using PostgreSQL, allows remote attackers to execute arbitrary SQL commands via unspecified attack vectors involving binary strings. | 5.0 |
| 2006-01-25 | CVE-2006-0409 | HTML Injection vulnerability in Pixelpost Photoblog 1.4.3 Cross-site scripting (XSS) vulnerability in index.php in Pixelpost Photoblog 1.4.3 allows remote attackers to inject arbitrary web script or HTML via the "Add Comment" field in a comment popup. network pixelpost | 4.3 |
| 2006-01-25 | CVE-2006-0408 | Local Privilege Escalation vulnerability in SUN Grid Engine 6.0 rsh utility in Sun Grid Engine (SGE) before 6.0u7_1 allows local users to gain privileges and execute arbitrary code via unspecified vectors, possibly involving command line arguments. | 7.2 |
| 2006-01-25 | CVE-2006-0407 | HTML Injection vulnerability in AZ Bulletin Board Cross-site scripting (XSS) vulnerability in post.php in AZ Bulletin Board (AZbb) 1.1.00 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) nickname parameter and (2) an iframe tag in the topic parameter. network azbb | 4.3 |
| 2006-01-25 | CVE-2006-0406 | Information Disclosure vulnerability in Mybulletinboard 1.0.2 search.php in MyBB 1.0.2 allows remote attackers to obtain sensitive information via a certain search request that reveals the table prefix in a SQL error message, possibly due to invalid parameters. | 5.0 |
| 2006-01-25 | CVE-2006-0405 | Denial of Service vulnerability in Libtiff 3.8.0 The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations and/or the TIFFVSetField function. | 5.0 |
| 2006-01-25 | CVE-2006-0404 | Information Disclosure vulnerability in Mike Macgirvin Note-A-Day Weblog 2.2 Note-A-Day Weblog 2.2 stores sensitive data under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to archive/.phpass-admin, which contains encrypted passwords. | 5.0 |
| 2006-01-25 | CVE-2006-0403 | SQL Injection vulnerability in E-Moblog 1.3 Multiple SQL injection vulnerabilities in e-moBLOG 1.3 allow remote attackers to execute arbitrary SQL commands via the (1) monthy parameter to index.php or (2) login parameter to admin/index.php. | 7.5 |
| 2006-01-25 | CVE-2006-0402 | SQL Injection vulnerability in Zoph 0.3.3/0.4 SQL injection vulnerability in Zoph before 0.5pre1 allows remote attackers to execute arbitrary SQL commands. | 7.5 |