Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-21 | CVE-2006-0334 | Cross-Site Scripting vulnerability in Freekrai.Net MY Amazon Store Manager 1.0 Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. network freekrai-net | 4.3 |
2006-01-21 | CVE-2006-0333 | Cross-Site Scripting vulnerability in Ar-Blog 5.2 Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. network ar-blog | 4.3 |
2006-01-21 | CVE-2006-0332 | Code Injection vulnerability in Ecartis 1.0.0Snapshot20050909 Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. | 6.4 |
2006-01-21 | CVE-2006-0331 | Denial-Of-Service vulnerability in Thiago Melo DE Paula Change Passwd 3.1 Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | 4.6 |
2006-01-21 | CVE-2006-0330 | HTML Injection vulnerability in Gallery User Name Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). network gallery-project | 4.3 |
2006-01-21 | CVE-2006-0329 | SQL Injection vulnerability in Hitachi HITSENSER Data Mart Server SQL injection vulnerability in HITSENSER Data Mart Server BS, BS-S, BS-M, BS-L, and EX allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2006-01-21 | CVE-2006-0328 | Remote Format String vulnerability in Philippe Jounin Tftpd32 2.81 Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | 5.0 |
2006-01-21 | CVE-2006-0327 | Information Disclosure vulnerability in Typo3 3.7.1/3.8.1 TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | 5.0 |
2006-01-20 | CVE-2006-0325 | OS Command Injection vulnerability in Etomite Etomite Content Management System 0.6, and possibly earlier versions, when downloaded from the web site in January 2006 after January 10, contains a back door in manager/includes/todo.inc.php, which allows remote attackers to execute arbitrary commands via the "cij" parameter. | 7.5 |
2006-01-20 | CVE-2006-0045 | Command Execution vulnerability in Linley Henzell Dungeon Crawl 4.0.0B23 crawl before 4.0.0 does not securely call programs when saving and loading games, which allows local users to gain privileges. | 7.2 |