Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-20 | CVE-2006-0019 | Remote Heap Overflow vulnerability in KDE KJS Encodeuri / Decodeuri Heap-based buffer overflow in the encodeURI and decodeURI functions in the kjs JavaScript interpreter engine in KDE 3.2.0 through 3.5.0 allows remote attackers to execute arbitrary code via a crafted, UTF-8 encoded URI. | 7.5 |
2006-01-19 | CVE-2006-0324 | SQL Injection vulnerability in Webspot Webspotblogging 3.0 SQL injection vulnerability in WebspotBlogging 3.0 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter to login.php. | 7.5 |
2006-01-19 | CVE-2006-0322 | Unspecified vulnerability in Mediawiki Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." | 5.0 |
2006-01-19 | CVE-2006-0320 | SQL Injection vulnerability in Bit 5 Blog SQL injection vulnerability in admin/processlogin.php in Bit 5 Blog 8.01 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameter. | 7.5 |
2006-01-19 | CVE-2006-0319 | Directory Traversal vulnerability in Farmers Wife Farmers Wife 4.4Sp1 Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | 5.0 |
2006-01-19 | CVE-2006-0318 | SQL Injection vulnerability in Insane Visions Blogphp 1.0 SQL injection vulnerability in index.php in BlogPHP 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the username parameter in a login action. | 7.5 |
2006-01-19 | CVE-2006-0317 | Cross-Site Scripting vulnerability in Redkernel Referrer Tracker 1.1.03 Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. network redkernel | 4.3 |
2006-01-19 | CVE-2006-0316 | Buffer Overflow vulnerability in AOL Client Software 8.0/9.0 Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors. | 10.0 |
2006-01-19 | CVE-2006-0315 | Cross-Site Scripting vulnerability in EZDatabase index.php in EZDatabase before 2.1.2 does not properly cleanse the p parameter before constructing and including a .php filename, which allows remote attackers to conduct directory traversal attacks, and produces resultant cross-site scripting (XSS) and path disclosure. network indexcor | 5.8 |
2006-01-19 | CVE-2006-0314 | SQL-Injection vulnerability in pdfdirectory PDFdirectory before 1.0 stores sensitive data in plaintext, which allows remote attackers to obtain arbitrary users' passwords by direct queries to the database, possibly via one of the SQL injection vulnerabilities. | 7.5 |