Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-18 | CVE-2006-0238 | SQL Injection vulnerability in WP-Stats Author Parameter SQL injection vulnerability in wp-stats.php in GaMerZ WP-Stats 2.0 allows remote attackers to execute arbitrary SQL commands via the author parameter. | 7.5 |
| 2006-01-18 | CVE-2006-0237 | Cross-Site Scripting vulnerability in GTP iCommerce Cross-site scripting (XSS) vulnerability in index.php in GTP iCommerce allows remote attackers to inject arbitrary web script or HTML via the (1) cat and (2) subcat parameters. network gtp | 4.3 |
| 2006-01-18 | CVE-2006-0236 | Code Injection vulnerability in Mozilla Thunderbird GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that is not displayed by Thunderbird, along with an inconsistent Content-Type header, which could be used to trick a user into downloading dangerous content by dragging or saving the attachment. | 5.1 |
| 2006-01-18 | CVE-2006-0235 | SQL Injection vulnerability in White Angle White Album 2.5 SQL injection vulnerability in WhiteAlbum 2.5 allows remote attackers to execute arbitrary SQL commands via the dir parameter to pictures.php. | 7.5 |
| 2006-01-18 | CVE-2006-0234 | SQL Injection vulnerability in Microblog 2.0Rc10 SQL injection vulnerability in index.php in microBlog 2.0 RC-10 allows remote attackers to execute arbitrary SQL commands via the (1) month and (2) year parameters. | 7.5 |
| 2006-01-18 | CVE-2006-0233 | Cross-Site Scripting vulnerability in Microblog 2.0Rc10 Cross-site scripting (XSS) vulnerability in functions.php in microBlog 2.0 RC-10 allows remote attackers to inject arbitrary web script and HTML via a javascript: URI in a [url] BBcode tag. | 4.3 |
| 2006-01-17 | CVE-2006-0229 | Local Privilege Escalation vulnerability in WehnTrust Path Specification Unquoted Windows search path vulnerability in Wehntrust might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, which is run when Wehntrust creates the autostart key. | 2.1 |
| 2006-01-17 | CVE-2006-0228 | Unspecified vulnerability in Grsecurity Kernel Patch The RBAC functionality in grsecurity before 2.1.8 does not properly handle when the admin role creates a service and then exits the shell without unauthenticating, which causes the service to be restarted with the admin role still active. | 7.2 |
| 2006-01-17 | CVE-2006-0227 | Local vulnerability in Sun Solaris LPSCHED Multiple unspecified vulnerabilities in lpsched in Sun Solaris 8, 9, and 10 allow local users to delete arbitrary files or disable the LP print service via unknown attack vectors. | 2.6 |
| 2006-01-16 | CVE-2006-0223 | Path Traversal vulnerability in Topcmm Computing 123 Flash Chat Server 5.0/5.1 Directory traversal vulnerability in Shanghai TopCMM 123 Flash Chat Server Software 5.1 allows attackers to create or overwrite arbitrary files on the server via ".." (dot dot) sequences in the username field. | 5.0 |