Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-16 | CVE-2006-0222 | Cross-Site Scripting vulnerability in AlstraSoft Template Seller Pro Fullview.PHP Cross-site scripting (XSS) vulnerability in fullview.php in AlstraSoft Template Seller Pro allows remote attackers to inject arbitrary web script or HTML via the tempid parameter. network alstrasoft | 4.3 |
| 2006-01-16 | CVE-2006-0221 | SQL Injection vulnerability in DDSN Interactive CM3CMS Admin Panel Index.ASP SQL injection vulnerability in index.asp in the Admin Panel in Dragon Design Services Network (DDSN) cm3 content manager (CM3CMS) allows remote attackers to execute arbitrary SQL commands via the (1) username or (2) password. | 7.5 |
| 2006-01-16 | CVE-2006-0220 | Input Validation vulnerability in DCP Portal Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3 through 6.1.1 allow remote attackers to inject arbitrary web script or HTML via (1) the day parameter in calendar.php and (2) the input form in search.php. network codeworx-technologies | 4.3 |
| 2006-01-16 | CVE-2006-0219 | SQL Injection vulnerability in MyBB Usercp.PHP The original distribution of MyBulletinBoard (MyBB) to update from older versions to 1.0.2 omits or includes older versions of certain critical files, which allows attackers to conduct (1) SQL injection attacks via an attachment name that is not properly handled by inc/functions_upload.php (CVE-2005-4602), and possibly (2) other attacks related to threadmode in usercp.php. | 7.5 |
| 2006-01-16 | CVE-2006-0218 | SQL-Injection vulnerability in MyBB Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. | 10.0 |
| 2006-01-16 | CVE-2006-0217 | Cross-Site Scripting vulnerability in Ultimate Auction Ultimate Auction 3.67 Multiple cross-site scripting (XSS) vulnerabilities in Ultimate Auction 3.67 allow remote attackers to inject arbitrary web script or HTML via the (1) item parameter in item.pl and (2) category parameter in itemlist.pl, which reflects the XSS in an error message. network ultimate-auction | 4.3 |
| 2006-01-16 | CVE-2006-0216 | Information Disclosure vulnerability in Qualityebiz Quality PPC 1.0Build1644 admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to obtain sensitive information, possibly the installation path of the application, via unspecified "meta characters" to the cpage parameter. | 5.0 |
| 2006-01-16 | CVE-2006-0215 | Cross-Site Scripting vulnerability in Qualityebiz Quality PPC 1.0Build1644 Cross-site scripting (XSS) vulnerability in admin.php in QualityEBiz Quality PPC (QPPC) 1.0 build 1644 allows remote attackers to inject arbitrary web script or HTML via the cpage parameter. network qualityebiz | 4.3 |
| 2006-01-15 | CVE-2006-0214 | Unspecified vulnerability in Indexcor Ezdatabase 2.0/2.1.2 Eval injection vulnerability in ezDatabase 2.0 and earlier allows remote attackers to execute arbitrary PHP code via the db_id parameter to visitorupload.php, as demonstrated using phpinfo and include function calls. | 7.5 |
| 2006-01-14 | CVE-2006-0213 | Local Security vulnerability in Kolab Groupware Server 2.0.1/2.0.2 Kolab Server 2.0.1, 2.0.2 and development versions pre-2.1-20051215 and earlier, when authenticating users via secure SMTP, stores authentication credentials in plaintext in the postfix.log file, which allows local users to gain privileges. | 4.6 |