Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-14 | CVE-2006-0212 | Directory Traversal vulnerability in Toshiba Bluetooth Stack Object Push Service File Upload Directory traversal vulnerability in OBEX Push services in Toshiba Bluetooth Stack 4.00.23(T) and earlier allows remote attackers to upload arbitrary files to arbitrary remote locations specified by .. | 5.0 |
2006-01-14 | CVE-2006-0210 | Cross-Site Scripting vulnerability in Interspire TrackPoint NX Cross-site scripting (XSS) vulnerability in index.php in Interspire TrackPoint NX before 0.1 allows remote attackers to inject arbitrary web script or HTML via the username parameter when using the Login page. network interspire | 4.3 |
2006-01-14 | CVE-2006-0209 | SQL Injection vulnerability in Tanklogger 2.4 SQL injection vulnerability in general_functions.php in TankLogger 2.4 allows remote attackers to execute arbitrary SQL commands via the (1) livestock_id parameter to showInfo.php and (2) tank_id parameter, possibly to livestock.php. | 7.5 |
2006-01-13 | CVE-2006-0208 | Cross-Site Scripting vulnerability in PHP Multiple cross-site scripting (XSS) vulnerabilities in PHP 4.4.1 and 5.1.1, when display_errors and html_errors are on, allow remote attackers to inject arbitrary web script or HTML via inputs to PHP applications that are not filtered when they are included in the resulting error message. | 2.6 |
2006-01-13 | CVE-2006-0207 | Code Injection vulnerability in PHP Multiple HTTP response splitting vulnerabilities in PHP 5.1.1 allow remote attackers to inject arbitrary HTTP headers via a crafted Set-Cookie header, related to the (1) session extension (aka ext/session) and the (2) header function. | 5.0 |
2006-01-13 | CVE-2006-0206 | Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0 Eval injection vulnerability in Light Weight Calendar (LWC) 1.0 (20040909) and earlier allows remote attackers to execute arbitrary PHP code via the date parameter in cal.php, which is included by index.php. | 7.5 |
2006-01-13 | CVE-2006-0205 | SQL Injection vulnerability in Wordcircle 2.17 Multiple SQL injection vulnerabilities in Wordcircle 2.17 allow remote attackers to (1) execute arbitrary SQL commands and bypass authentication via the password field in the login action to index.php (involving v_login.php and s_user.php) and (2) have other unknown impact via certain other fields in unspecified scripts. | 5.1 |
2006-01-13 | CVE-2006-0204 | Input Validation vulnerability in Wordcircle 2.17 Multiple cross-site scripting (XSS) vulnerabilities in Wordcircle 2.17 allow remote attackers to inject arbitrary web script or HTML via (1) the "Course name" field in index.php when the frm parameter has the value "mine" and (2) possibly certain other fields in unspecified scripts. network wordcircle | 4.3 |
2006-01-13 | CVE-2006-0203 | Improper Input Validation vulnerability in Mini-Nuke CMS System membership.asp in Mini-Nuke CMS System 1.8.2 and earlier does not verify the old password when changing a password, which allows remote attackers to change the passwords of other members via a lostpassnew action with a modified x parameter. | 5.0 |
2006-01-13 | CVE-2006-0202 | Unspecified vulnerability in Paypal PHP Toolkit Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50 and possibly earlier has (1) world-readable permissions for ipn/logs/ipn_success.txt, which allows local users to view sensitive information (payment data), and (2) world-writable permissions for ipn/logs, which allows local users to delete or replace payment data. | 3.6 |