Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-13 | CVE-2006-0201 | Unspecified vulnerability in Paypal PHP Toolkit Dave Nielsen and Patrick Breitenbach PayPal Web Services (aka PHP Toolkit) 0.50, and possibly earlier versions, allows remote attackers to enter false payment entries into the log file via HTTP POST requests to ipn_success.php. | 5.0 |
2006-01-13 | CVE-2006-0200 | USE of Externally-Controlled Format String vulnerability in PHP 5.1.0/5.1.1 Format string vulnerability in the error-reporting feature in the mysqli extension in PHP 5.1.0 and 5.1.1 might allow remote attackers to execute arbitrary code via format string specifiers in MySQL error messages. | 9.3 |
2006-01-13 | CVE-2006-0199 | SQL Injection vulnerability in Mini-Nuke CMS System SQL injection vulnerability in news.asp in Mini-Nuke CMS System 1.8.2 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | 7.5 |
2006-01-13 | CVE-2006-0198 | HTML Injection vulnerability in Xoops Pool Module IMG Tag Cross-site scripting (XSS) vulnerability in a certain module, possibly poll or Pool, for XOOPS allows remote attackers to inject arbitrary web script or HTML via JavaScript in the SRC attribute of an IMG element in a comment. network xoops | 4.3 |
2006-01-13 | CVE-2006-0197 | Denial-Of-Service vulnerability in X.org The XClientMessageEvent struct used in certain components of X.Org 6.8.2 and earlier, possibly including (1) the X server and (2) Xlib, uses a "long" specifier for elements of the l array, which results in inconsistent sizes in the struct on 32-bit versus 64-bit platforms, and might allow attackers to cause a denial of service (application crash) and possibly conduct other attacks. | 5.0 |
2006-01-13 | CVE-2006-0196 | Local Security vulnerability in Serial Line Sniffer Serial Line Sniffer 0.4.4 Unspecified vulnerability in Serial line sniffer (aka slsnif) 0.4.4 allows local users to gain privileges via a long value of the HOME environment variable, possibly because of a buffer overflow. | 4.6 |
2006-01-13 | CVE-2006-0194 | Cross-Site Scripting vulnerability in Fog Creek Software FogBugz Default.ASP Cross-site scripting (XSS) vulnerability in default.asp in FogBugz 4.029, and other versions before 4.0.33, allows remote attackers to inject arbitrary web script or HTML via the dest parameter in the pgLogon page. network fog-creek-software | 4.3 |
2006-01-13 | CVE-2006-0193 | Cross-Site Scripting vulnerability in H-Sphere Cross-site scripting (XSS) vulnerability in the Hosting Control Panel (psoft.hsphere.CP) in Positive Software H-Sphere 2.4.3 Patch 8 and earlier allows remote attackers to inject arbitrary web script or HTML via the login parameter in a login action. network positive-software | 4.3 |
2006-01-13 | CVE-2006-0192 | SQL Injection vulnerability in Philip Loftin Aspsurvey 1.10 SQL injection vulnerability in Login_Validate.asp in ASPSurvey 1.10 allows remote attackers to execute arbitrary SQL commands via the Password parameter to login.asp. | 7.5 |
2006-01-13 | CVE-2006-0191 | Local Denial Of Service vulnerability in SUN Solaris 10.0 Unspecified vulnerability in Sun Solaris 10 allows local users to cause a denial of service (null dereference) via unspecified vectors involving the use of the find command on the "/proc" filesystem. | 4.9 |