Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-06-30 | CVE-2006-3322 | SQL Injection vulnerability in Spiffyjr PHPraid 3.0.5 SQL injection vulnerability in includes/functions_logging.php in phpRaid 3.0.5, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the log_hack function. | 5.1 |
2006-06-30 | CVE-2006-3118 | Denial Of Service vulnerability in Spread Insecure Socket File Creation spread uses a temporary file with a static filename based on the port number, which allows local users to cause a denial of service by creating the file during a race condition between unlink and bind function calls. | 1.2 |
2006-06-30 | CVE-2006-3117 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to execute arbitrary code via a crafted OpenOffice XML document that is not properly handled by (1) Calc, (2) Draw, (3) Impress, (4) Math, or (5) Writer, aka "File Format / Buffer Overflow Vulnerability." | 7.6 |
2006-06-30 | CVE-2006-2199 | Unspecified vulnerability in Java Applets in OpenOffice.org 1.1.x (aka StarOffice) up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to escape the Java sandbox and conduct unauthorized activities via certain applets in OpenOffice documents. | 7.6 |
2006-06-30 | CVE-2006-2198 | Permissions, Privileges, and Access Controls vulnerability in multiple products OpenOffice.org (aka StarOffice) 1.1.x up to 1.1.5 and 2.0.x before 2.0.3 allows user-assisted attackers to conduct unauthorized activities via an OpenOffice document with a malicious BASIC macro, which is executed without prompting the user. | 7.6 |
2006-06-30 | CVE-2006-3321 | Cross-Site Injection vulnerability in OpenForum Multiple cross-site scripting (XSS) vulnerabilities in openforum.asp in OpenForum 1.2 Beta and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) ofdisp and (2) ofmsgid parameters. network 2enetworx | 4.3 |
2006-06-30 | CVE-2006-3320 | Cross-Site Scripting vulnerability in SiteBar Cross-site scripting (XSS) vulnerability in command.php in SiteBar 3.3.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the command parameter. | 2.6 |
2006-06-30 | CVE-2006-3319 | Cross-Site Scripting vulnerability in PHP iCalendar Cross-site scripting (XSS) vulnerability in rss/index.php in PHP iCalendar 2.22 and earlier allows remote attackers to inject arbitrary web script or HTML via the cal parameter. network php-icalendar | 4.3 |
2006-06-29 | CVE-2006-1467 | Numeric Errors vulnerability in Apple Itunes Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC (M4P, M4A, or M4B) file with a sample table size (STSZ) atom with a "malformed" sample_size_table value. | 5.1 |
2006-06-29 | CVE-2006-3318 | SQL Injection vulnerability in Spiffyjr PHPraid 3.0.6 SQL injection vulnerability in register.php for phpRaid 3.0.6 and possibly other versions, when the authorization type is phpraid, allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) email parameters. | 5.1 |