Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-16 | CVE-2006-4154 | Remote Format String vulnerability in Apache Mod_TCL Format string vulnerability in the mod_tcl module 1.0 for Apache 2.x allows context-dependent attackers to execute arbitrary code via format string specifiers that are not properly handled in a set_var function call in (1) tcl_cmds.c and (2) tcl_core.c. network apache | 6.8 |
| 2006-10-16 | CVE-2006-5294 | Unspecified vulnerability in Tincan PHPlist Cross-site scripting (XSS) vulnerability in index.php in phplist before 2.10.3 allows remote attackers to inject arbitrary web script or HTML via the unsubscribeemail parameter. network tincan | 4.3 |
| 2006-10-16 | CVE-2006-5293 | Cross-Site Scripting vulnerability in Noah's Classifieds Cross-site scripting (XSS) vulnerability in index.php in PhpOutsourcing Noah's Classifieds 1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the frommethod parameter. network phpoutsourcing | 6.8 |
| 2006-10-13 | CVE-2006-5287 | SQL Injection vulnerability in Xeobook 0.93 Multiple SQL injection vulnerabilities in sign.php in Xeobook 0.93 allow remote attackers to execute arbitrary SQL commands via (1) the User-Agent HTTP header, or the (2) gb_entry_text, (3) gb_location, (4) gb_fullname, or (5) gb_sex parameters. | 5.1 |
| 2006-10-13 | CVE-2006-5286 | Remote Denial Of Service vulnerability in Novell Bordermanager 3.8 Unspecified vulnerability in IKE.NLM in Novell BorderManager 3.8 allows attackers to cause a denial of service (crash) via unknown attack vectors related to "VPN issues" for certain "IKE and IPsec settings." | 5.0 |
| 2006-10-13 | CVE-2006-5284 | Remote File Include vulnerability in PHP News Reader PHP News Reader 2.6.2 PHP remote file inclusion vulnerability in auth/phpbb.inc.php in Shen Cheng-Da PHP News Reader (aka pnews) 2.6.4 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CFG[auth_phpbb_path] parameter. | 5.1 |
| 2006-10-13 | CVE-2006-5280 | Code Injection vulnerability in Cuttlefish Multimedia Ltd. Leicestershire Communityportals PHP remote file inclusion vulnerability in includes/import-archive.php in Leicestershire communityPortals 1.0 build 20051018 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter. | 6.8 |
| 2006-10-12 | CVE-2006-5264 | Cross-Site Scripting vulnerability in Mysqldumper 1.21 Cross-site scripting (XSS) vulnerability in sql.php in MysqlDumper 1.21 b6 allows remote attackers to inject arbitrary web script or HTML via the db parameter. network mysqldumper | 6.8 |
| 2006-10-12 | CVE-2006-5262 | Unspecified vulnerability in Hastymail CRLF injection vulnerability in lib/session.php in Hastymail 1.5 and earlier before 20061008 allows remote authenticated users to send arbitrary IMAP commands via a CRLF sequence in a mailbox name. | 6.5 |
| 2006-10-12 | CVE-2006-5258 | Code Injection vulnerability in Asbru Software products The spell checking component of (1) Asbru Web Content Management before 6.1.22, (2) Asbru Web Content Editor before 6.0.22, and (3) Asbru Website Manager before 6.0.22 allows remote attackers to execute arbitrary commands via an unspecified parameter that is not sanitized before Aspell is invoked. | 5.1 |