Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-03 | CVE-2006-5111 | Denial of Service vulnerability in Libksba Library Libksba Library 0.9.12 The libksba library 0.9.12 and possibly other versions, as used by gpgsm in the newpg package on SUSE LINUX, allows attackers to cause a denial of service (application crash) via a malformed X.509 certificate in a signature. | 5.0 |
| 2006-10-03 | CVE-2006-5110 | Cross-Site Scripting vulnerability in PHP Invoice PHP Invoice 2.2 Cross-site scripting (XSS) vulnerability in home.php in PHP Invoice 2.2 allows remote attackers to inject arbitrary web script or HTML via the msg parameter, a different vector than CVE-2006-5074. network php-invoice | 6.8 |
| 2006-10-03 | CVE-2006-5109 | Input Validation vulnerability in CubeCart Devellion CubeCart 2.0.x allows remote attackers to obtain sensitive information via a direct request for (1) link_navi.php or (2) spotlight.php, which reveals the path in various error messages. | 5.0 |
| 2006-10-03 | CVE-2006-5108 | Input Validation vulnerability in CubeCart Multiple cross-site scripting (XSS) vulnerabilities in Devellion CubeCart 2.0.x allow remote attackers to inject arbitrary web script or HTML via the order_id parameter in (1) admin/print_order.php and (2) view_order.php; the (3) site_url and (4) la_search_home parameters and (5) certain language parameters in admin/nav.php; the (6) image parameter in admin/image.php; the (7) site_name, (8) la_adm_header, (9) charset, and (10) certain other parameters in admin/header.inc.php; the (12) la_pow_by parameter in footer.inc.php; and the (13) site_name parameter and (14) certain other parameters in header.inc.php. network devellion | 6.8 |
| 2006-10-03 | CVE-2006-5106 | Cross-Site Scripting vulnerability in FacileForms Cross-site scripting (XSS) vulnerability in FacileForms before 1.4.7 for Mambo and Joomla!, when either register_globals or RG_EMULATION is enabled, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 5.1 |
| 2006-10-03 | CVE-2006-4397 | Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8 Unchecked error condition in LoginWindow in Apple Mac OS X 10.4 through 10.4.7 prevents Kerberos tickets from being destroyed if a user does not successfully log on to a network account from the login window, which might allow later users to gain access to the original user's Kerberos tickets. | 4.6 |
| 2006-10-03 | CVE-2006-4395 | Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8 Unspecified vulnerability in QuickDraw Manager in Apple Mac OS X 10.3.9 and 10.4 through 10.4.7 allows context-dependent attackers to cause a denial of service ("memory corruption" and crash) via a crafted PICT image that is not properly handled by a certain "unsupported QuickDraw operation." | 5.1 |
| 2006-10-03 | CVE-2006-4391 | Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8 Buffer overflow in Apple ImageIO on Apple Mac OS X 10.4 through 10.4.7 allows remote attackers to execute arbitrary code via a malformed JPEG2000 image. | 5.1 |
| 2006-10-03 | CVE-2006-4387 | Multiple Security vulnerability in Apple Mac OS X Pre 10.4.8 Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications. | 4.6 |
| 2006-09-29 | CVE-2006-5098 | Denial-Of-Service vulnerability in Andreas Gohr Dokuwiki Release20060305/Release20060309/Release20060309E lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image. | 5.0 |