Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-14 | CVE-2006-4783 | SQL-Injection vulnerability in Webspell 4.0 SQL injection vulnerability in squads.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the squadID parameter. | 5.1 |
2006-09-14 | CVE-2006-4782 | Authentication Bypass vulnerability in Webspell 4.0/4.1/4.1.1 src/index.php in WebSPELL 4.01.01 and earlier, when register_globals is enabled, allows remote attackers to bypass authentication and gain sensitive information stored in the database via a modified userID parameter in a write action to admin/database.php. | 5.4 |
2006-09-14 | CVE-2006-4773 | Denial-Of-Service vulnerability in SUN Storedge 6130 Arrays 06.12.10.11 Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN. | 5.0 |
2006-09-14 | CVE-2006-4772 | Information Disclosure vulnerability in Hotplug Cms HotPlug CMS stores sensitive information under the web root with insufficient access control, which allows remote attackers to read the admin password and database credentials via a direct request for includes/class/config.inc. | 5.0 |
2006-09-14 | CVE-2006-4771 | Cross-Site Scripting vulnerability in JBC Forumjbc 4.0 Cross-site scripting (XSS) vulnerability in haut.php in ForumJBC 4 allows remote attackers to inject arbitrary web script or HTML via the nb_connecte parameter. network jbc | 4.3 |
2006-09-14 | CVE-2006-4725 | Unspecified vulnerability in Adobe Coldfusion 7.0/7.0.1 Adobe ColdFusion MX 7 and 7.01 allows local users to bypass security restrictions and call components (CFC) within a sandbox from CFML templates that are located outside of the sandbox. | 4.6 |
2006-09-14 | CVE-2006-4724 | Denial of Service vulnerability in Adobe ColdFusion Flash Remoting Gateway Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command. | 5.0 |
2006-09-13 | CVE-2006-4768 | Remote Security vulnerability in Stefan Ernst Newsscript 0.5Beta Multiple direct static code injection vulnerabilities in add_go.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allow remote attackers to execute arbitrary PHP code via the (1) description, (2) issue, (3) title, (4) var, (5) name, (6) keywords, and (7) note parameters, which are stored in an article file. | 5.0 |
2006-09-13 | CVE-2006-4767 | Directory Traversal vulnerability in Stefan Ernst Newsscript 0.5Beta Multiple directory traversal vulnerabilities in Stefan Ernst Newsscript (aka WM-News) 0.5beta allow remote attackers to (1) read arbitrary local files via a .. | 6.4 |
2006-09-13 | CVE-2006-4766 | Directory Traversal vulnerability in Stefan Ernst Newsscript 0.5Beta Directory traversal vulnerability in print.php in Stefan Ernst Newsscript (aka WM-News) 0.5 beta allows remote attackers to read arbitrary files via a .. | 5.0 |