Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-29 | CVE-2006-4436 | Unspecified vulnerability in Openbsd 3.8/3.9 isakmpd in OpenBSD 3.8, 3.9, and possibly earlier versions, creates Security Associations (SA) with a replay window of size 0 when isakmpd acts as a responder during SA negotiation, which allows remote attackers to replay IPSec packets and bypass the replay protection. | 5.0 |
| 2006-08-29 | CVE-2006-4435 | Denial Of Service vulnerability in Openbsd 3.8/3.9 OpenBSD 3.8, 3.9, and possibly earlier versions allows context-dependent attackers to cause a denial of service (kernel panic) by allocating more semaphores than the default. | 4.9 |
| 2006-08-29 | CVE-2006-4430 | Unspecified vulnerability in Cisco products The Cisco Network Admission Control (NAC) 3.6.4.1 and earlier allows remote attackers to prevent installation of the Cisco Clean Access (CCA) Agent and bypass local and remote protection mechanisms by modifying (1) the HTTP User-Agent header or (2) the behavior of the TCP/IP stack. | 5.0 |
| 2006-08-29 | CVE-2006-4427 | Authentication Bypass vulnerability in eFiction index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". | 5.1 |
| 2006-08-29 | CVE-2006-4426 | Remote File Include vulnerability in Albert Albert-Easysite 0.8.12 PHP remote file inclusion vulnerability in AES/modules/auth/phpsecurityadmin/include/logout.php in AlberT-EasySite (AES) 1.0a5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PSA_PATH parameter. | 5.1 |
| 2006-08-29 | CVE-2006-4425 | Remote Security vulnerability in Coinsoft Technologies PHPcoin 1.2.3 Multiple PHP remote file inclusion vulnerabilities in phpCOIN 1.2.3 allow remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter in coin_includes scripts including (1) api.php, (2) common.php, (3) core.php, (4) custom.php, (5) db.php, (6) redirect.php or (7) session_set.php. | 5.1 |
| 2006-08-29 | CVE-2006-4424 | Remote File Include vulnerability in Coinsoft Technologies PHPcoin 1.2.3 PHP remote file inclusion vulnerability in coin_includes/constants.php in phpCOIN 1.2.3 allows remote attackers to execute arbitrary PHP code via the _CCFG[_PKG_PATH_INCL] parameter. | 5.1 |
| 2006-08-29 | CVE-2006-4421 | Cross-Site Scripting vulnerability in Yapig 0.95B Cross-site scripting (XSS) vulnerability in template/default/thanks_comment.php in Yet Another PHP Image Gallery (YaPIG) 0.95b allows remote attackers to inject arbitrary web script or HTML via the D_REFRESH_URL parameter. network yapig | 4.3 |
| 2006-08-28 | CVE-2006-4420 | Local File Include vulnerability in Phaos 0.9/0.9.1/0.9.2 Directory traversal vulnerability in include_lang.php in Phaos 0.9.2 allows remote attackers to include arbitrary local files via ".." sequences in the lang parameter. | 5.0 |
| 2006-08-28 | CVE-2006-4418 | Local File Include vulnerability in Wikepage 2006.2/2006.2A Directory traversal vulnerability in index.php for Wikepage 2006.2a Opus 10 allows remote attackers to include arbitrary local files via the lng parameter, as demonstrated by inserting PHP code into a log file. | 4.0 |