Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-28 | CVE-2006-3925 | Remote Buffer Overflow vulnerability in InterActual Player ITIRecorder.MicRecorder ActiveX Control Stack-based buffer overflow in ITIRecorder.MicRecorder ActiveX control in iarecord.dll in InterActual Player before 2.6 allows remote attackers to execute arbitrary code via a long argument to the Files method. | 6.4 |
| 2006-07-28 | CVE-2006-3924 | Cross-Site Scripting vulnerability in Dokeos Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2006-07-28 | CVE-2006-3921 | Information Disclosure vulnerability in SUN products Sun Java System Application Server (SJSAS) 7 through 8.1 and Web Server (SJSWS) 6.0 and 6.1 allows remote authenticated users to read files outside of the "document root directory" via a direct request using a UTF-8 encoded URI. | 4.0 |
| 2006-07-28 | CVE-2006-3768 | Buffer Overflow vulnerability in Intervations Filecopa 1.01 Integer underflow in filecpnt.exe in FileCOPA FTP Server 1.01 before 2006-07-21 allow remote authenticated users to execute arbitrary code via a long argument to the (1) CWD, (2) DELE, (3) MDTM, and (4) MKD commands, which triggers a stack-based buffer overflow. | 6.4 |
| 2006-07-28 | CVE-2006-3920 | Denial-Of-Service vulnerability in Solaris The TCP implementation in Sun Solaris 8, 9, and 10 before 20060726 allows remote attackers to cause a denial of service (resource exhaustion) via a TCP packet with an incorrect sequence number, which triggers an ACK storm. | 5.0 |
| 2006-07-28 | CVE-2006-3916 | Cross-Site Scripting vulnerability in Solucija Snews 1.4 Cross-site scripting (XSS) vulnerability in snews.php in sNews (aka Solucija News) 1.4 allows remote attackers to inject arbitrary web script or HTML via the search_query parameter. network solucija | 4.3 |
| 2006-07-28 | CVE-2006-3915 | Unspecified vulnerability in Microsoft Internet Explorer 6.0 Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by iterating over any native function, as demonstrated with the window.alert function, which triggers a null dereference. | 5.0 |
| 2006-07-28 | CVE-2006-3914 | HTML Injection vulnerability in Blackboard Academic Suite 6.2.3.23 Cross-site scripting (XSS) vulnerability in Blackboard Academic Suite 6.2.3.23 allows remote authenticated users to inject arbitrary HTML or web script by bypassing client-side validation through disabling JavaScript when submitting an essay response, which has no server-side validation before being viewed via "View Attempt Details" in the Gradebook. network blackboard | 6.0 |
| 2006-07-28 | CVE-2006-3910 | Denial Of Service vulnerability in Microsoft IE 6.0 Internet Explorer 6 on Windows XP SP2, when Outlook is installed, allows remote attackers to cause a denial of service (crash) by calling the NewDefaultItem function of an OVCtl (OVCtl.OVCtl.1) ActiveX object, which triggers a null dereference. | 5.0 |
| 2006-07-28 | CVE-2006-3350 | Remote Buffer Overflow vulnerability in Cimmetry Systems Autovue Solidmodel Professional Desktopedition19.1Build5993 Stack-based buffer overflow in AutoVue SolidModel Professional Desktop Edition 19.1 Build 5993 allows user-assisted remote attackers to execute arbitrary code via a long filename in a (1) ARJ, (2) RAR, or (3) ZIP archive. | 5.1 |