Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-23 | CVE-2006-4295 | Cross-Site Scripting vulnerability in Panda Activescan 5.53.00 Cross-site scripting (XSS) vulnerability in ascan_6.asp in Panda ActiveScan 5.53.00 allows remote attackers to inject arbitrary web script or HTML via the email parameter. network panda | 4.3 |
| 2006-08-22 | CVE-2006-4293 | Cross-Site Scripting vulnerability in Cpanel 10 Multiple cross-site scripting (XSS) vulnerabilities in cPanel 10 allow remote attackers to inject arbitrary web script or HTML via the (1) dir parameter in dohtaccess.html, or the (2) file parameter in (a) editit.html or (b) showfile.html. network cpanel | 4.3 |
| 2006-08-22 | CVE-2006-4292 | ARP Packet Processing Denial of Service vulnerability in Honeyd 1.0/1.5/1.5A Unspecified vulnerability in Niels Provos Honeyd before 1.5b allows remote attackers to cause a denial of service (application crash) via certain Address Resolution Protocol (ARP) packets. | 5.0 |
| 2006-08-22 | CVE-2006-4291 | Remote File Include vulnerability in RETIRED: PHlyMail Lite Mod.Listmail.PHP PHP remote file inclusion vulnerability in handlers/email/mod.listmail.php in PHlyMail Lite 3.4.4 and earlier (Build 3.04.04) allows remote attackers to execute arbitrary PHP code via a URL in the _PM_[path][handler] parameter. | 5.1 |
| 2006-08-22 | CVE-2006-4290 | Directory Traversal vulnerability in Sony VAIO Media Integrated Server Directory traversal vulnerability in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to gain sensitive information via unspecified vectors. | 5.0 |
| 2006-08-22 | CVE-2006-4288 | Code Injection vulnerability in Mambo A6Mambocredits Component 2.0.0 PHP remote file inclusion vulnerability in admin.a6mambocredits.php in the a6mambocredits component (com_a6mambocredits) 2.0.0 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter. | 6.8 |
| 2006-08-21 | CVE-2006-4273 | Unspecified vulnerability in Jelsoft Vbulletin 3.5.4/3.6.0 Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 3.5.4 and 3.6.0 allows remote attackers to inject arbitrary web script or HTML by uploading an attachment with a .pdf extension that contains JavaScript, which is processed as script by Microsoft Internet Explorer 6. network jelsoft | 6.8 |
| 2006-08-21 | CVE-2006-4270 | Code Injection vulnerability in Mambo Mambelfish Component PHP remote file inclusion vulnerability in mambelfish.class.php in the mambelfish component (com_mambelfish) 1.1 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 6.8 |
| 2006-08-21 | CVE-2006-4268 | Input Validation vulnerability in CubeCart Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) file, (2) x, and (3) y parameters in (a) admin/filemanager/preview.php; and the (4) email parameter in (b) admin/login.php. network devellion | 6.8 |
| 2006-08-21 | CVE-2006-4265 | Remote Security vulnerability in Kaspersky LAB Kaspersky Anti-Hacker 1.8.180 Kaspersky Anti-Hacker 1.8.180, when Stealth Mode is enabled, allows remote attackers to obtain responses to ICMP (1) timestamp and (2) netmask requests, which is inconsistent with the documented behavior of Stealth Mode. | 5.0 |