Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-21 | CVE-2006-4093 | Local Denial of Service vulnerability in Linux Kernel PPC970 Systems Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." Upgrade to Linux Kernel version 2.4.33.1 | 4.9 |
| 2006-08-21 | CVE-2006-4260 | Directory Traversal vulnerability in Jake Olefsky Fotopholder 1.8 Directory traversal vulnerability in index.php in Fotopholder 1.8 allows remote attackers to read arbitrary directories or files via a .. | 5.0 |
| 2006-08-21 | CVE-2006-4258 | Unspecified vulnerability in John Hanna Anti-Spam Smtp Proxy Server 1.2.3 Absolute path traversal vulnerability in the get functionality in Anti-Spam SMTP Proxy (ASSP) allows remote authenticated users to read arbitrary files via (1) C:\ (Windows drive letter), (2) UNC, and possibly other types of paths in the file parameter. | 4.0 |
| 2006-08-21 | CVE-2006-4257 | Resource Management Errors vulnerability in IBM DB2 IBM DB2 Universal Database (UDB) before 8.1 FixPak 13 allows remote authenticated users to cause a denial of service (crash) by (1) sending the first ACCSEC command without an RDBNAM parameter during the CONNECT process, or (2) sending crafted SQLJRA packet, which results in a null dereference. | 4.0 |
| 2006-08-21 | CVE-2006-4256 | Cross-Site Scripting vulnerability in Application Framework index.php in Horde Application Framework before 3.1.2 allows remote attackers to include web pages from other sites, which could be useful for phishing attacks, via a URL in the url parameter, aka "cross-site referencing." NOTE: some sources have referred to this issue as XSS, but it is different than classic XSS. network horde | 4.3 |
| 2006-08-21 | CVE-2006-4255 | Cross-Site Scripting vulnerability in Horde Products Search.PHP Cross-site scripting (XSS) vulnerability in horde/imp/search.php in Horde IMP H3 before 4.1.3 allows remote attackers to include arbitrary web script or HTML via multiple unspecified vectors related to folder names, as injected into the vfolder_label form field in the IMP search screen. network horde | 4.3 |
| 2006-08-21 | CVE-2006-4145 | Resource Management Errors vulnerability in Linux Kernel The Universal Disk Format (UDF) filesystem driver in Linux kernel 2.6.17 and earlier allows local users to cause a denial of service (hang and crash) via certain operations involving truncated files, as demonstrated via the dd command. | 4.9 |
| 2006-08-21 | CVE-2006-3506 | Buffer Overflow vulnerability in Apple mac OS X, mac OS X Server and Xsan Buffer overflow in the Xsan Filesystem driver on Mac OS X 10.4.7 and OS X Server 10.4.7 allows local users with Xsan write access, to execute arbitrary code via unspecified vectors related to "processing a path name." This vulnerability is addressed in the following product release: Apple, Xsan, 1.4 | 4.6 |
| 2006-08-21 | CVE-2006-4242 | Remote File Include vulnerability in Joomla JIM Instant Messaging Component 1.0.1 PHP remote file inclusion vulnerability in install.jim.php in the JIM 1.0.1 component for Joomla or Mambo allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 5.1 |
| 2006-08-18 | CVE-2006-4227 | Improper Input Validation vulnerability in multiple products MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has been made available using GRANT EXECUTE. | 6.5 |