Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-09-07 | CVE-2006-4619 | Local Buffer Overflow vulnerability in Avira AntiVir Shatter The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. | 4.6 |
2006-09-07 | CVE-2006-4618 | Remote Security vulnerability in Adodb PHP remote file inclusion vulnerability in adodb-postgres7.inc.php in John Lim ADOdb, possibly 4.01 and earlier, as used in Intechnic In-link 2.3.4, allows remote attackers to execute arbitrary PHP code via a URL in the ADODB_DIR parameter. | 5.1 |
2006-09-07 | CVE-2006-4616 | Remote Denial of Service vulnerability in Mailenable products SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception. | 5.0 |
2006-09-07 | CVE-2006-4615 | Information Disclosure vulnerability in Shape Services Im+ Mobile Instant Messenger 3.10Forpocketpc Shape Services IM+ Mobile Instant Messenger for Pocket PC 3.10 stores usernames and passwords in plaintext in %PROGRAMFILES%\IMPlus\implus.cfg, which allows local users to obtain sensitive information by reading the file. | 4.9 |
2006-09-07 | CVE-2006-4614 | Information Disclosure vulnerability in Pocket PC Pocket PC 1.30Bh PDAapps Verichat for Pocket PC 1.30bh stores usernames and passwords in plaintext in the Windows Mobile registry, which allows local users to obtain sensitive information via keys under \HKEY_CURRENT_USER\Software\PDAapps\VeriChat. | 4.9 |
2006-09-07 | CVE-2006-4610 | Remote File Include vulnerability in Graphiks GrapAgenda PHP remote file inclusion vulnerability in index.php in GrapAgenda 0.11 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the page parameter. | 5.1 |
2006-09-07 | CVE-2006-4608 | Input Validation vulnerability in Longino Jacome PHP-Revista 1.1.2 Multiple cross-site scripting (XSS) vulnerabilities in Longino Jacome php-Revista 1.1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) cadena parameter in busqueda.php and the (2) email parameter in lista.php. network longino | 6.8 |
2006-09-07 | CVE-2006-4595 | Information Exposure vulnerability in Muforum 0.4C muforum (µforum) 0.4c stores membres/members.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and password hashes. | 5.0 |
2006-09-06 | CVE-2006-4593 | Cross-Site Scripting vulnerability in Softbb 0.1 Cross-site scripting (XSS) vulnerability in index.php in SoftBB 0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the page parameter. network softbb | 6.8 |
2006-09-06 | CVE-2006-4587 | HTML Injection and Access Control Bypass vulnerability in Vtiger CRM 4.2/4.2.4 Multiple cross-site scripting (XSS) vulnerabilities in vtiger CRM 4.2.4, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) description parameter in unspecified modules or the (2) solution parameter in the HelpDesk module. network vtiger | 6.8 |