Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-06 | CVE-2006-0949 | Remote Script Disclosure vulnerability in Raidenhttpd 1.1.47 RaidenHTTPD 1.1.47 allows remote attackers to obtain source code of script files, including PHP, via crafted requests involving (1) "." (dot), (2) space, and (3) "/" (slash) characters. | 5.0 |
| 2006-03-06 | CVE-2006-0814 | Remote Script Disclosure vulnerability in Lighttpd response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files. | 5.0 |
| 2006-03-06 | CVE-2006-1009 | Local Security vulnerability in Enigma-Suite M4 Project enigma-suite before 0.73.3 (Windows) has a default password of "nominal" for the "enigma-client" account, which allows local users to gain access. | 4.6 |
| 2006-03-06 | CVE-2006-1008 | Input Validation vulnerability in Nathan Landry N8Cms Sitesuite CMS 1.1/1.12/1.2 Multiple cross-site scripting (XSS) vulnerabilities in N8cms 1.1 and 1.2 allow remote attackers to inject arbitrary web script or HTML via the (1) dir and (2) page_id parameter to (a) index.php and (3) userid parameter to (b) mailto.php. network nathan-landry | 5.8 |
| 2006-03-06 | CVE-2006-1005 | Information Disclosure vulnerability in Cactusoft Parodia 6.2 agencyprofile.asp in Parodia 6.2 and earlier might allow remote attackers to obtain sensitive information by triggering an SQL error via an invalid AG_ID parameter. | 6.4 |
| 2006-03-06 | CVE-2006-1004 | Cross-Site Scripting vulnerability in Cactusoft Parodia 6.2 Cross-site scripting (XSS) vulnerability in agencyprofile.asp in Parodia 6.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the AG_ID parameter. network cactusoft | 4.3 |
| 2006-03-06 | CVE-2006-1003 | Information Disclosure vulnerability in Netgear WGT624 Wireless Firewall Router The backup configuration option in NETGEAR WGT624 Wireless Firewall Router stores sensitive information in cleartext, which allows remote attackers to obtain passwords and gain privileges. | 5.0 |
| 2006-03-06 | CVE-2006-1001 | SQL Injection vulnerability in Lansuite Board Module SQL injection vulnerability in the board module in LanSuite LanParty Intranet System 2.0.6 and 2.1.0 beta allows remote attackers to execute arbitrary SQL commands via the fid parameter. | 5.0 |
| 2006-03-06 | CVE-2006-0387 | Multiple vulnerability in Apple Mac OS X Security Update 2006-001 Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504. | 6.4 |
| 2006-03-03 | CVE-2006-0995 | Remote Denial of Service vulnerability in EMC Dantz Retrospect Backup Client EMC Dantz Retrospect 7 backup client 7.0.107, and other versions before 7.0.109, and 6.5 before 6.5.138 allows remote attackers to cause a denial of service (client termination and loss of backup service) via a malformed packet to TCP port 497, which triggers an assert error. | 5.0 |