Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-17 | CVE-2006-0737 | Denial of Service vulnerability in eStara Softphone eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field. | 5.0 |
| 2006-02-16 | CVE-2006-0735 | HTML Injection vulnerability in My Blog BBCode Cross-site scripting (XSS) vulnerability in BBcode.pm in M. | 4.3 |
| 2006-02-16 | CVE-2006-0734 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Valve Software Half-Life Cstrike Dedicated Server The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015. | 4.0 |
| 2006-02-16 | CVE-2006-0732 | Remote Arbitrary File Access And Deletion vulnerability in SAP Business Connector 4.6/4.7 Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. | 6.4 |
| 2006-02-16 | CVE-2006-0731 | Unspecified vulnerability in SAP Business Connector WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | 4.0 |
| 2006-02-16 | CVE-2006-0730 | Denial of Service vulnerability in Dovecot Double Free Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. | 5.0 |
| 2006-02-16 | CVE-2006-0726 | HTML Injection vulnerability in Cpg-Nuke Dragonfly CMS 9.0.6.1 Cross-site scripting (XSS) vulnerability in linking.php in CPG-Nuke Dragonfly CMS 9.0.6.1 allows remote attackers to inject arbitrary web script or HTML via a URI that is generated when creating a list of online users. network cpg-nuke | 4.3 |
| 2006-02-16 | CVE-2006-0725 | Code Injection vulnerability in Plume-Cms Plume CMS 1.0.2 PHP remote file inclusion vulnerability in prepend.php in Plume CMS 1.0.2, when register_globals is enabled, allows remote attackers to include arbitrary files via a URL in the _PX_config[manager_path] parameter. | 6.8 |
| 2006-02-15 | CVE-2006-0718 | Denial of Service vulnerability in Avaya VSU/CSU Products ISAKMP IKE Traffic The Internet Key Exchange version 1 (IKEv1) implementation in Avaya VSU 100, 2000, 7500, 10000, and CSU 5000, when running IPSec, allows remote attackers to cause a denial of service (crash) via certain IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. | 5.0 |
| 2006-02-15 | CVE-2006-0717 | LDAP Memory Corruption vulnerability in IBM Tivoli Directory Server 6.0 IBM Tivoli Directory Server 6.0 allows remote attackers to cause a denial of service (crash) via a crafted LDAP request, as demonstrated by test 2532 in the ProtoVer Sample LDAP test suite. | 5.0 |