Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-15 | CVE-2006-0715 | Input Validation vulnerability in Solucija Snews 1.3 Cross-site scripting (XSS) vulnerability in sNews 1.3 allows remote attackers to inject arbitrary web script or HTML via the comment field. network solucija | 4.3 |
| 2006-02-15 | CVE-2006-0714 | Remote File Include vulnerability in Flyspray 0.9.7 Directory traversal vulnerability in the installation file (sql/install-0.9.7.php) in Flyspray 0.9.7 allows remote attackers to include arbitrary files via a .. | 5.0 |
| 2006-02-15 | CVE-2006-0713 | Local File Inclusion and PHP Code Injection vulnerability in LinPHA Directory traversal vulnerability in LinPHA 1.0 allows remote attackers to include arbitrary files via .. | 5.0 |
| 2006-02-15 | CVE-2006-0712 | Unspecified vulnerability in Squishdot mail_html template in Squishdot 1.5.0 and earlier does not properly validate the (1) email and (2) title variables, which allows remote attackers to bypass spam filters by injecting SMTP headers, probably due to a CRLF injection vulnerability. | 5.0 |
| 2006-02-15 | CVE-2006-0711 | Unspecified vulnerability in Neomail The (1) addfolder and (2) deletefolder functions in neomail-prefs.pl in NeoMail 1.28 do not validate the Session ID, which allows remote attackers to add and delete arbitrary files, when configured with homedirfolders and homedirspools disabled. | 5.0 |
| 2006-02-15 | CVE-2006-0707 | Information Exposure vulnerability in Pyblosxom 1.2.1/1.3 PyBlosxom before 1.3.2, when running on certain webservers, allows remote attackers to read arbitrary files via an HTTP request with multiple leading / (slash) characters, which is accessed using the PATH_INFO variable. | 5.0 |
| 2006-02-15 | CVE-2006-0706 | Cross-Site Scripting vulnerability in Gastebuch Cross-site scripting vulnerability in eintrag.php in Gästebuch (Gastebuch) before 1.3.3 allows remote attackers to inject arbitrary web script or HTML via the URL, which is used in the homepage parameter. | 4.3 |
| 2006-02-15 | CVE-2006-0705 | USE of Externally-Controlled Format String vulnerability in multiple products Format string vulnerability in a logging function as used by various SFTP servers, including (1) AttachmateWRQ Reflection for Secure IT UNIX Server before 6.0.0.9, (2) Reflection for Secure IT Windows Server before 6.0 build 38, (3) F-Secure SSH Server for Windows before 5.3 build 35, (4) F-Secure SSH Server for UNIX 3.0 through 5.0.8, (5) SSH Tectia Server 4.3.6 and earlier and 4.4.0, and (6) SSH Shell Server 3.2.9 and earlier, allows remote authenticated users to execute arbitrary commands via unspecified vectors, involving crafted filenames and the stat command. | 6.5 |
| 2006-02-15 | CVE-2006-0703 | Multiple vulnerability in Imagevue 0.16.1 Unspecified vulnerability in index.php in imageVue 16.1 has unknown impact, probably a cross-site scripting (XSS) vulnerability involving the query string that is not quoted when inserted into style and body tags, as demonstrated using a bgcol parameter. network imagevue | 4.3 |
| 2006-02-15 | CVE-2006-0702 | Multiple vulnerability in Imagevue 0.16.1 admin/upload.php in imageVue 16.1 allows remote attackers to upload arbitrary files to certain allowed folders via .. | 5.0 |