Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-21 | CVE-2006-0334 | Cross-Site Scripting vulnerability in Freekrai.Net MY Amazon Store Manager 1.0 Cross-site scripting (XSS) vulnerability in search.php in My Amazon Store Manager 1.0 allows remote attackers to inject arbitrary web script or HTML via the Keywords parameter. network freekrai-net | 4.3 |
| 2006-01-21 | CVE-2006-0333 | Cross-Site Scripting vulnerability in Ar-Blog 5.2 Cross-site scripting (XSS) vulnerability in ar-blog 5.2 allows remote attackers to inject arbitrary web script or HTML via the (1) month or (2) year parameter to index.php. network ar-blog | 4.3 |
| 2006-01-21 | CVE-2006-0332 | Code Injection vulnerability in Ecartis 1.0.0Snapshot20050909 Pantomime in Ecartis 1.0.0 snapshot 20050909 stores e-mail attachments in a publicly accessible directory, which may allow remote attackers to upload arbitrary files. | 6.4 |
| 2006-01-21 | CVE-2006-0331 | Denial-Of-Service vulnerability in Thiago Melo DE Paula Change Passwd 3.1 Buffer overflow in Change passwd 3.1 (chpasswd) SquirrelMail plugin allows local users to execute arbitrary code via long command line arguments. | 4.6 |
| 2006-01-21 | CVE-2006-0330 | HTML Injection vulnerability in Gallery User Name Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname). network gallery-project | 4.3 |
| 2006-01-21 | CVE-2006-0328 | Remote Format String vulnerability in Philippe Jounin Tftpd32 2.81 Format string vulnerability in Tftpd32 2.81 allows remote attackers to cause a denial of service via format string specifiers in a filename in a (1) GET or (2) SEND request. | 5.0 |
| 2006-01-21 | CVE-2006-0327 | Information Disclosure vulnerability in Typo3 3.7.1/3.8.1 TYPO3 3.7.1 allows remote attackers to obtain sensitive information via a direct request to (1) thumbs.php, (2) showpic.php, or (3) tables.php, which causes them to incorrectly define a variable and reveal the path in an error message when a require function call fails. | 5.0 |
| 2006-01-19 | CVE-2006-0322 | Unspecified vulnerability in Mediawiki Unspecified vulnerability the edit comment formatting functionality in MediaWiki 1.5.x before 1.5.6 and 1.4.x before 1.4.14 allows attackers to cause a denial of service (infinite loop) via "certain malformed links." | 5.0 |
| 2006-01-19 | CVE-2006-0319 | Directory Traversal vulnerability in Farmers Wife Farmers Wife 4.4Sp1 Directory traversal vulnerability in the FTP server (port 22003/tcp) in Farmers WIFE 4.4 SP1 allows remote attackers to create arbitrary files via ".." (dot dot) sequences in a (1) PUT, (2) SIZE, and possibly other commands. | 5.0 |
| 2006-01-19 | CVE-2006-0317 | Cross-Site Scripting vulnerability in Redkernel Referrer Tracker 1.1.03 Cross-site scripting (XSS) vulnerability in rkrt_stats.php in RedKernel Referrer Tracker 1.1.0-3 allows remote attackers to inject arbitrary web script or HTML via a query string value as a GET, which is stored in the $QUERY_STRING variable. network redkernel | 4.3 |