Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-13 | CVE-2006-0659 | Code Injection vulnerability in Runcms 1.1/1.1A Multiple PHP remote file include vulnerabilities in RunCMS 1.2 and earlier, with register_globals and allow_url_fopen enabled, allow remote attackers to execute arbitrary code via the bbPath[path] parameter in (1) class.forumposts.php and (2) forumpollrenderer.php. | 6.8 |
| 2006-02-13 | CVE-2006-0658 | Remote Security vulnerability in Fckeditor 2.0/2.2 Incomplete blacklist vulnerability in connector.php in FCKeditor 2.0 and 2.2, as used in products such as RunCMS, allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions that are not listed in the Config[DeniedExtensions][File], such as .php.txt. | 5.0 |
| 2006-02-13 | CVE-2006-0656 | Directory Traversal vulnerability in HP Systems Insight Manager 4.2/5.0 Directory traversal vulnerability in HP Systems Insight Manager 4.2 through 5.0 SP3 for Windows allows remote attackers to access arbitrary files via unspecified vectors, a different vulnerability than CVE-2005-2006. | 5.0 |
| 2006-02-13 | CVE-2006-0655 | Input Validation vulnerability in Hinton Design PHPht Topsites 1.3 Multiple cross-site scripting (XSS) vulnerabilities in (1) link_edited.php and (2) link_added.php in Hinton Design phpht Topsites 1.3 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network hinton-design | 4.3 |
| 2006-02-13 | CVE-2006-0652 | Information Disclosure vulnerability in Whmcompletesolution 2.0/2.1/2.2 WHMCompleteSolution (WHMCS) before 2.3 assigns incorrect permissions to "resellers", which allows remote authenticated users to perform privileged actions or obtain sensitive information. | 6.5 |
| 2006-02-13 | CVE-2006-0650 | Cross-Site Scripting vulnerability in CPAINT TYPE.PHP Cross-site scripting (XSS) vulnerability in cpaint2.inc.php in the CPAINT library before 2.0.3, as used in multiple scripts, allows remote attackers to inject arbitrary web script or HTML via the cpaint_response_type parameter, which is displayed in a resulting error message, as demonstrated using a hex-encoded IFRAME tag. network cpaint | 4.3 |
| 2006-02-13 | CVE-2006-0649 | Cross-Site Scripting vulnerability in DataparkSearch Engine Search Template Cross-site scripting (XSS) vulnerability in DataparkSearch before 4.37 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network dataparksearch | 4.3 |
| 2006-02-13 | CVE-2006-0648 | Remote File Include vulnerability in PHP Icalendar PHP Icalendar 2.0/2.0.1/2.1 Multiple directory traversal vulnerabilities in PHP iCalendar 2.0.1, 2.1, and 2.2 allow remote attackers to include arbitrary files via the (1) getdate and possibly other parameters used in the replace_files function in search.php and (2) $file variable as used in the parse function in functions/template.php. | 5.0 |
| 2006-02-13 | CVE-2006-0647 | Remote Denial Of Service vulnerability in SUN Java System Directory Server 5.2 LDAP service in Sun Java System Directory Server 5.2, running on Linux and possibly other platforms, allows remote attackers to cause a denial of service (memory allocation error) via an LDAP packet with a crafted subtree search request, as demonstrated using the ProtoVer LDAP test suite. | 5.0 |
| 2006-02-13 | CVE-2006-0600 | Remote vulnerability in ELOG Web Logbook elog before 2.5.7 r1558-4 allows remote attackers to cause a denial of service (infinite redirection) via a request with the fail parameter set to 1, which redirects to the same request. | 5.0 |