Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-09 | CVE-2006-1112 | HTML Injection vulnerability in Aztek Forum Aztek Forum 4.0 Aztek Forum 4.0 allows remote attackers to obtain sensitive information via a long login value in a register form, which displays the installation path in a MySQL error message. | 5.0 |
2006-03-09 | CVE-2006-1110 | HTML Injection vulnerability in Aztek Forum Aztek Forum 4.0 Cross-site scripting (XSS) vulnerability in Aztek Forum 4.0 allows remote attackers to inject arbitrary web script or HTML via the message body in a new message. network aztek-forum | 4.3 |
2006-03-09 | CVE-2006-1106 | Input Validation vulnerability in Pixelpost Cross-site scripting (XSS) vulnerability in Pixelpost 1.5 beta 1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) message, (2) name, (3) url, and (4) email parameters when commenting on a post. network pixelpost | 4.3 |
2006-03-09 | CVE-2006-1105 | Input Validation vulnerability in Pixelpost Pixelpost 1.5 beta 1 and earlier allows remote attackers to obtain configuration information via a direct request to includes/phpinfo.php, which calls the phpinfo function. | 5.0 |
2006-03-09 | CVE-2006-1103 | Remote vulnerability in Sauerbraten Cube and Sauerbraten engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference. | 5.0 |
2006-03-09 | CVE-2006-1102 | Remote vulnerability in Sauerbraten Cube and Sauerbraten Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | 5.0 |
2006-03-09 | CVE-2006-1101 | Remote vulnerability in Sauerbraten Cube and Sauerbraten The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint. | 5.0 |
2006-03-09 | CVE-2006-1097 | Cross-Site Scripting vulnerability in Datenbank Module Datenbank Module Mod2.7 Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. network datenbank-module | 4.3 |
2006-03-09 | CVE-2006-1093 | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | 6.4 |
2006-03-09 | CVE-2006-1089 | Cross-Site Scripting vulnerability in PunBB Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. network punbb | 4.3 |