Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-03-09 | CVE-2006-1103 | Remote vulnerability in Sauerbraten Cube and Sauerbraten engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer dereference. | 5.0 |
| 2006-03-09 | CVE-2006-1102 | Remote vulnerability in Sauerbraten Cube and Sauerbraten Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (client exit) by forcing the server to change to a map (ogz) file whose name contains ".." sequences and has a certain length that prevents the addition of the ".ogz" extension. | 5.0 |
| 2006-03-09 | CVE-2006-1101 | Remote vulnerability in Sauerbraten Cube and Sauerbraten The (1) sgetstr and (2) getint functions in Sauerbraten 2006_02_28, as derived from the Cube engine, allow remote attackers to cause a denial of service (segmentation fault) via long streams of input data that trigger an out-of-bounds read, as demonstrated using SV_EXT tag data in the Cube engine, which is not properly handled by getint. | 5.0 |
| 2006-03-09 | CVE-2006-1097 | Cross-Site Scripting vulnerability in Datenbank Module Datenbank Module Mod2.7 Multiple cross-site scripting (XSS) vulnerabilities in Datenbank MOD 2.7 and earlier for Woltlab Burning Board allow remote attackers to inject arbitrary web script or HTML via the fileid parameter to (1) info_db.php or (2) database.php. network datenbank-module | 4.3 |
| 2006-03-09 | CVE-2006-1093 | Unspecified vulnerability in IBM Websphere Application Server Unspecified vulnerability in IBM WebSphere 5.0.2.10 through 5.0.2.15 and 5.1.1.4 through 5.1.1.9 allows remote attackers to obtain sensitive information via unknown attack vectors, which causes JSP source code to be revealed. | 6.4 |
| 2006-03-09 | CVE-2006-1089 | Cross-Site Scripting vulnerability in PunBB Cross-site scripting (XSS) vulnerability in header.php in PunBB 1.2.10 allows remote attackers to inject arbitrary web script or HTML via the URL, which is not properly handled when the PHP_SELF variable is used to handle a pun_page tag. network punbb | 4.3 |
| 2006-03-09 | CVE-2006-0742 | Local Denial of Service vulnerability in Linux Kernel die_if_kernel The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems. | 4.6 |
| 2006-03-09 | CVE-2006-1088 | Input Validation and Information Disclosure vulnerability in PHP-Stats PHP-Stats 0.1.9.1 and earlier allows remote attackers to obtain potentially sensitive information via a direct request to checktables.php, which lists the database table_prefix. | 5.0 |
| 2006-03-09 | CVE-2006-1087 | Input Validation and Information Disclosure vulnerability in PHP-Stats Direct static code injection vulnerability in the modify_config action in admin.php for PHP-Stats 0.1.9.1 and earlier allows remote authenticated administrators to execute arbitrary PHP code via the option_new[compatibility_mode] parameter, which is not filtered before being stored in config.php. | 6.5 |
| 2006-03-09 | CVE-2006-1082 | Cross-Site Scripting vulnerability in PHParcadescript 2.0 Multiple cross-site scripting (XSS) vulnerabilities in phpArcadeScript 2.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the gamename parameter in tellafriend.php, (2) the login_status parameter in loginbox.php, (3) the submissionstatus parameter in index.php, the (4) cell_title_background_color and (5) browse_cat_name parameters in browse.php, the (6) gamefile parameter in displaygame.php, and (7) possibly other parameters in unspecified PHP scripts. network phparcadescript | 4.3 |