Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-25 | CVE-2006-2002 | Remote File Include vulnerability in Mygamingladder 7.0 PHP remote file inclusion vulnerability in stats.php in MyGamingLadder 7.0 allows remote attackers to execute arbitrary PHP code via a URL in the dir[base] parameter. | 5.0 |
| 2006-04-25 | CVE-2006-2001 | Cross-Site Scripting vulnerability in Scry Gallery Scry Gallery 1.1 Cross-site scripting (XSS) vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the p parameter. network scry-gallery | 4.3 |
| 2006-04-25 | CVE-2006-2000 | Cross-Site Scripting vulnerability in Logmethods 0.9 Cross-site scripting (XSS) vulnerability in /lms/a2z.jsp in logMethods 0.9 allows remote attackers to inject arbitrary web script or HTML via the kwd parameter. network logmethods | 4.3 |
| 2006-04-25 | CVE-2006-1999 | Denial Of Service vulnerability in Openttd 0.4.7 The multiplayer menu in OpenTTD 0.4.7 allows remote attackers to cause a denial of service via a UDP packet with an incorrect size, which causes the client to return to the main menu. | 5.0 |
| 2006-04-25 | CVE-2006-1996 | Cross-Site Scripting vulnerability in Scry Gallery Scry Gallery 1.1 Scry Gallery 1.1 allows remote attackers to obtain sensitive information via an invalid p parameter, which reveals the path in an error message. | 5.0 |
| 2006-04-25 | CVE-2006-1995 | Directory Traversal vulnerability in Scry Gallery Scry Gallery 1.1 Directory traversal vulnerability in index.php in Scry Gallery 1.1 allows remote attackers to read arbitrary files via ".." sequences in the p parameter, which is not properly sanitized due to an rtrim function call with the arguments in the wrong order. | 5.0 |
| 2006-04-25 | CVE-2006-1993 | Resource Management Errors vulnerability in Mozilla Firefox 1.5.0.2 Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by the contentWindow.focus method in an iframe, which causes a reference to a deleted controller context object. | 5.1 |
| 2006-04-25 | CVE-2006-1513 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Abc2Ps Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files. | 5.1 |
| 2006-04-25 | CVE-2006-0232 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, stores sensitive log and virus definition files under the web root with insufficient access control, which allows remote attackers to obtain the information via direct requests. | 5.0 |
| 2006-04-25 | CVE-2006-0231 | Remote vulnerability in Symantec Antivirus Scan Engine 5.0.0.24 Symantec Scan Engine 5.0.0.24, and possibly other versions before 5.1.0.7, uses the same private DSA key for each installation, which allows remote attackers to conduct man-in-the-middle attacks and decrypt communications. | 6.4 |