Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-05-04 | CVE-2006-2175 | Remote File Include vulnerability in Ftrainsoft Fast Click 2.3.8 PHP remote file inclusion vulnerability in FtrainSoft Fast Click 2.3.8 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter to (1) show.php or (2) top.php. | 6.4 |
2006-05-04 | CVE-2006-2174 | Cross-Site Scripting vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.4.7.1 Multiple cross-site scripting (XSS) vulnerabilities in admin/server_day_stats.php in Virtual Hosting Control System (VHCS) allow remote attackers to inject arbitrary web script or HTML via the (1) day, (2) month, or (3) year parameter. network virtual-hosting-control-system | 4.3 |
2006-05-04 | CVE-2006-2173 | Remote Buffer Overflow vulnerability in FileZilla FTP Server Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the MLSD command, or (2) the remote server interface, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-04 | CVE-2006-2171 | Remote Buffer Overflow vulnerability in Jgaa Warftpd 1.8/1.82Rc10/1.82Rc9 Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-04 | CVE-2006-2170 | Remote Buffer Overflow vulnerability in ArGoSoft FTP Server RNTO Command Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer. | 6.4 |
2006-05-04 | CVE-2006-2169 | Information Disclosure vulnerability in Best Practical Solutions Request Tracker 3.5.Head RT: Request Tracker 3.5.HEAD allows remote attackers to obtain sensitive information via the Rows parameter in Dist/Display.html, which reveals the installation path in an error message. | 5.0 |
2006-05-04 | CVE-2006-2167 | HTML Injection vulnerability in Sloughflash Sf-Users 1.0 Cross-site scripting (XSS) vulnerability in SloughFlash SF-Users 1.0, possibly in register.php, allows remote attackers to inject arbitrary web script or HTML by setting the username field to contain JavaScript in the SRC attribute of an IMG element. network sloughflash | 4.3 |
2006-05-03 | CVE-2006-1527 | Remote Denial of Service vulnerability in Linux Kernel 2.6.16.12 The SCTP-netfilter code in Linux kernel before 2.6.16.13 allows remote attackers to trigger a denial of service (infinite loop) via unknown vectors that cause an invalid SCTP chunk size to be processed by the for_each_sctp_chunk function. | 5.0 |
2006-05-03 | CVE-2006-2162 | Remote Negative Content-Length Buffer Overflow vulnerability in Nagios 2.0.1/2.1.3 Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header. | 5.0 |
2006-05-03 | CVE-2006-2160 | HTML Injection vulnerability in Russcomm Network LoginPHP Username Cross-site scripting (XSS) vulnerability in Russcom Network Loginphp (Russcom.Loginphp) allows remote attackers to inject arbitrary web script or HTML via the username field when registering. network russcom-network | 4.3 |