Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-6893 | Denial-Of-Service vulnerability in TOR 0.1.1.26 Tor allows remote attackers to discover the IP address of a hidden service by accessing this service at a high rate, thereby changing the server's CPU temperature and consequently changing the pattern of time values visible through (1) ICMP timestamps, (2) TCP sequence numbers, and (3) TCP timestamps, a different vulnerability than CVE-2006-0414. | 5.0 |
| 2006-12-31 | CVE-2006-6892 | Cross-Site Scripting vulnerability in Jonathon Freeman Ovbb 0.13A Cross-site scripting (XSS) vulnerability in the GetLocation function in online.php in Jonathon J. network jonathon-freeman | 6.8 |
| 2006-12-31 | CVE-2006-6891 | Information Disclosure vulnerability in VZ Forum VZ Forum 2.0.3 Vz (Adp) Forum 2.0.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for users/admin.txt. | 5.0 |
| 2006-12-31 | CVE-2006-6888 | Information Disclosure vulnerability in P-News 1.16/1.17 P-News 1.16 and 1.17 store sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the administrative account name and password hash via a direct request for db/user.dat. | 5.0 |
| 2006-12-31 | CVE-2006-6887 | Code Injection vulnerability in Logahead UNU 1.0 Unrestricted file upload vulnerability in logahead UNU 1.0 allows remote attackers to upload and execute arbitrary PHP code via unspecified vectors related to plugins/widged/_widged.php (aka the WidgEd plugin), a different vulnerability than CVE-2006-6783. | 6.8 |
| 2006-12-31 | CVE-2006-6886 | Information Exposure vulnerability in PHPwcms 1.2.5Dev phpwcms 1.2.5-DEV allows remote attackers to obtain sensitive information via a direct request for (1) files.public-userroot.inc.php or (2) files.private.additions.inc.php in include/inc_lib/, which reveals the path in various error messages. | 5.0 |
| 2006-12-31 | CVE-2006-6885 | Remote Denial of Service vulnerability in Macromedia Shockwave 10 An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. network macromedia | 4.3 |
| 2006-12-31 | CVE-2006-6882 | Cross-Site Scripting vulnerability in Golden Book Golden Book Cross-site scripting (XSS) vulnerability in golden book allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2006-12-31 | CVE-2006-6879 | Unspecified vulnerability in PHP-Update Unrestricted file upload vulnerability in admin/uploads.php in PHP-Update 2.7 and earlier allows remote authenticated users to upload arbitrary PHP scripts to the gfx/ and files/ directories via the userfile parameter. network php-update | 6.0 |
| 2006-12-31 | CVE-2006-6877 | Directory Traversal vulnerability in 3Editor Cms Directory traversal vulnerability in index.php in Matteo Lucarelli 3editor CMS 0.42 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. network matteo-lucarelli | 6.8 |