Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-6874 | Cross-Site Scripting vulnerability in Endonesia 8.4 Multiple cross-site scripting (XSS) vulnerabilities in friend.php in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via the (1) Message or (2) Your Name field. network endonesia | 6.8 |
| 2006-12-31 | CVE-2006-6872 | Scripts Multiple Input Validation vulnerability in Endonesia 8.4 Directory traversal vulnerability in mod.php in eNdonesia 8.4 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-31 | CVE-2006-6871 | Scripts Multiple Input Validation vulnerability in Endonesia 8.4 Multiple cross-site scripting (XSS) vulnerabilities in eNdonesia 8.4 allow remote attackers to inject arbitrary web script or HTML via (1) the mod parameter in a viewlink operation in mod.php, (2) the intypeid parameter in a showinfo operation in the informasi module in mod.php, (3) the "your Friend" field in friend.php, or (4) the "Main Text" field in admin.php. network endonesia | 6.8 |
| 2006-12-31 | CVE-2006-6870 | Denial Of Service vulnerability in Avahi Compressed DNS The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. | 5.0 |
| 2006-12-31 | CVE-2006-6868 | Cross-Site Scripting vulnerability in Zen Cart Multiple cross-site scripting (XSS) vulnerabilities in Zen Cart Web Shopping Cart before 1.3.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. network zen-cart | 6.8 |
| 2006-12-31 | CVE-2006-6862 | Input Validation vulnerability in Outfront Spooky Login 2.7 Multiple cross-site scripting (XSS) vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) login/login.asp or (2) login/register.asp. network outfront | 6.8 |
| 2006-12-31 | CVE-2006-6858 | Remote Security vulnerability in Miredo 0.9.8/1.0.3/1.0.4 Miredo 0.9.8 through 1.0.5 does not properly authenticate a Teredo bubble during UDP hole punching with HMAC-MD5-64 hashing, which allows remote attackers to impersonate an arbitrary Teredo client. network miredo | 6.8 |
| 2006-12-31 | CVE-2006-6857 | Cross-Site Scripting vulnerability in Docebolms Cross-site scripting (XSS) vulnerability in modules/credits/credits.php in Docebo LMS allows remote attackers to inject arbitrary web script or HTML via the lang parameter. network docebolms | 4.3 |
| 2006-12-31 | CVE-2006-6855 | Remote Denial of Service vulnerability in Aidex Mini-Webserver 1.1Rc3 AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. | 5.0 |
| 2006-12-31 | CVE-2006-6852 | Improper Input Validation vulnerability in Tdiary 2.0.1/2.0.2/2.0.3 Eval injection vulnerability in tDiary 2.0.3 and 2.1.4.200 61127 allows remote authenticated users to execute arbitrary Ruby code via unspecified vectors, possibly related to incorrect input validation by (1) conf.rhtml and (2) i.conf.rhtml. | 6.0 |