Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-6851 | Cross-Site Scripting vulnerability in Mobilelib Gold 2 Multiple cross-site scripting (XSS) vulnerabilities in contact_us.php in ac4p Mobilelib gold 2 allow remote attackers to inject arbitrary web script or HTML via the (1) email or (2) errr parameter. network mobilelib | 6.8 |
| 2006-12-31 | CVE-2006-6847 | Remote Denial of Service vulnerability in RealNetworks RealPlayer IERPPLUG.DLL ActiveX Control An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. | 5.0 |
| 2006-12-31 | CVE-2006-6845 | Cross-Site Scripting vulnerability in Cmsmadesimple CMS Made Simple 1.0.2 Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the cntnt01searchinput parameter in a Search action. network cmsmadesimple | 6.8 |
| 2006-12-31 | CVE-2006-6844 | HTML Injection vulnerability in Cmsmadesimple CMS Made Simple 1.0.2 Cross-site scripting (XSS) vulnerability in the optional user comment module in CMS Made Simple 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the user comment form. network cmsmadesimple | 6.8 |
| 2006-12-31 | CVE-2006-6837 | Remote Buffer Overflow vulnerability in Total Commands ISO_WinCmd Plugin Multiple stack-based buffer overflows in the (1) LoadTree, (2) ReadHeader, and (3) LoadXBOXTree functions in the ISO (iso_wincmd) plugin 1.7.3.3 and earlier for Total Commander allow user-assisted remote attackers to execute arbitrary code via a long pathname in an ISO image. network sergey-oblomov | 6.8 |
| 2006-12-31 | CVE-2006-6834 | Cross-Site Scripting vulnerability in Joomla Multiple unspecified vulnerabilities in Joomla! before 1.0.12 have unknown impact and attack vectors related to (1) "unneeded legacy functions" and (2) "Several low level security fixes." network joomla | 6.8 |
| 2006-12-31 | CVE-2006-6832 | Cross-Site Scripting vulnerability in Joomla Cross-site scripting (XSS) vulnerability in Joomla! before 1.0.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possibly related to poll.php or the module title. | 4.3 |
| 2006-12-31 | CVE-2006-6827 | Remote Denial of Service vulnerability in Macromedia Flash Flash8b.OCX ActiveX Control Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. | 5.0 |
| 2006-12-31 | CVE-2006-6144 | Unspecified vulnerability in MIT Kerberos 5 1.5/1.5.1 The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) via unspecified vectors that cause mechglue to free uninitialized pointers. | 5.0 |
| 2006-12-31 | CVE-2006-6103 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures. | 6.6 |