Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-6101 | Local Integer Overflow vulnerability in X.Org DBE And Render Extensions Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data structures. | 6.6 |
| 2006-12-31 | CVE-2006-5858 | Information Exposure vulnerability in Adobe Coldfusion and Jrun Adobe ColdFusion MX 7 through 7.0.2, and JRun 4, when run on Microsoft IIS, allows remote attackers to read arbitrary files, list directories, or read source code via a double URL-encoded NULL byte in a ColdFusion filename, such as a CFM file. | 5.0 |
| 2006-12-31 | CVE-2006-5265 | Improper Input Validation vulnerability in Microsoft Dynamics GP Unspecified vulnerability in Microsoft Dynamics GP (formerly Great Plains) 9.0 and earlier allows remote attackers to cause a denial of service (crash) via an invalid magic number in a Distributed Process Server (DPS) message. | 5.0 |
| 2006-12-31 | CVE-2006-4727 | Cross-Site Scripting vulnerability in Tumbleweed Email Firewall 6.2.2Build4123 Cross-site scripting (XSS) vulnerability in emfadmin/statusView.do in Tumbleweed EMF Administration Module 6.2.2 Build 4123, and possibly other versions before 6.3.2, allows remote attackers to inject arbitrary web script or HTML via the (1) lineId and (2) sort parameters. | 4.3 |
| 2006-12-31 | CVE-2006-4582 | Cross-Site Request Forgery vulnerability in the Address Book the Address Book 1.04E Cross-site request forgery (CSRF) vulnerability in The Address Book 1.04e allows remote attackers to perform unauthorized actions as other users via unspecified vectors, as demonstrated by deleting arbitrary users via the id parameter in a deleteuser action in users.php. | 5.0 |
| 2006-12-31 | CVE-2006-4581 | Remote vulnerability in the Address Book the Address Book 1.04E Unrestricted file upload vulnerability in The Address Book 1.04e validates the Content-Type header but not the file extension, which allows remote attackers to upload arbitrary PHP scripts. | 5.0 |
| 2006-12-31 | CVE-2006-4579 | Remote vulnerability in the Address Book the Address Book 1.04E Directory traversal vulnerability in users.php in The Address Book 1.04e allows remote attackers to include arbitrary files via a .. | 5.0 |
| 2006-12-31 | CVE-2006-4577 | Remote vulnerability in the Address Book the Address Book 1.04E Multiple cross-site scripting (XSS) vulnerabilities in The Address Book 1.04e allow remote attackers to inject arbitrary web script or HTML via Javascript events in the (1) email, (2) websites, and (3) groupAddName parameters in (a) save.php; the (4) errorMsg parameter in (b) index.php; and the (5) goTo and (6) search parameters in (c) search.php. network the-address-book | 6.8 |
| 2006-12-31 | CVE-2006-4576 | Remote vulnerability in the Address Book the Address Book 1.04E Cross-site scripting (XSS) vulnerability in The Address Book 1.04e allows remote attackers to inject arbitrary web script or HTML by uploading the HTML file with a GIF or JPG extension, which is rendered by Internet Explorer. network the-address-book | 6.8 |
| 2006-12-31 | CVE-2006-4220 | Cross-Site Scripting vulnerability in Novell Groupwise and Groupwise Webaccess Multiple cross-site scripting (XSS) vulnerabilities in webacc in Novell GroupWise WebAccess before 7 Support Pack 3 Public Beta allow remote attackers to inject arbitrary web script or HTML via the (1) User.html, (2) Error, (3) User.Theme.index, and (4) and User.lang parameters. | 4.3 |