Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-31 | CVE-2006-1305 | Resource Management Errors vulnerability in Microsoft Office and Outlook Microsoft Outlook 2000, 2002, and 2003 allows user-assisted remote attackers to cause a denial of service (memory exhaustion and interrupted mail recovery) via malformed e-mail header information, possibly related to (1) long subject lines or (2) large numbers of recipients in To or CC headers. | 4.3 |
| 2006-12-29 | CVE-2006-6824 | Cross-Site Scripting vulnerability in PHP Icalendar PHP Icalendar Multiple cross-site scripting (XSS) vulnerabilities in Jim Hu and Chad Little PHP iCalendar 2.23 rc1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) getdate parameter in (a) day.php, (b) month.php, (c) year.php, (d) week.php, (e) search.php, (f) rss/index.php, (g) print.php, and (h) preferences.php; the (2) cpath parameter in (i) day.php, (j) month.php, (k) year.php, (l) week.php, and (m) search.php; the (3) query parameter in search.php; and possibly the cpath, (4) unset, and (5) set parameters in a setcookie action in preferences.php; different vectors than CVE-2006-3319. | 4.3 |
| 2006-12-29 | CVE-2006-6819 | Information Disclosure vulnerability in Webhost Directory AlstraSoft Web Host Directory stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a backup database via a direct request for admin/backup/db. | 6.4 |
| 2006-12-29 | CVE-2006-6817 | Information Disclosure vulnerability in Webhost Directory AlstraSoft Web Host Directory allows remote attackers to obtain sensitive information by requesting any invalid URI, which reveals the path in an error message, a different vulnerability than CVE-2006-2617. | 5.0 |
| 2006-12-29 | CVE-2006-6815 | Cross-Site Scripting vulnerability in Dmxready Secure Login Manager 1.0 Multiple cross-site scripting (XSS) vulnerabilities in DMXReady Secure Login Manager 1.0 allow remote authenticated administrators to inject arbitrary web script or HTML via unspecified parameters to (1) set_preferences.asp, (2) send_password_preferences.asp, and (3) SecureLoginManager/list.asp in the Local-Admin Panel. network dmxready | 6.0 |
| 2006-12-29 | CVE-2006-6814 | Directory Traversal vulnerability in Hosting Controller Hosting Controller 7C Directory traversal vulnerability in FolderManager/FolderManager.aspx in Hosting Controller 7c allows remote authenticated users to read and modify arbitrary files, and list arbitrary directories via ..\ (dot dot backslash) sequences in the BrowsePath parameter. network hosting-controller | 6.3 |
| 2006-12-29 | CVE-2006-6811 | Reachable Assertion vulnerability in multiple products KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. | 6.5 |
| 2006-12-29 | CVE-2006-6810 | Remote Denial of Service vulnerability in DB HUB DB HUB 0.3 Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. | 5.0 |
| 2006-12-28 | CVE-2006-6808 | HTML Injection vulnerability in Wordpress Cross-site scripting (XSS) vulnerability in wp-admin/templates.php in WordPress 2.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter. network wordpress | 6.8 |
| 2006-12-28 | CVE-2006-6801 | Remote File Include vulnerability in Sh-News 0.93 PHP remote file inclusion vulnerability in misc.php in SH-News 0.93, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via the news_cfg[path] parameter. network sh-news | 6.8 |