Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-28 | CVE-2006-6800 | Remote File Include vulnerability in Limbo CMS Event Module 1.0 PHP remote file inclusion in eventcal/mod_eventcal.php in the event module 1.0 for Limbo CMS allows remote attackers to execute arbitrary PHP code via a URL in the lm_absolute_path parameter. network limbo-cms | 6.8 |
| 2006-12-28 | CVE-2006-6318 | Denial Of Service vulnerability in ELOG Web Logbook ELogD Server The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer dereference. | 5.0 |
| 2006-12-28 | CVE-2006-6797 | Unspecified vulnerability in Microsoft Windows XP The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. | 6.6 |
| 2006-12-28 | CVE-2006-6796 | Remote File Include vulnerability in MTCMS Admin_Settings.PHP PHP remote file inclusion vulnerability in admin/admin_settings.php in MTCMS 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the ins_file parameter. network mtcms | 6.8 |
| 2006-12-28 | CVE-2006-6786 | Authentication Bypass vulnerability in Open Newsletter Open Newsletter 2.0 Open Newsletter 2.5 and earlier allows remote authenticated administrators to execute arbitrary PHP code by inserting the code into the email parameter to (1) subscribe.php or (2) unsubscribe.php. | 6.5 |
| 2006-12-28 | CVE-2006-6782 | Cross-Site Scripting vulnerability in PNAmazu Cross-site scripting (XSS) vulnerability in pnamazu 2006.02.28 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network pnamazu | 6.8 |
| 2006-12-28 | CVE-2006-6781 | Input Validation vulnerability in Hlstats 1.20/1.34 HLstats 1.20 through 1.34 allows remote attackers to obtain sensitive information via playinfo mode, with certain values of the player and playerdata[lastName][] parameters, which reveals the path in an error message. | 5.0 |
| 2006-12-28 | CVE-2006-6779 | Unspecified vulnerability in Jelsoft Vbulletin Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin allows remote attackers to inject arbitrary web script or HTML via an SWF file that uses ActionScript to trigger execution of JavaScript. network jelsoft | 6.8 |
| 2006-12-28 | CVE-2006-6778 | Cross-Site Scripting vulnerability in Timberwolf 1.2.2 Cross-site scripting (XSS) vulnerability in shownews.php in TimberWolf 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the nid parameter. network timberwolf | 6.8 |
| 2006-12-28 | CVE-2006-6777 | Input Validation vulnerability in Future Internet Cross-site scripting (XSS) vulnerability in index.cfm in Future Internet allows remote attackers to inject arbitrary web script or HTML via the categoryId parameter in a Portal.ShowPage action. network future-internet | 6.8 |