Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-27 | CVE-2006-6758 | Directory Traversal vulnerability in Http Explorer Http Explorer web Server 1.02 Directory traversal vulnerability in Http explorer 1.02 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-12-27 | CVE-2006-6756 | Remote Security vulnerability in Ixprim CMS 1.2 The code function in install.fct.php in Ixprim 1.2 produces a guessable value of the confidential IXP_CODE in mainfile.php, which might allow remote attackers to gain access to the administration panel via a brute force attack. | 5.1 |
2006-12-27 | CVE-2006-6755 | Information Disclosure vulnerability in Ixprim CMS 1.2 Ixprim 1.2 allows remote attackers to obtain sensitive information via a direct request for kernel/plugins/fckeditor2/ixprim_api.php, which reveals the path in an error message. | 5.0 |
2006-12-27 | CVE-2006-6754 | SQL Injection vulnerability in Ixprim CMS 1.2 Multiple SQL injection vulnerabilities in Ixprim 1.2 allow remote attackers to execute arbitrary SQL commands via the story_id parameter to ixm_ixpnews.php, and unspecified other vectors. | 6.5 |
2006-12-27 | CVE-2006-6753 | Remote Security vulnerability in Windows Event Viewer Event Viewer (eventvwr.exe) in Microsoft Windows does not properly display log data that contains '%' (percent) characters, which might make it impossible to use Event Viewer to determine the actual data that triggered an event, and might produce long strings that are not properly handled by certain processes that rely on Event Viewer. low complexity microsoft | 4.1 |
2006-12-27 | CVE-2006-6751 | USE of Externally-Controlled Format String vulnerability in Dxmsoft XM Easy Personal FTP Server 5.2.1/5.3 Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. | 5.0 |
2006-12-27 | CVE-2006-6750 | Remote Denial of Service vulnerability in Dxmsoft XM Easy Personal FTP Server 5.0.1 Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. | 5.0 |
2006-12-27 | CVE-2006-6746 | Cross-Site Scripting vulnerability in Dreaxteam Xt-News 0.1 Multiple cross-site scripting (XSS) vulnerabilities in Xt-News 0.1 allow remote attackers to inject arbitrary web script or HTML via the id_news parameter to (1) add_comment.php or (2) show_news.php. | 4.3 |
2006-12-26 | CVE-2006-6743 | Local Security vulnerability in PHPprofiles 2.1.0 phpProfiles before 2.1.1 uses world writable permissions for certain profile files and directories, which allows local users to modify or delete files, related to (1) users/include/do_makeprofile.inc.php and (2) users/include/copy.inc.php. | 4.6 |
2006-12-26 | CVE-2006-6741 | Cross-Site Request Forgery (CSRF) vulnerability in Mkportal 1.1 Cross-site request forgery (CSRF) vulnerability in urlobox in MKPortal allows remote attackers to delete arbitrary messages as an administrator via a delete operation in an img BBcode tag. | 5.8 |