Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-26 | CVE-2006-6738 | Code Injection vulnerability in Cwm-Design Cwmcounter PHP remote file inclusion vulnerability in statistic.php in cwmCounter 5.1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 6.8 |
| 2006-12-26 | CVE-2006-6737 | Information Disclosure vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 5 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_10 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The first issue." network sun | 4.3 |
| 2006-12-26 | CVE-2006-6736 | Information Disclosure vulnerability in SUN Jdk, JRE and SDK Unspecified vulnerability in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 6 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allows attackers to use untrusted applets to "access data in other applets," aka "The second issue." network sun | 4.3 |
| 2006-12-26 | CVE-2006-6735 | Information Exposure vulnerability in Obie Website Mini web Shop 2.1.C modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to obtain sensitive information via a request with an arbitrary catname parameter but no itemsdb parameter, which reveals the path in an error message. | 5.0 |
| 2006-12-26 | CVE-2006-6734 | Cross-Site Scripting vulnerability in Obie Website Mini web Shop 2.1.C Cross-site scripting (XSS) vulnerability in modules/viewcategory.php in Minh Nguyen Duong Obie Website Mini Web Shop 2.1.c allows remote attackers to inject arbitrary web script or HTML via the catname parameter. | 4.3 |
| 2006-12-26 | CVE-2006-6733 | Cross-Site Scripting vulnerability in Osticket STS 1.2.7/1.3Beta Cross-site scripting (XSS) vulnerability in support/view.php in Support Cards 1 (osTicket) allows remote attackers to inject arbitrary web script or HTML via the e parameter. | 4.3 |
| 2006-12-26 | CVE-2006-6732 | Code Injection vulnerability in Cwm-Design Cwmvote 1.0 PHP remote file inclusion vulnerability in archive.php in cwmVote 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the abs parameter. | 6.8 |
| 2006-12-26 | CVE-2006-6730 | Local Security vulnerability in NetBSD OpenBSD and NetBSD permit usermode code to kill the display server and write to the X.Org /dev/xf86 device, which allows local users with root privileges to reduce securelevel by replacing the System Management Mode (SMM) handler via a write to an SMRAM address within /dev/xf86 (aka the video card memory-mapped I/O range), and then launching the new handler via a System Management Interrupt (SMI), as demonstrated by a write to Programmed I/O port 0xB2. | 6.6 |
| 2006-12-26 | CVE-2006-6729 | Cross-Site Scripting vulnerability in A-Blog Cross-site scripting (XSS) vulnerability in a-blog 1.51 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2006-12-26 | CVE-2006-6728 | Denial of Service vulnerability in LANMessenger Information Request Mechanism Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors. | 6.4 |