Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-26 | CVE-2006-6725 | Path Traversal vulnerability in PHPbuilder Multiple directory traversal vulnerabilities in PHPBuilder 0.0.2 and earlier allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-26 | CVE-2006-6724 | Denial-Of-Service vulnerability in Bolintech Dream FTP Server 1.02 BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command. | 4.0 |
| 2006-12-23 | CVE-2006-6721 | HTML Injection vulnerability in Knusperleicht Shoutbox 2.6 Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. network knusperleicht | 6.8 |
| 2006-12-23 | CVE-2006-6719 | Remote Denial of Service vulnerability in GNU Wget FTP_Syst Function The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | 5.0 |
| 2006-12-23 | CVE-2006-6715 | Remote File Include vulnerability in PowerClan Footer.Inc.PHP PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter. | 5.1 |
| 2006-12-23 | CVE-2006-6708 | Input Validation vulnerability in MGInternet Property Site Manager Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. network mginternet | 6.8 |
| 2006-12-23 | CVE-2006-6706 | SQL Injection vulnerability in Soumu products SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | 6.5 |
| 2006-12-23 | CVE-2006-6705 | Improper Authentication vulnerability in Soumu products Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | 5.0 |
| 2006-12-23 | CVE-2006-6704 | Cross-Site Scripting vulnerability in Atmail Webadmin Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." This vulnerability is addressed in the following product release: @Mail, @Mail Webadmin, 4.6 network atmail | 6.8 |
| 2006-12-23 | CVE-2006-6703 | Cross-Site Scripting vulnerability in Oracle Portal Container_Tabs.JSP Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. network oracle | 6.8 |