Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-23 | CVE-2006-6702 | Cross-Site Scripting vulnerability in Atmail Webmail Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. network atmail | 6.8 |
| 2006-12-23 | CVE-2006-6700 | Cross-Site Scripting vulnerability in Atmail Webmail System Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network calacode | 6.8 |
| 2006-12-23 | CVE-2006-6699 | Remote Security vulnerability in Oracle Application Server Portal 9.0.2 Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. | 5.0 |
| 2006-12-22 | CVE-2006-6696 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | 6.9 |
| 2006-12-21 | CVE-2006-6695 | Cross-Site Scripting vulnerability in Carsen Klock Textsend 1.4 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. network carsen-klock | 6.8 |
| 2006-12-21 | CVE-2006-6687 | Cross-Site Scripting vulnerability in Web-App.Net Webapp 0.9.9.3.4/0.9.9.4 Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2006-12-21 | CVE-2006-6686 | Remote File Include vulnerability in TextSend Sender.PHP PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. network textsend | 6.8 |
| 2006-12-21 | CVE-2006-6682 | 7PK - Errors vulnerability in Chetcpasswd Project Chetcpasswd 2.3.3 Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system. | 5.0 |
| 2006-12-21 | CVE-2006-6680 | Information Disclosure vulnerability in Chetcpasswd 2.2.1 Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. | 4.6 |
| 2006-12-21 | CVE-2006-6104 | Information Disclosure vulnerability in Mono XSP 1.1/1.2.1/2.0 The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. | 5.0 |