Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-20 | CVE-2006-6658 | Information Disclosure vulnerability in Inktomi Search 4.1.4 Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970. | 5.0 |
2006-12-20 | CVE-2006-6654 | Denial-Of-Service vulnerability in NetBSD The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. network netbsd | 4.3 |
2006-12-20 | CVE-2006-6651 | Remote Code execution vulnerability in Intel 2200Bg Proset Wireless 9.0.3.9 Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. network intel | 6.8 |
2006-12-20 | CVE-2006-6650 | Remote File Include vulnerability in MXBB Charts Module Module_Root_Path PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. network mxbb | 6.8 |
2006-12-20 | CVE-2006-6649 | Cross-Site Scripting vulnerability in Hypervm Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. network hypervm | 6.8 |
2006-12-20 | CVE-2006-6647 | Cross-Site Scripting vulnerability in Drupal Mysite 4.7/5 Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. network drupal | 6.8 |
2006-12-20 | CVE-2006-6646 | HTML-Injection vulnerability in Drupal Project and Drupal Project Issue Tracking Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. network drupal | 6.8 |
2006-12-20 | CVE-2006-6644 | Remote File Include vulnerability in MXBB Meeting Module Module_Root_Path PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. network mxbb | 6.8 |
2006-12-20 | CVE-2006-6643 | Remote Denial of Service vulnerability in Fightersoft Multimedia Star FTP Server 1.10 Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. | 5.0 |
2006-12-20 | CVE-2006-4814 | Resource Management Errors vulnerability in Linux Kernel The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. | 4.6 |