Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-19 | CVE-2006-6638 | Remote SQLJRA Packet Denial of Service vulnerability in IBM DB2 IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | 5.0 |
| 2006-12-19 | CVE-2006-6637 | Information Exposure vulnerability in IBM Websphere Application Server The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | 5.0 |
| 2006-12-19 | CVE-2006-3896 | Authentication Bypass vulnerability in NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | 4.9 |
| 2006-12-18 | CVE-2006-6632 | Remote File Include vulnerability in Genepi Genepi.PHP PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. network genepi | 6.8 |
| 2006-12-18 | CVE-2006-6631 | Remote File Include vulnerability in Osprey GetRecord.PHP PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. network ibiblio | 6.8 |
| 2006-12-18 | CVE-2006-6628 | Remote Word File Integer Overflow vulnerability in Openoffice 2.1 Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. network openoffice | 4.3 |
| 2006-12-18 | CVE-2006-6626 | Input Validation vulnerability in Moodle Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. network moodle | 6.8 |
| 2006-12-18 | CVE-2006-6625 | Input Validation vulnerability in Moodle 1.6.1 Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. network moodle | 6.8 |
| 2006-12-18 | CVE-2006-6624 | Remote Denial of Service vulnerability in Sambar Server 6.4 The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | 4.0 |
| 2006-12-18 | CVE-2006-6617 | Information Disclosure vulnerability in Microsoft Project Server 2003 projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | 6.5 |