Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-15 | CVE-2006-6596 | Remote Command Execution vulnerability in Hilgraeve Hyperaccess 8.4 HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer. network hilgraeve | 6.8 |
| 2006-12-15 | CVE-2006-6589 | HTML Injection vulnerability in Apache Ofbiz and Opentaps Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. network apache | 6.8 |
| 2006-12-15 | CVE-2006-6587 | HTML Injection vulnerability in OFBiz Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. network apache | 6.8 |
| 2006-12-15 | CVE-2006-6585 | Remote Security vulnerability in Mozilla Firefox 2.0/3.0 The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. | 6.4 |
| 2006-12-15 | CVE-2006-6582 | Cross-Site Scripting vulnerability in User Manager Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. network scriptmate | 6.8 |
| 2006-12-15 | CVE-2006-6580 | Authentication Bypass vulnerability in Scriptphp Pronews 1.5 admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. | 6.4 |
| 2006-12-15 | CVE-2006-6579 | Unspecified vulnerability in Microsoft products Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. local microsoft | 4.4 |
| 2006-12-15 | CVE-2006-6577 | SQL Injection vulnerability in Seditio/Land Down Under Polls.PHP SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. network neocrome | 6.8 |
| 2006-12-15 | CVE-2006-6574 | Information Disclosure vulnerability in Mantis Custom Fields Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | 5.0 |
| 2006-12-15 | CVE-2006-6573 | Information Disclosure vulnerability in Citrix Access Gateway Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. network citrix | 6.0 |