Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-20 | CVE-2006-6498 | Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. network mozilla | 6.8 |
| 2006-12-20 | CVE-2006-6497 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. network mozilla | 6.8 |
| 2006-12-19 | CVE-2006-6640 | Cross-Site Scripting vulnerability in Omniture Sitecatalyst 0 Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. network omniture | 6.8 |
| 2006-12-19 | CVE-2006-6639 | Local Privilege Escalation vulnerability in Chetcpasswd 2.4.1 Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | 4.6 |
| 2006-12-19 | CVE-2006-6638 | Remote SQLJRA Packet Denial of Service vulnerability in IBM DB2 IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | 5.0 |
| 2006-12-19 | CVE-2006-6637 | Information Exposure vulnerability in IBM Websphere Application Server The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | 5.0 |
| 2006-12-19 | CVE-2006-3896 | Authentication Bypass vulnerability in NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | 4.9 |
| 2006-12-18 | CVE-2006-6632 | Remote File Include vulnerability in Genepi Genepi.PHP PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. network genepi | 6.8 |
| 2006-12-18 | CVE-2006-6631 | Remote File Include vulnerability in Osprey GetRecord.PHP PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. network ibiblio | 6.8 |
| 2006-12-18 | CVE-2006-6628 | Remote Word File Integer Overflow vulnerability in Openoffice 2.1 Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. network openoffice | 4.3 |