Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-18 | CVE-2006-6626 | Input Validation vulnerability in Moodle Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. network moodle | 6.8 |
2006-12-18 | CVE-2006-6625 | Input Validation vulnerability in Moodle 1.6.1 Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. network moodle | 6.8 |
2006-12-18 | CVE-2006-6624 | Remote Denial of Service vulnerability in Sambar Server 6.4 The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | 4.0 |
2006-12-18 | CVE-2006-6617 | Information Disclosure vulnerability in Microsoft Project Server 2003 projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | 6.5 |
2006-12-18 | CVE-2006-6616 | Remote Authentication Bypass vulnerability in W00T Gallery W00T Gallery 1.4.0 index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. network w00t-gallery | 6.0 |
2006-12-18 | CVE-2006-6613 | Local File Include vulnerability in PhpAlbum Language.php Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. network phpalbum-net | 6.8 |
2006-12-18 | CVE-2006-6609 | Remote Command Execution and Denial of Service vulnerability in Nexuiz Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. | 5.0 |
2006-12-15 | CVE-2006-6604 | Directory Traversal vulnerability in Torrentflux 2.2 Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. | 6.5 |
2006-12-15 | CVE-2006-6602 | Denial of Service vulnerability in Microsoft Windows Explorer and Windows XP explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. network microsoft | 4.3 |
2006-12-15 | CVE-2006-6601 | Resource Management Errors vulnerability in multiple products Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. | 4.3 |