Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-15 | CVE-2006-6600 | Cross-Site Scripting vulnerability in TorrentFlux Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609. network torrentflux | 6.0 |
2006-12-15 | CVE-2006-6599 | Remote Command Execution vulnerability in Torrentflux 2.2 maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter. network torrentflux | 6.0 |
2006-12-15 | CVE-2006-6598 | Directory Traversal vulnerability in Torrentflux and Torrentflux-B4Rt Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. | 6.5 |
2006-12-15 | CVE-2006-6596 | Remote Command Execution vulnerability in Hilgraeve Hyperaccess 8.4 HyperAccess 8.4 allows user-assisted remote attackers to execute arbitrary vbscript and commands via a session (HAW) file, which can be automatically opened using Internet Explorer. network hilgraeve | 6.8 |
2006-12-15 | CVE-2006-6589 | HTML Injection vulnerability in Apache Ofbiz and Opentaps Cross-site scripting (XSS) vulnerability in ecommerce/control/keywordsearch in the Apache Open For Business Project (OFBiz) and Opentaps 0.9.3 allows remote attackers to inject arbitrary web script or HTML via the SEARCH_STRING parameter, a different issue than CVE-2006-6587. network apache | 6.8 |
2006-12-15 | CVE-2006-6587 | HTML Injection vulnerability in OFBiz Cross-site scripting (XSS) vulnerability in the forum implementation in the ecommerce component in the Apache Open For Business Project (OFBiz) allows remote attackers to inject arbitrary web script or HTML by posting a message. network apache | 6.8 |
2006-12-15 | CVE-2006-6585 | Remote Security vulnerability in Mozilla Firefox 2.0/3.0 The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. | 6.4 |
2006-12-15 | CVE-2006-6582 | Cross-Site Scripting vulnerability in User Manager Multiple cross-site scripting (XSS) vulnerabilities in ScriptMate User Manager 2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) members_username (user) and (2) members_password (password) fields in a login action in members/default.asp, and (3) the Search box. network scriptmate | 6.8 |
2006-12-15 | CVE-2006-6580 | Authentication Bypass vulnerability in Scriptphp Pronews 1.5 admin/change.php in ProNews 1.5 does not check whether a user is permitted to change news items, which allows remote attackers to add or delete information within an item, and possibly have other impacts. | 6.4 |
2006-12-15 | CVE-2006-6579 | Unspecified vulnerability in Microsoft products Microsoft Windows XP has weak permissions (FILE_WRITE_DATA and FILE_READ_DATA for Everyone) for %WINDIR%\pchealth\ERRORREP\QHEADLES, which allows local users to write and read files in this folder, as demonstrated by an ASP shell that has write access by IWAM_machine and read access by IUSR_Machine. local microsoft | 4.4 |