Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-15 | CVE-2006-6577 | SQL Injection vulnerability in Seditio/Land Down Under Polls.PHP SQL injection vulnerability in polls.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. network neocrome | 6.8 |
| 2006-12-15 | CVE-2006-6574 | Information Disclosure vulnerability in Mantis Custom Fields Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field. | 5.0 |
| 2006-12-15 | CVE-2006-6573 | Information Disclosure vulnerability in Citrix Access Gateway Unspecified vulnerability in Citrix Access Gateway 4.5 Advanced Edition, and 4.2 with Advanced Access Control (AAC) 4.2, when deployed on the Access Gateway appliance 4.2 through 4.2.2 allows remote authenticated users to "gain access to data" and obtain sensitive information via unspecified vectors. network citrix | 6.0 |
| 2006-12-15 | CVE-2006-6572 | Multiple vulnerability in Citrix Access Gateway Advanced Access Control Unspecified vulnerability in Citrix Advanced Access Control (AAC) Option 4.0, and Access Gateway 4.2 with Advanced Access Control 4.2, before 20061114, when the Browser-Only access feature is enabled, allows remote authenticated users to bypass access policies via a certain login method, a different issue than CVE-2006-4846. | 6.5 |
| 2006-12-15 | CVE-2006-6571 | Input Validation vulnerability in Genesistrader 1.0 Multiple cross-site scripting (XSS) vulnerabilities in form.php in GenesisTrader 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) cuve, (2) chem, (3) do, and possibly other parameters. network genesistrader | 6.8 |
| 2006-12-15 | CVE-2006-6565 | Null Pointer Dereference vulnerability in Filezilla-Project Filezilla Server 0.9.21/0.9.6 FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. | 4.0 |
| 2006-12-15 | CVE-2006-6564 | Denial-Of-Service vulnerability in FileZilla FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. | 4.0 |
| 2006-12-15 | CVE-2006-6563 | Local Buffer Overflow vulnerability in Proftpd Project Proftpd 1.3.0/1.3.0A Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value. local proftpd-project | 6.6 |
| 2006-12-15 | CVE-2006-6105 | Local Format String vulnerability in GNOME Display Manager GDMChooser Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog. | 4.3 |
| 2006-12-14 | CVE-2006-6474 | Remote Code Execution vulnerability in McAfee VirusScan For Linux Insecure DT_RPATH Untrusted search path vulnerability in McAfee VirusScan for Linux 4510e and earlier includes the current working directory in the DT_RPATH environment variable, which allows local users to load arbitrary ELF DSO libraries and execute arbitrary code by installing malicious libraries in that directory. | 4.6 |