Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-12-14 CVE-2006-6558 Remote Heap Buffer Overflow vulnerability in Crob FTP Server 3.6.1B.263
Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command.
network
low complexity
crob
5.0
5.0
2006-12-14 CVE-2006-6557 Remote Security vulnerability in Skulls 0.2.5
Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes."
network
skulls
6.8
6.8
2006-12-14 CVE-2006-6554 Denial-Of-Service vulnerability in Kerio Mailserver
Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm.
network
low complexity
kerio
5.0
5.0
2006-12-14 CVE-2006-6547 Remote Denial-of-Service vulnerability in Winamp iPod Plugin Audio Book File Handling
Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file.
network
mlipod
4.3
4.3
2006-12-14 CVE-2006-6544 Cross-Site Scripting vulnerability in Cm68 News
Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
network
cm68-news
6.8
6.8
2006-12-14 CVE-2006-6540 SQL-Injection vulnerability in Bluetrait
SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters.
network
bluetrait
6.8
6.8
2006-12-14 CVE-2006-6536 Cross-Site Scripting vulnerability in Cilem Haber Freeedition
Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter.
network
cilem
6.8
6.8
2006-12-14 CVE-2006-6534 Input Validation vulnerability in Oscommerce 3.0A3
Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php.
network
oscommerce
4.3
4.3
2006-12-14 CVE-2006-6532 Cross-Site Scripting vulnerability in Vt-Forum Lite
Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447.
network
vt-forum
6.8
6.8
2006-12-14 CVE-2006-6531 Cross-Site Scripting vulnerability in Help Tip Module
Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles.
network
drupal
6.8
6.8