Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-14 | CVE-2006-6558 | Remote Heap Buffer Overflow vulnerability in Crob FTP Server 3.6.1B.263 Crob FTP Server 3.6.1 b.263 allows remote attackers to cause a denial of service via a long series of "?A" sequences in the (1) LIST and possibly (2) NLST command. | 5.0 |
2006-12-14 | CVE-2006-6557 | Remote Security vulnerability in Skulls 0.2.5 Multiple unspecified vulnerabilities in Skulls! before 0.2.6 have unknown impact and attack vectors, as addressed by "Many security fixes." network skulls | 6.8 |
2006-12-14 | CVE-2006-6554 | Denial-Of-Service vulnerability in Kerio Mailserver Unspecified vulnerability in Kerio MailServer before 6.3.1 allows remote attackers to cause a denial of service (segmentation fault and service stop) via certain long LDAP queries, as demonstrated by vd_kms6.pm. | 5.0 |
2006-12-14 | CVE-2006-6547 | Remote Denial-of-Service vulnerability in Winamp iPod Plugin Audio Book File Handling Buffer overflow in the readAA function in read_aa.cpp in Winamp iPod Plugin (ml_ipod) 2.00 p19 and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long tag in an audible.com audiobook (aa) file. network mlipod | 4.3 |
2006-12-14 | CVE-2006-6544 | Cross-Site Scripting vulnerability in Cm68 News Cross-site scripting (XSS) vulnerability in CM68 News allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network cm68-news | 6.8 |
2006-12-14 | CVE-2006-6540 | SQL-Injection vulnerability in Bluetrait SQL injection vulnerability in bt-trackback.php in Bluetrait before 1.2.0, when trackback is enabled, allows remote attackers to execute arbitrary SQL commands via unspecified parameters. network bluetrait | 6.8 |
2006-12-14 | CVE-2006-6536 | Cross-Site Scripting vulnerability in Cilem Haber Freeedition Cross-site scripting (XSS) vulnerability in hata.asp in Cilem Haber Free Edition allows remote attackers to inject arbitrary web script or HTML via the hata parameter. network cilem | 6.8 |
2006-12-14 | CVE-2006-6534 | Input Validation vulnerability in Oscommerce 3.0A3 Multiple cross-site scripting (XSS) vulnerabilities in osCommerce 3.0a3 allow remote attackers to inject arbitrary web script or HTML via the (1) set parameter to admin/modules.php, the (2) selected_box parameter to definitiva/admin/customers.php, the (3) lID parameter to admin/languages_definitions.php, or the (4) pID parameter to admin/products.php. network oscommerce | 4.3 |
2006-12-14 | CVE-2006-6532 | Cross-Site Scripting vulnerability in Vt-Forum Lite Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) StrMsg or (2) Topic_ID parameter to (a) vf_info.asp, (b) vf_newtopic.asp, (c) vf_settings.asp, and (d) vf_replytopic.asp, different vectors than CVE-2006-6447. network vt-forum | 6.8 |
2006-12-14 | CVE-2006-6531 | Cross-Site Scripting vulnerability in Help Tip Module Cross-site scripting (XSS) vulnerability in the Help Tip module before 4.7.x-1.0 for Drupal allows remote attackers to inject arbitrary web script or HTML, and possibly obtain administrative access, via node titles. network drupal | 6.8 |