Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-14 | CVE-2006-6523 | Cross-Site Scripting vulnerability in Cpanel 11 Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter. network cpanel | 6.8 |
2006-12-14 | CVE-2006-6522 | Cross-Site Scripting vulnerability in Twozero Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions. network wikitimescale | 6.8 |
2006-12-14 | CVE-2006-6520 | Input Validation vulnerability in Scriptphp Messageriescripthp 2.0 Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php. network scriptphp | 6.8 |
2006-12-14 | CVE-2006-6518 | Input Validation vulnerability in Scriptphp Pronews 1.5 Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php. network scriptphp | 6.8 |
2006-12-14 | CVE-2006-6517 | Input Validation vulnerability in KDPics Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3. network kdpics | 6.8 |
2006-12-14 | CVE-2006-6511 | Remote Security vulnerability in dadaimc dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php). network dadaimc | 6.8 |
2006-12-14 | CVE-2006-6509 | Unspecified vulnerability in Sitekiosk Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser. local sitekiosk | 4.1 |
2006-12-14 | CVE-2006-6508 | Cross-Site Request Forgery vulnerability in PHPbb Group PHPbb 2.0.21 Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. network phpbb-group | 6.0 |
2006-12-14 | CVE-2006-5649 | Multiple vulnerability in Linux Kernel Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. | 4.6 |
2006-12-14 | CVE-2006-5648 | Local Denial of Service vulnerability in Ubuntu Linux 6.10 Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. | 4.6 |