Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-12-14 CVE-2006-6523 Cross-Site Scripting vulnerability in Cpanel 11
Cross-site scripting (XSS) vulnerability in mail/manage.html in BoxTrapper in cPanel 11 allows remote attackers to inject arbitrary web script or HTML via the account parameter.
network
cpanel
6.8
6.8
2006-12-14 CVE-2006-6522 Cross-Site Scripting vulnerability in Twozero
Multiple cross-site scripting (XSS) vulnerabilities in WikiTimeScale TwoZero before 2.31 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors in the (1) forum module and (2) event descriptions.
network
wikitimescale
6.8
6.8
2006-12-14 CVE-2006-6520 Input Validation vulnerability in Scriptphp Messageriescripthp 2.0
Multiple cross-site scripting (XSS) vulnerabilities in Messageriescripthp 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo parameter to (a) existepseudo.php, the (2) email parameter to (b) existeemail.php, or the (3) pageName or (4) cssform parameter to (c) Contact/contact.php.
network
scriptphp
6.8
6.8
2006-12-14 CVE-2006-6518 Input Validation vulnerability in Scriptphp Pronews 1.5
Multiple cross-site scripting (XSS) vulnerabilities in ProNews 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) pseudo, (2) email, (3) date, (4) sujet, (5) message, (6) site, and (7) lien parameters to (a) admin/change.php, and the (8) aa parameter to (b) lire-avis.php.
network
scriptphp
6.8
6.8
2006-12-14 CVE-2006-6517 Input Validation vulnerability in KDPics
Multiple cross-site scripting (XSS) vulnerabilities in KDPics 1.16 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) categories parameter to (a) index.php3 or (b) galeries.inc.php3.
network
kdpics
6.8
6.8
2006-12-14 CVE-2006-6511 Remote Security vulnerability in dadaimc
dadaIMC .99.3 uses an insufficiently restrictive FilesMatch directive in the installed .htaccess file, which allows remote attackers to execute arbitrary PHP code by uploading files whose names contain (1) feature, (2) editor, (3) newswire, (4) otherpress, (5) admin, (6) pbook, (7) media, or (8) mod, which are processed as PHP file types (application/x-httpd-php).
network
dadaimc
6.8
6.8
2006-12-14 CVE-2006-6509 Unspecified vulnerability in Sitekiosk
Cross-site scripting (XSS) vulnerability in the skinning feature in SiteKiosk before 6.5.150 allows local users to bypass security protections and inject arbitrary web script or HTML via an ABOUT: URI, which is displayed in the title bar of the browser.
local
sitekiosk
4.1
4.1
2006-12-14 CVE-2006-6508 Cross-Site Request Forgery vulnerability in PHPbb Group PHPbb 2.0.21
Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors.
network
phpbb-group
6.0
6.0
2006-12-14 CVE-2006-5649 Multiple vulnerability in Linux Kernel
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
local
low complexity
ubuntu
4.6
4.6
2006-12-14 CVE-2006-5648 Local Denial of Service vulnerability in Ubuntu Linux 6.10
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed.
local
low complexity
ubuntu
4.6
4.6