Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-12 | CVE-2006-6481 | Denial Of Service vulnerability in Clam Anti-Virus Clamav 0.88.6 Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. | 5.0 |
2006-12-12 | CVE-2006-6480 | Input Validation vulnerability in Scriptphp Annoncescripthp 2.0 admin/admin_membre/fiche_membre.php in AnnonceScriptHP 2.0 allows remote attackers to obtain sensitive information via the idmembre parameter, which discloses the passwords for arbitrary users. | 5.0 |
2006-12-12 | CVE-2006-6479 | Input Validation vulnerability in Scriptphp Annoncescripthp 2.0 Multiple cross-site scripting (XSS) vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to inject arbitrary web script or HTML via the email parameter in (1) erreurinscription.php, (2) Templates/admin.dwt.php, (3) Templates/commun.dwt.php, (4) membre.dwt.php, and (5) admin/admin_config/Aide.php. network scriptphp | 6.8 |
2006-12-11 | CVE-2006-5871 | Multiple vulnerability in Linux Kernel 2.4.33/2.6.8 smbfs in Linux kernel 2.6.8 and other versions, and 2.4.x before 2.4.34, when UNIX extensions are enabled, ignores certain mount options, which could cause clients to use server-specified uid, gid and mode settings. local linux | 4.1 |
2006-12-11 | CVE-2006-6469 | Remote Security vulnerability in WorkCentre Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not block the postgres port (5432/tcp), which has unknown impact and remote attack vectors, probably related to unauthorized connections to a PostgreSQL daemon. low complexity xerox | 5.8 |
2006-12-11 | CVE-2006-6468 | Remote Security vulnerability in WorkCentre Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not check the Fully Qualified Domain Name (FQDN) during a "Validate Repository SSL Certificate" scan, which has unknown impact and attack vectors, possibly related to spoofed certificates. low complexity xerox | 5.8 |
2006-12-11 | CVE-2006-6467 | Remote Security vulnerability in WorkCentre Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 do not properly restrict access to SMB file resources, which allows remote attackers to gain unspecified file or directory access via vectors related to (1) visibility of the SMB "Homes" share and (2) SMB file system browsing. low complexity xerox | 5.8 |
2006-12-11 | CVE-2006-6466 | Cross-Site Scripting vulnerability in WikyBlog Multiple cross-site scripting (XSS) vulnerabilities in WBmap.php in WikyBlog 1.3.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) key, (2) d, (3) l, or (4) v parameter. network wikyblog | 6.8 |
2006-12-11 | CVE-2006-6459 | HTML Injection vulnerability in PHPbb Toplist 1.3.7 Cross-site scripting (XSS) vulnerability in toplist.php in PhpBB Toplist 1.3.7 allows remote attackers to inject arbitrary HTML or web script via the (1) Name and (2) Information fields when adding a new site (toplistnew action). network phpbb | 6.8 |
2006-12-11 | CVE-2006-6457 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.2/1.9.5 tiki-wiki_rss.php in Tikiwiki 1.9.5, 1.9.2, and possibly other versions allows remote attackers to obtain sensitive information (MySQL username and password) via an invalid (large or negative) ver parameter, which leaks the information in an error message. | 5.0 |