Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-10 | CVE-2006-6453 | Remote File Include vulnerability in J-Owamp web Interface 2.1 PHP remote file inclusion vulnerability in JOWAMP_ShowPage.php in J-OWAMP Web Interface 2.1 allows remote authenticated users to execute arbitrary PHP code via a URL in the link parameter. | 6.5 |
| 2006-12-10 | CVE-2006-6452 | Cross-Site Scripting vulnerability in Myarticles Multiple cross-site scripting (XSS) vulnerabilities in the MyArticles module before 0.6 beta 1, for RunCMS, allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) topics.php, (2) submit.php, and (3) class/calendar.class.php. network myarticles | 6.8 |
| 2006-12-10 | CVE-2006-6451 | Cross-Site Scripting vulnerability in Swsoft Plesk 7.5 Multiple cross-site scripting (XSS) vulnerabilities in SWsoft Plesk 8.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) get_password.php or (2) login_up.php3. | 6.8 |
| 2006-12-10 | CVE-2006-6449 | Information Disclosure vulnerability in Vt-Forum Lite 1.3 Vt-Forum Lite 1.3 and earlier store sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for db/forum.mdb. | 6.4 |
| 2006-12-10 | CVE-2006-6447 | Cross-Site Scripting vulnerability in Vt-Forum Lite 1.3/1.5 Multiple cross-site scripting (XSS) vulnerabilities in Vt-Forum Lite 1.3 and 1.5 allow remote attackers to inject arbitrary web script or HTML via (1) the StrMes parameter in vf_info.asp and possibly (2) a URL in the SRC attribute of an IFRAME element that is submitted to vf_newtopic.asp. network vt-forum | 6.8 |
| 2006-12-10 | CVE-2006-6446 | SQL Injection vulnerability in Iware Professional 5.0.4 SQL injection vulnerability in index.php in iWare Professional 5.0.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the D parameter. network iware | 6.8 |
| 2006-12-10 | CVE-2006-6444 | Buffer Overflow vulnerability in Divx Player 2.1/2.2.00.0 Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. network divx | 6.8 |
| 2006-12-10 | CVE-2006-6383 | Improper Input Validation vulnerability in PHP 4.4.0/5.2.0 PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP validates the allowed path but sets session.save_path to the malicious path. | 4.6 |
| 2006-12-10 | CVE-2006-6441 | Local Security vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive. | 4.6 |
| 2006-12-10 | CVE-2006-6438 | Local Security vulnerability in Workcentre 238 Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 leaves sensitive user data in http.log after an Immediate Image Overwrite (IIO), which allows local users to obtain the data by reading the http.log file. | 4.9 |