Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-10 | CVE-2006-6436 | Cross-Site Scripting vulnerability in Workcentre 238 Cross-site scripting (XSS) vulnerability in the Network controller in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows remote attackers to inject arbitrary web script or HTML via HTTP TRACE messages. network xerox | 6.8 |
| 2006-12-10 | CVE-2006-6433 | Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 does not record accurate timestamps, which makes it easier for remote attackers to avoid detection when an audit tries to rely on these timestamps. | 5.0 |
| 2006-12-10 | CVE-2006-6432 | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Unspecified vulnerability in the Scan-to-mailbox feature in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to download certain files via unspecified vectors. | 5.0 |
| 2006-12-10 | CVE-2006-6431 | Remote Security vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Unspecified vulnerability in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify signatures of e-mail messages via unspecified vectors. | 5.0 |
| 2006-12-10 | CVE-2006-6429 | Multiple vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows attackers to modify certain configuration settings via unspecified vectors involving the "TFTP/BOOTP auto configuration option." | 5.0 |
| 2006-12-10 | CVE-2006-6426 | Remote Security vulnerability in ThinkEdit PHP remote file inclusion vulnerability in design/thinkedit/render.php in ThinkEdit 1.9.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the template_file parameter. network thinkedit | 6.8 |
| 2006-12-10 | CVE-2006-6422 | Applications Denial of Service vulnerability in Agileco Agileco AgileBill 1.4.x and AgileVoice 1.4.x do not properly handle certain proxy requests, which allows remote attackers to disable the application by entering invalid license data on a form, possibly involving modules/core/license.inc.php. | 5.0 |
| 2006-12-10 | CVE-2006-6421 | Input Validation vulnerability in PHPBB Cross-site scripting (XSS) vulnerability in the private message box implementation (privmsg.php) in phpBB 2.0.x allows remote authenticated users to inject arbitrary web script or HTML via the "Message body" field in a message to a non-existent user. network phpbb-group | 6.0 |
| 2006-12-10 | CVE-2006-6420 | Cross-Site Scripting vulnerability in JCE Admin Component for Joomla Multiple cross-site scripting (XSS) vulnerabilities in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allow remote attackers to inject arbitrary web script or HTML via the (1) img, (2) title, (3) w, or (4) h parameter, different vectors than CVE-2006-6166. network ryan-demmer | 6.8 |
| 2006-12-10 | CVE-2006-6413 | Cross-Site Scripting vulnerability in Amateras SNS Cross-site scripting (XSS) vulnerability in Amateras sns 3.11 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network amateras | 6.8 |