Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-08 | CVE-2006-6393 | Input Validation vulnerability in Publicera Cross-site scripting (XSS) vulnerability in Jonas Gauffin Publicera 1.0-rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the InputFilter::getString function. network jonas-gauffin | 6.8 |
2006-12-08 | CVE-2006-6391 | Directory Traversal vulnerability in Open Solution Quick.Cart 2.0 Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include arbitrary files via a .. network open-solution | 6.8 |
2006-12-08 | CVE-2006-6390 | Local File Include vulnerability in Open Solution Quick.Cart 2.0 Multiple directory traversal vulnerabilities in Open Solution Quick.Cart 2.0, when register_globals is enabled and magic_quotes_gpc is disabled, allow remote attackers to include and execute arbitrary local files via a .. network open-solution | 6.8 |
2006-12-08 | CVE-2006-6389 | Scripts Multiple Cross-Site Scripting vulnerability in Mobile Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via the (1) Taaa parameter to (a) up.php, or the (2) pollhtml and (3) Bloks parameters to (b) polls.php, different vectors than CVE-2006-5770. network ac4p | 6.8 |
2006-12-08 | CVE-2006-6388 | Input Validation vulnerability in Link CMS Cross-site scripting (XSS) vulnerability in naprednaPretraga.php in LINK Content Management Server (CMS) allows remote attackers to inject arbitrary web script or HTML via the txtPretraga parameter. network link | 6.8 |
2006-12-08 | CVE-2006-6386 | Cross-Site Scripting vulnerability in Drupal CVS Management/Tracker Motivation Field Cross-site scripting (XSS) vulnerability in the CVS management/tracker 4.7.x-1.0, 4.7.x-2.0, and 4.7.0 (before the 20060807 contribution release system) for Drupal allows remote attackers to inject arbitrary web script or HTML via the motivation field in the CVS application page, which is not passed through check_markup on display. network drupal | 6.8 |
2006-12-08 | CVE-2006-6334 | Buffer Overflow vulnerability in Citrix Presentation Server Client WFICA.OCX ActiveX Component Heap Heap-based buffer overflow in the SendChannelData function in wfica.ocx in Citrix Presentation Server Client before 9.230 for Windows allows remote malicious web sites to execute arbitrary code via a DataSize parameter that is less than the length of the Data buffer. network citrix | 6.8 |
2006-12-07 | CVE-2006-4249 | Group Spoofing vulnerability in Plone 2.5/2.5.1 Unspecified vulnerability in PlonePAS in Plone 2.5 and 2.5.1, when anonymous member registration is enabled, allows an attacker to "masquerade as a group." network plone | 4.3 |
2006-12-07 | CVE-2006-6382 | Unspecified vulnerability in Positive Software H-Sphere 2.4.3 The control panel for Positive Software H-Sphere before 2.5.0 RC3 creates log files in a user's directory with insecure permissions, which allows local users to append log data to arbitrary files via a symlink attack. | 6.8 |
2006-12-07 | CVE-2006-6380 | Cross-Site Scripting vulnerability in Ultimate HelpDesk Index.ASP Cross-site scripting (XSS) vulnerability in index.asp in Ultimate HelpDesk allows remote attackers to inject arbitrary web script or HTML via the keyword parameter. network ultimate-helpdesk | 6.8 |