Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-07 | CVE-2006-6353 | Remote Archive File vulnerability in Apple BOMArchiveHelper Multiple unspecified vulnerabilities in BOMArchiveHelper in Mac OS X allow user-assisted remote attackers to cause a denial of service (application crash) via unspecified vectors related to (1) certain KERN_PROTECTION_FAILURE thread crashes and (2) certain KERN_INVALID_ADDRESS thread crashes, as discovered with the "iSec Partners FileP fuzzer". | 5.0 |
| 2006-12-07 | CVE-2006-6352 | Remote Denial Of Service vulnerability in Frisk Software F-Prot Antivirus 3.16F FRISK Software F-Prot Antivirus before 4.6.7 allows user-assisted remote attackers to cause a denial of service (infinite loop) via a crafted ACE file. | 5.0 |
| 2006-12-07 | CVE-2006-6348 | Cross-Site Scripting vulnerability in Mowdbb RC6 Cross-site scripting (XSS) vulnerability in board.php in mowdBB RC-6 allows remote attackers to inject arbitrary web script or HTML via the forum_name[] parameter. network mowdbb | 6.8 |
| 2006-12-07 | CVE-2006-6347 | File-Upload vulnerability in TFT Gallery Unrestricted file upload vulnerability in TFT-Gallery allows remote authenticated administrators to upload arbitrary .php files, possibly using admin/index.php. | 6.5 |
| 2006-12-07 | CVE-2006-6343 | SQL Injection vulnerability in Seditio/Land Down Under Polls.PHP SQL injection vulnerability in polls.php in Neocrome Seditio 1.10 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. network neocrome | 6.8 |
| 2006-12-07 | CVE-2006-6340 | Local Denial of Service vulnerability in Nvidia NView Keystone.EXE keystone.exe in nVIDIA nView allows attackers to cause a denial of service via a long command line argument. | 5.0 |
| 2006-12-07 | CVE-2006-6339 | SQL Injection vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6 SQL injection vulnerability in sites/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to execute arbitrary SQL commands via the show element in a GET request. network devilz-clanportal | 6.8 |
| 2006-12-07 | CVE-2006-6338 | Unspecified vulnerability in Devilz Clanportal Devilz Clanportal 1.3.6 Unrestricted file upload vulnerability in upload/index.php in deV!L`z Clanportal (DZCP) before 1.3.6.1 allows remote attackers to upload and execute arbitrary .php files by embedding PHP code in a JPEG or GIF file that is uploaded to inc/images/uploads/userpics/. | 5.0 |
| 2006-12-06 | CVE-2006-6112 | Remote Security vulnerability in LifeType LifeType 1.0.x and 1.1.x have insufficient access control for all of the PHP scripts under (1) class/ and (2) plugins/, which allows remote attackers to obtain the installation path via a direct request to any of the scripts, as demonstrated by (a) bayesianfilter.class.php and (b) bootstrap.php, which leaks the path in an error message. | 5.0 |
| 2006-12-06 | CVE-2006-6330 | Remote Security vulnerability in Torrentflux 2.2 index.php for TorrentFlux 2.2 allows remote registered users to execute arbitrary commands via shell metacharacters in the kill parameter. network torrentflux | 6.0 |