Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-04 | CVE-2006-6279 | Input Validation vulnerability in Alexphpteam Alex Guestbook 4.0.1 index.php in @lex Guestbook 4.0.1 allows remote attackers to obtain sensitive information via a skin parameter referencing a nonexistent skin, which reveals the installation path in an error message. | 5.0 |
| 2006-12-04 | CVE-2006-6278 | Input Validation vulnerability in Alexphpteam Alex Guestbook 4.0.1 Cross-site scripting (XSS) vulnerability in index.php in @lex Guestbook 4.0.1 allows remote attackers to inject arbitrary web script or HTML via the skin parameter. network alexphpteam | 6.8 |
| 2006-12-04 | CVE-2006-6277 | Local File Include vulnerability in Contentserv 4.0/4.1 Directory traversal vulnerability in admin/FileServer.php in ContentServ 4.x allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-04 | CVE-2006-6275 | Race Condition vulnerability in SUN Solaris and Sunos Race condition in the kernel in Sun Solaris 8 through 10 allows local users to cause a denial of service (panic) via unspecified vectors, possibly related to the exitlwps function and SIGKILL and /proc PCAGENT signals. | 4.7 |
| 2006-12-04 | CVE-2006-6274 | Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP SQL injection vulnerability in articles.asp in Expinion.net iNews (1) Publisher (iNP) 2.5 and earlier, and possibly (2) News Manager, allows remote attackers to execute arbitrary SQL commands via the ex parameter. network expinion-net | 6.8 |
| 2006-12-04 | CVE-2006-6272 | Cross-Site Scripting vulnerability in Paul Griffin Simple PHP Gallery 1.1 Cross-site scripting (XSS) vulnerability in sp_index.php in Simple PHP Gallery 1.1 allows remote attackers to inject arbitrary web script or HTML via the dir parameter. network paul-griffin | 6.8 |
| 2006-12-04 | CVE-2006-6271 | Cross-Site Scripting vulnerability in PHPoll 0.96 Multiple cross-site scripting (XSS) vulnerabilities in PHPOLL 0.96 allow remote attackers to inject arbitrary web script or HTML via the language parameter to (1) index.php, (2) info.php; and (3) index.php, (4) votanti.php, (5) risultati_config.php, (6) modifica_band.php, (7) band_editor.php, and (8) config_editor.php in admin/. network phpoll | 6.8 |
| 2006-12-04 | CVE-2006-6266 | Remote Security vulnerability in Teredo Teredo clients, when following item 6 of RFC4380 section 5.2.3, start direct IPv6 connectivity tests (aka ping tests) in response to packets from non-Teredo source addresses, which might allow remote attackers to induce Teredo clients to send packets to third parties. network microsoft | 6.8 |
| 2006-12-04 | CVE-2006-6265 | Remote Security vulnerability in Teredo Teredo clients, when located behind a restricted NAT, allow remote attackers to establish an inbound connection without the guessing required to find a port mapping for a traditional restricted NAT client, by (1) using the client port number contained in the Teredo address or (2) following the bubble-to-open procedure. low complexity microsoft | 5.8 |
| 2006-12-04 | CVE-2006-6263 | Security Bypass vulnerability in Teredo Teredo clients, when source routing is enabled, recognize a Routing header in an encapsulated IPv6 packet and send the packet to the next hop, which might allow remote attackers to bypass policies of certain Internet gateways that drop all source-routed packets. network microsoft | 6.8 |