Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-12-04 | CVE-2006-6262 | Unspecified vulnerability in PHPjunkyard Mboard Directory traversal vulnerability in mboard.php in PHPJunkYard (aka Klemen Stirn) MBoard 1.22 and earlier allows remote attackers to create arbitrary empty files via a .. | 6.4 |
2006-12-04 | CVE-2006-6257 | Input Validation vulnerability in AlternC The file manager in AlternC 0.9.5 and earlier, when warnings are enabled in PHP, allows remote attackers to obtain sensitive information via certain folder names such as ones composed of JavaScript code, which reveal the path in a warning message. network alternc | 6.8 |
2006-12-04 | CVE-2006-6256 | Input Validation vulnerability in AlternC Cross-site scripting (XSS) vulnerability in the file manager in admin/bro_main.php in AlternC 0.9.5 and earlier allows remote attackers to inject arbitrary web script or HTML via a folder name. network alternc | 6.8 |
2006-12-04 | CVE-2006-6254 | Directory Traversal vulnerability in Cahier DE Textes Cahier DE Textes 2.0 administration/telecharger.php in Cahier de texte 2.0 allows remote attackers to obtain unparsed content (source code) of files via the chemin parameter, as demonstrated using directory traversal sequences to obtain the MySQL username and password from conn_cahier_de_texte.php. network cahier-de-textes | 4.3 |
2006-12-04 | CVE-2006-6253 | Directory Traversal vulnerability in Cahier DE Textes Cahier DE Textes 2.0 Cahier de texte 2.0 stores sensitive information under the web root, possibly with insufficient access control, which might allow remote attackers to obtain all users' passwords via a direct request for administration/dump.sql. | 5.0 |
2006-12-04 | CVE-2006-6252 | Denial-Of-Service vulnerability in Microsoft Windows Live Messenger 8.0 Microsoft Windows Live Messenger 8.0 and earlier, when gestual emoticons are enabled, allows remote attackers to cause a denial of service (CPU consumption) via a long string composed of ":D" sequences, which are interpreted as emoticons. network microsoft | 4.3 |
2006-12-04 | CVE-2006-6249 | Cross-Site Scripting vulnerability in Chama Cargo Cross-site scripting (XSS) vulnerability in Chama Cargo 4.36 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network chama-cargo | 6.8 |
2006-12-03 | CVE-2006-6242 | Path Traversal vulnerability in S9Y Serendipity Multiple directory traversal vulnerabilities in Serendipity 1.0.3 and earlier allow remote attackers to read or include arbitrary local files via a .. | 6.8 |
2006-12-03 | CVE-2006-6241 | Improper Input Validation vulnerability in Telnet FTP Server Telnet FTP Server 1.0 Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to cause a denial of service (crash) via consecutive RETR commands. | 4.0 |
2006-12-03 | CVE-2006-6240 | Directory Traversal vulnerability in Telnet FTP Server Telnet FTP Server 1.0 Directory traversal vulnerability in Sorin Chitu Telnet-FTP Server 1.0 allows remote authenticated users to list contents of arbitrary directories and download arbitrary files via a .. | 4.0 |