Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-03 | CVE-2006-6238 | Unspecified vulnerability in Apple Safari 2.0.4 The AutoFill feature in Apple Safari 2.0.4 does not properly verify that all automatically populated form fields are visible to the user, which allows remote attackers to obtain sensitive information, such as usernames and passwords, via input fields of zero width, a variant of CVE-2006-6077. | 5.0 |
| 2006-12-03 | CVE-2006-6120 | Integer Overflow vulnerability in KDE Koffice 1.6.1 Integer overflow in the KPresenter import filter for Microsoft PowerPoint files (filters/olefilters/lib/klaola.cc) in KOffice before 1.6.1 allows user-assisted remote attackers to execute arbitrary code via a crafted PPT file, which results in a heap-based buffer overflow. network kde | 6.8 |
| 2006-12-02 | CVE-2006-6231 | Information Disclosure vulnerability in Vubb 0.2/0.2.1 vuBB 0.2.1 and earlier allows remote attackers to obtain sensitive information via a direct request to includes/vubb.php, which leaks the path in an error message. | 5.0 |
| 2006-12-02 | CVE-2006-6229 | Remote Security vulnerability in Codewalkers Ltwcalendar 4.1.3/4.2 Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 logs failed passwords, which might allow attackers to infer correct passwords from the log file. | 5.0 |
| 2006-12-02 | CVE-2006-6228 | Cross-Site Scripting vulnerability in Codewalkers Ltwcalendar 4.1.3/4.2 Cross-site scripting (XSS) vulnerability in Codewalkers ltwCalendar (aka PHP Event Calendar) before 4.2.1 allows remote attackers to inject arbitrary HTML or web script via unknown vectors. network codewalkers | 6.8 |
| 2006-12-02 | CVE-2006-6227 | Denial Of Service vulnerability in Neoengine 0.8.2 The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference. | 5.0 |
| 2006-12-02 | CVE-2006-6225 | Remote File Include vulnerability in Geeklog Multiple PHP remote file inclusion vulnerabilities in GeekLog 1.4 allow remote attackers to execute arbitrary code via a URL in the _CONF[path] parameter to (1) links/functions.inc, (2) polls/functions.inc, (3) spamx/BlackList.Examine.class.php, (4) spamx/DeleteComment.Action.class.php, (5) spamx/EditIPofURL.Admin.class.php, (6) spamx/MTBlackList.Examine.class.php, (7) spamx/MassDelete.Admin.class.php, (8) spamx/MailAdmin.Action.class.php, (9) spamx/MassDelTrackback.Admin.class.php, (10) spamx/EditHeader.Admin.class.php, (11) spamx/EditIP.Admin.class.php, (12) spamx/IPofUrl.Examine.class.php, (13) spamx/Import.Admin.class.php, (14) spamx/LogView.Admin.class.php, and (15) staticpages/functions.inc, in the plugins/ directory. | 5.1 |
| 2006-12-01 | CVE-2006-6220 | SQL Injection vulnerability in Recipes Complete Website Recipes Complete Website 1.1.14 Multiple SQL injection vulnerabilities in Recipes Website (Recipes Complete Website) 1.1.14 allow remote attackers to execute arbitrary SQL commands via the (1) recipeid parameter to recipe.php or the (2) categoryid parameter to list.php. network recipes-complete-website | 6.8 |
| 2006-12-01 | CVE-2006-6219 | Input Validation vulnerability in Dev4U CMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in dev4u CMS allow remote attackers to inject arbitrary web script or HTML via the (1) user_name, (2) passwort, and (3) go_target parameters. network dev4u | 6.8 |
| 2006-12-01 | CVE-2006-6211 | Cross-Site Scripting vulnerability in Birdblog 1.4.0 Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064. network birdblog | 6.8 |