Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-01 | CVE-2006-6203 | Information Disclosure vulnerability in Krishan Flyspray Me1.0.1 Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-01 | CVE-2006-6198 | Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. network cpanel | 6.0 |
| 2006-12-01 | CVE-2006-6197 | Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.9Beta Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. network b2evolution | 6.8 |
| 2006-12-01 | CVE-2006-6196 | Input Validation vulnerability in Fixit IDMS Pro Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). network fixit-knowledge-solutions | 6.8 |
| 2006-12-01 | CVE-2006-6188 | Cross-Site Scripting vulnerability in Clicktech Clickgallery 5.0 Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. network clicktech | 4.3 |
| 2006-12-01 | CVE-2006-6186 | Directory Traversal vulnerability in Enomphp 4.0 Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-01 | CVE-2006-6185 | Directory Traversal vulnerability in Wabbit PHP Gallery 0.9 Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-01 | CVE-2006-6180 | Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. network expinion-net | 6.8 |
| 2006-11-30 | CVE-2006-6176 | Cross-Site Scripting vulnerability in Blogn Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. network blogn | 6.8 |
| 2006-11-30 | CVE-2006-6174 | Cross-Site Scripting vulnerability in Tdiary 2.0.2/2.1.4.20061115 Cross-site scripting (XSS) vulnerability in tDiary before 2.0.3 and 2.1.x before 2.1.4.20061126 allows remote attackers to inject arbitrary web script or HTML via the conf parameter in (1) tdiary.rb and (2) skel/conf.rhtml. network tdiary | 4.3 |