Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-29 | CVE-2006-6166 | Cross-Site Scripting vulnerability in Ryan Demmer Joomla Content Editor 1.0.4 Cross-site scripting (XSS) vulnerability in jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.0.4 for Joomla! (com_jce), without the 20060821 jce_patch, allows remote attackers to inject arbitrary web script or HTML via the mosConfig_live_site parameter. network ryan-demmer | 6.8 |
| 2006-11-29 | CVE-2006-6163 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware Cross-site scripting (XSS) vulnerability in tiki-setup_base.php in TikiWiki before 1.9.7 allows remote attackers to inject arbitrary JavaScript via unspecified parameters. | 4.3 |
| 2006-11-29 | CVE-2006-6162 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.6 Cross-site scripting (XSS) vulnerability in tiki-edit_structures.php in TikiWiki 1.9.6 allows remote attackers to inject arbitrary web script or HTML via the pageAlias parameter. | 4.3 |
| 2006-11-28 | CVE-2006-6159 | Cross-Site Scripting vulnerability in Deskpro 2.0.0/2.0.1 Multiple cross-site scripting (XSS) vulnerabilities in newticket.php in DeskPRO 2.0.0 and 2.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) message or (2) subject parameter. | 6.8 |
| 2006-11-28 | CVE-2006-6158 | Cross-Site Scripting vulnerability in InverseFlow Help Desk Multiple cross-site scripting (XSS) vulnerabilities in (a) PMOS Help Desk 2.4, formerly (b) InverseFlow Help Desk 2.31 and also sold as (c) Ace Helpdesk 2.31, allow remote attackers to inject arbitrary web script or HTML via the (1) id or email parameter to ticketview.php, or (2) the email parameter to ticket.php. | 6.8 |
| 2006-11-28 | CVE-2006-6156 | Cross-Site Scripting vulnerability in Hiox Star Rating System Script Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). network hscripts | 4.3 |
| 2006-11-28 | CVE-2006-6148 | Input Validation vulnerability in Jiros Links Manager 1.0 Multiple cross-site scripting (XSS) vulnerabilities in submitlink.asp in JiRos Links Manager allow remote attackers to inject arbitrary web script or HTML via the (1) lName, (2) lURL, (3) lImage, and (4) lDescription parameters. network jiros | 6.8 |
| 2006-11-28 | CVE-2006-6113 | Denial-Of-Service vulnerability in James Greenwood Monkey Boards 0.3.5 Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. | 5.0 |
| 2006-11-28 | CVE-2006-4518 | Remote Denial Of Service vulnerability in Qbik WinGate Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop. | 5.0 |
| 2006-11-28 | CVE-2006-6141 | Remote Buffer Overflow vulnerability in Philippe Jounin Tftpd32 3.01 Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window. | 5.0 |