Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-01 | CVE-2006-6211 | Cross-Site Scripting vulnerability in Birdblog 1.4.0 Multiple cross-site scripting (XSS) vulnerabilities in BirdBlog 1.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg parameter to (a) admin/admincore.php, the (2) month parameter to (b) admin/comments.php or (c) admin/entries.php, or the (3) page parameter to (d) admin/logs.php, different vectors than CVE-2006-5064. network birdblog | 6.8 |
| 2006-12-01 | CVE-2006-6203 | Information Disclosure vulnerability in Krishan Flyspray Me1.0.1 Directory traversal vulnerability in startdown.php in the Flyspray ME 1.0.1 (com_flyspray) component for Mambo allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-01 | CVE-2006-6198 | Cross-Site Scripting vulnerability in Cpanel Webhost Manager 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in cPanel WebHost Manager (WHM) 3.1.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) email parameter to (a) scripts2/dochangeemail, the (2) supporturl parameter to (b) cgi/addon_configsupport.cgi, the (3) pkg parameter to (c) scripts/editpkg, the (4) domain parameter to (d) scripts2/domts2 and (e) scripts/editzone, the (5) feature parameter to (g) scripts2/dofeaturemanager, and the (6) ndomain parameter to (h) scripts/park. network cpanel | 6.0 |
| 2006-12-01 | CVE-2006-6197 | Cross-Site Scripting vulnerability in B2Evolution 1.8.2/1.9Beta Multiple cross-site scripting (XSS) vulnerabilities in b2evolution 1.8.2 through 1.9 beta allow remote attackers to inject arbitrary web script or HTML via the (1) app_name parameter in (a) _404_not_found.page.php, (b) _410_stats_gone.page.php, and (c) _referer_spam.page.php in inc/VIEW/errors/; the (2) baseurl parameter in (d) inc/VIEW/errors/_404_not_found.page.php; and the (3) ReqURI parameter in (e) inc/VIEW/errors/_referer_spam.page.php. network b2evolution | 6.8 |
| 2006-12-01 | CVE-2006-6196 | Input Validation vulnerability in Fixit IDMS Pro Cross-site scripting (XSS) vulnerability in the search functionality in Fixit iDMS Pro Image Gallery allows remote attackers to inject arbitrary web script or HTML via a search field (txtsearchtext parameter). network fixit-knowledge-solutions | 6.8 |
| 2006-12-01 | CVE-2006-6188 | Cross-Site Scripting vulnerability in Clicktech Clickgallery 5.0 Cross-site scripting (XSS) vulnerability in view_search.asp in ClickTech Click Gallery allows remote attackers to inject arbitrary web script or HTML via the txtKeyWord parameter. network clicktech | 4.3 |
| 2006-12-01 | CVE-2006-6186 | Directory Traversal vulnerability in Enomphp 4.0 Multiple directory traversal vulnerabilities in enomphp 4.0 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-01 | CVE-2006-6185 | Directory Traversal vulnerability in Wabbit PHP Gallery 0.9 Directory traversal vulnerability in script.php in Wabbit PHP Gallery 0.9 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-12-01 | CVE-2006-6180 | Cross-Site Scripting vulnerability in Expinion.net iNews Publisher Articles.ASP Cross-site scripting (XSS) vulnerability in articles.asp in Expinion.net iNews Publisher (iNP) 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the hl parameter. network expinion-net | 6.8 |
| 2006-11-30 | CVE-2006-6176 | Cross-Site Scripting vulnerability in Blogn Cross-site scripting (XSS) vulnerability in admin.php in Blogn before 1.9.4 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters. network blogn | 6.8 |