Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-28 | CVE-2006-6141 | Remote Buffer Overflow vulnerability in Philippe Jounin Tftpd32 3.01 Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window. | 5.0 |
2006-11-28 | CVE-2006-6139 | Directory Traversal vulnerability in Sisfo Kampus Sisfo Kampus 2006 Directory traversal vulnerability in downloadexcel.php in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to read arbitrary files via the fn parameter. | 5.0 |
2006-11-28 | CVE-2006-6138 | Remote File Include vulnerability in Sisfo Kampus Sisfo Kampus 0.8 Directory traversal vulnerability in download.php in Sisfo Kampus 0.8 allows remote attackers to list arbitrary directories via an absolute pathname in the dir parameter. | 5.0 |
2006-11-28 | CVE-2006-6130 | Stack Buffer Overflow vulnerability in Apple Mac OS X AppleTalk AIOCRegLocalZN IOCTL Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket. | 4.9 |
2006-11-27 | CVE-2006-5896 | Remote Security vulnerability in Remlab web Mech Designer 2.0.5 REMLAB Web Mech Designer 2.0.5 allows remote attackers to obtain the full path of the script via an incorrect Tonnage parameter to calculate.php that triggers a divide-by-zero error, which leaks the path in an error message. | 5.0 |
2006-11-27 | CVE-2006-6129 | Integer Overflow vulnerability in Apple Mac OS X Mach-O Binary Loading Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption. | 4.6 |
2006-11-26 | CVE-2006-6124 | Cross-Site Scripting vulnerability in Biba Software Seleniumserver web Server 1.0 Cross-site scripting (XSS) vulnerability in SeleniumServer Web Server 1.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network biba-software | 6.8 |
2006-11-26 | CVE-2006-5965 | Local Insecure Default Directory Permisions vulnerability in Passgo SSO Plus 2.1.0.32 PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. | 4.6 |
2006-11-26 | CVE-2006-6119 | Information Disclosure vulnerability in Mmgallery 1.55 mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages. | 5.0 |
2006-11-26 | CVE-2006-6118 | Cross-Site Scripting vulnerability in Mmgallery 1.55 Cross-site scripting (XSS) vulnerability in thumbs.php in mmgallery 1.55 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network mmgallery | 6.8 |