Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-26 | CVE-2006-6108 | Cross-Site Scripting vulnerability in Ec-Cube 1.0 Cross-site scripting (XSS) vulnerability in EC-CUBE before 1.0.1a-beta allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | 4.3 |
| 2006-11-26 | CVE-2006-5869 | Unspecified vulnerability in Pstotext 1.9 pstotext before 1.9 allows user-assisted attackers to execute arbitrary commands via shell metacharacters in a file name. | 5.1 |
| 2006-11-24 | CVE-2006-6097 | Remote Directory Traversal vulnerability in GNU TAR 1.15.1/1.16 GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216. | 4.0 |
| 2006-11-24 | CVE-2006-6096 | Cross-Site Scripting vulnerability in Dotnetindex Active News Manager Cross-site scripting (XSS) vulnerability in activenews_search.asp in ActiveNews Manager allows remote attackers to inject arbitrary web script or HTML via the query parameter. | 4.3 |
| 2006-11-24 | CVE-2006-6091 | Cross-Site Scripting vulnerability in GrimBB Cross-site scripting (XSS) vulnerability in Grim Pirate GrimBB before 2006_11_21 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network grimbb | 4.3 |
| 2006-11-24 | CVE-2006-6088 | Input Validation vulnerability in Blue-Collar Productions I-Gallery 3.4 Multiple cross-site scripting (XSS) vulnerabilities in BlueCollar i-Gallery 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) n or (2) d parameter in igallery.asp, or (3) an unspecified parameter related to search, possibly the Search Gallery field, or the myquery parameter, in search.asp. network blue-collar-productions | 4.3 |
| 2006-11-24 | CVE-2006-6087 | Cross-Site Scripting vulnerability in My Little Weblog Weblog.php Cross-site scripting (XSS) vulnerability in weblog.php in my little weblog allows remote attackers to inject arbitrary web script or HTML via the action parameter. network my-little-homepage | 4.3 |
| 2006-11-24 | CVE-2006-6086 | Code Injection vulnerability in E-Ark 1.0 PHP remote file inclusion vulnerability in src/ark_inc.php in e-Ark 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the cfg_pear_path parameter. | 5.1 |
| 2006-11-24 | CVE-2006-6085 | Unspecified vulnerability in Kile Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information. | 5.0 |
| 2006-11-24 | CVE-2006-6077 | The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matches the web site for which the user stored a password, which allows remote attackers to obtain passwords via a password INPUT element on a different web page located on the web site intended for this password. | 5.0 |