Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-22 | CVE-2006-6052 | Remote Security vulnerability in Netepi Case Manager NetEpi Case Manager before 0.98 generates different error messages depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames. | 5.0 |
| 2006-11-22 | CVE-2006-6048 | SQL Injection vulnerability in Etomite 0.6.1.2 SQL injection vulnerability in index.php in Etomite CMS 0.6.1.2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter. | 6.8 |
| 2006-11-22 | CVE-2006-6047 | Path Traversal vulnerability in Etomite 0.6.1.2 Directory traversal vulnerability in manager/index.php in Etomite 0.6.1.2 allows remote authenticated administrators to include and execute arbitrary local files via a .. | 5.8 |
| 2006-11-22 | CVE-2006-6046 | Cross-Site Scripting vulnerability in Epic Designs Eggblog 3.1.0 Multiple cross-site scripting (XSS) vulnerabilities in eggblog 3.1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) edit parameter to (a) admin/articles.php or (b) admin/comments.php, or the (2) add parameter to admin/users.php. | 6.8 |
| 2006-11-22 | CVE-2006-6045 | Remote Security vulnerability in Comdev ONE Admin PRO 4.1 Multiple PHP remote file inclusion vulnerabilities in Comdev One Admin Pro 4.1 allow remote attackers to execute arbitrary PHP code via a URL in the path[skin] parameter to (1) adminfoot.php, (2) adminhead.php, or (3) adminlogin.php. network comdev | 6.8 |
| 2006-11-22 | CVE-2006-6044 | Remote File Include vulnerability in PHPQuickGallery PHP remote file inclusion vulnerability in gallery_top.inc.php in PHPQuickGallery 1.9 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the textFile parameter. network phpquickgallery | 6.8 |
| 2006-11-22 | CVE-2006-6043 | Unspecified vulnerability in Oliver PHP file inclusion vulnerability in loginform-inc.php in Oliver (formerly Webshare) 1.2.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a UNC share pathname or a local file pathname in the conf[motdfile] parameter, which is accessed by the file_exists function. network oliver | 6.8 |
| 2006-11-22 | CVE-2006-6042 | Remote File Include vulnerability in phpWebThings Editor.PHP PHP remote file inclusion vulnerability in core/editor.php in phpWebThings 1.5.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the editor_insert_bottom parameter. network phpwebthings | 6.8 |
| 2006-11-22 | CVE-2006-6040 | Cross-Site Scripting vulnerability in VBulletin Admin Control Panel Multiple cross-site scripting (XSS) vulnerabilities in admincp/index.php in Jelsoft vBulletin 3.6.x allow remote attackers to inject arbitrary web script or HTML via (1) the prefs parameter in a buildnavprefs action or (2) the navprefs parameter in a savenavprefs action. network jelsoft | 6.8 |
| 2006-11-22 | CVE-2006-6037 | Cross-Site Scripting vulnerability in Leinir Travelsized CMS Multiple cross-site scripting (XSS) vulnerabilities in index.php in Dan Jensen Travelsized CMS 0.4.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) page, (2) page_id, or (3) language parameter. | 6.8 |