Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-11-22 CVE-2006-6035 Cross-Site Scripting vulnerability in F-Art Agency Blog CMS
Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. 		6.8
6.8
2006-11-21 CVE-2006-6032 Cross-Site Scripting vulnerability in Sphpblog 0.4.8
Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135.
network
sphpblog
6.8
6.8
2006-11-21 CVE-2006-6025 Denial Of Service vulnerability in Qualcomm Eudora Worldmail 4.0
QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack.
network
low complexity
qualcomm
5.0
5.0
2006-11-21 CVE-2006-6022 Input Validation vulnerability in BestWebApp Dating Site
Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter.
network
bestwebapp
6.8
6.8
2006-11-21 CVE-2006-6020 Cross-Site Scripting vulnerability in Blog Torrent Blog Torrent Preview 0.92
Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter.
network
blog-torrent
6.8
6.8
2006-11-21 CVE-2006-6017 Denial-Of-Service vulnerability in WordPress
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
network
low complexity
wordpress
4.0
4.0
2006-11-21 CVE-2006-6016 Remote Security vulnerability in WordPress
wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.
network
low complexity
wordpress
4.0
4.0
2006-11-21 CVE-2006-6015 Remote Denial of Service vulnerability in Apple mac OS X 10.4
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
network
low complexity
apple
5.0
5.0
2006-11-21 CVE-2006-6012 Cross-Site Scripting vulnerability in Car Site Manager
Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter.
network
mginternet
4.3
4.3
2006-11-21 CVE-2006-6011 Denial-Of-Service vulnerability in SAP web Application Server 6.40
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
network
low complexity
sap
5.0
5.0