Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-22 | CVE-2006-6035 | Cross-Site Scripting vulnerability in F-Art Agency Blog CMS Cross-site scripting (XSS) vulnerability in list.php in BLOG:CMS 4.1.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the FADDR parameter. | 6.8 |
2006-11-21 | CVE-2006-6032 | Cross-Site Scripting vulnerability in Sphpblog 0.4.8 Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog (SPHPBlog), probably 0.4.8, allow remote attackers to inject arbitrary web script or HTML via (1) the action parameter in add_block.php or (2) the entry parameter in index.php, different vectors than CVE-2005-1135. network sphpblog | 6.8 |
2006-11-21 | CVE-2006-6025 | Denial Of Service vulnerability in Qualcomm Eudora Worldmail 4.0 QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. | 5.0 |
2006-11-21 | CVE-2006-6022 | Input Validation vulnerability in BestWebApp Dating Site Cross-site scripting (XSS) vulnerability in login_form.asp in BestWebApp Dating Site allows remote attackers to inject arbitrary web script or HTML via the msg parameter. network bestwebapp | 6.8 |
2006-11-21 | CVE-2006-6020 | Cross-Site Scripting vulnerability in Blog Torrent Blog Torrent Preview 0.92 Cross-site scripting (XSS) vulnerability in announce.php in Blog Torrent Preview 0.92 allows remote attackers to inject arbitrary web script or HTML via the left parameter. network blog-torrent | 6.8 |
2006-11-21 | CVE-2006-6017 | Denial-Of-Service vulnerability in WordPress WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display. | 4.0 |
2006-11-21 | CVE-2006-6016 | Remote Security vulnerability in WordPress wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter. | 4.0 |
2006-11-21 | CVE-2006-6015 | Remote Denial of Service vulnerability in Apple mac OS X 10.4 Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression. | 5.0 |
2006-11-21 | CVE-2006-6012 | Cross-Site Scripting vulnerability in Car Site Manager Cross-site scripting (XSS) vulnerability in csm/asp/listings.asp in MGinternet Car Site Manager (CSM) allows remote attackers to inject arbitrary web script or HTML via the p parameter. network mginternet | 4.3 |
2006-11-21 | CVE-2006-6011 | Denial-Of-Service vulnerability in SAP web Application Server 6.40 Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785. | 5.0 |