Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-21 | CVE-2006-6010 | Information Disclosure vulnerability in Sap Web Application Server SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747. | 5.0 |
| 2006-11-21 | CVE-2006-6009 | Information Disclosure vulnerability in SUN JDK and JRE Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets. | 5.0 |
| 2006-11-21 | CVE-2006-6008 | Remote Security vulnerability in Netkit 0.17 ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. | 6.5 |
| 2006-11-21 | CVE-2006-6007 | Denial-Of-Service vulnerability in Online Event Registration save_profile.asp in WebEvents (Online Event Registration Template) 2.0 and earlier allows remote attackers to change the profiles, passwords, and other information for arbitrary users via a modified UserID parameter. | 5.0 |
| 2006-11-21 | CVE-2006-5990 | Improper Input Validation vulnerability in VMWare Virtualcenter 1.4.1/2.0.1 VMWare VirtualCenter client 2.x before 2.0.1 Patch 1 (Build 33643) and 1.4.x before 1.4.1 Patch 1 (Build 33425), when server certificate verification is enabled, does not verify the server's X.509 certificate when creating an SSL session, which allows remote malicious servers to spoof valid servers via a man-in-the-middle attack. | 4.0 |
| 2006-11-20 | CVE-2006-5989 | Denial of Service vulnerability in MOD Auth Kerb MOD Auth Kerb 5.0 Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array. | 5.0 |
| 2006-11-20 | CVE-2006-5988 | Denial of Service vulnerability in Microsoft Active Directory Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. | 5.0 |
| 2006-11-20 | CVE-2006-5986 | Cross-Site Scripting vulnerability in Extreme CMS admin/options.php in Extreme CMS 0.9, and possibly earlier, does not require authentication, which might allow remote attackers to conduct unauthorized activities. network extreme-cms | 6.8 |
| 2006-11-20 | CVE-2006-5985 | Cross-Site Scripting vulnerability in Extreme CMS Multiple cross-site scripting (XSS) vulnerabilities in admin/options.php in Extreme CMS 0.9, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) bg1, (2) bg2, (3) text, or (4) size parameters. network extreme-cms | 6.8 |
| 2006-11-20 | CVE-2006-5984 | Cross-Site Scripting vulnerability in Webhost Automation Helm web Hosting Control Panel 3.2.10 Multiple cross-site scripting (XSS) vulnerabilities in Helm Web Hosting Control Panel 3.2.10 allow remote authenticated users to inject arbitrary web script or HTML via the (1) txtCompanyName, (2) txtEmail, or (3) txtUserAccNum parameter to (a) users.asp, or the (4) setThemeColour parameter to (b) default.asp in the Reseller and Admin levels; or the (5) setThemeColour parameter to default.asp in the User level. network webhost-automation | 6.8 |