Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-17 | CVE-2006-5960 | Unspecified vulnerability in web Inhabit A+ Store E-Commerce Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters. network web-inhabit | 6.8 |
2006-11-17 | CVE-2006-5958 | Cross-Site Scripting vulnerability in infinicart Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp. network infinicart | 6.8 |
2006-11-17 | CVE-2006-5950 | Unspecified vulnerability in Altools Alftp FTP Server 4.1Beta1 Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages. | 5.0 |
2006-11-17 | CVE-2006-5949 | Unspecified vulnerability in Altools Alftp FTP Server 4.1Beta1 Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request. | 5.0 |
2006-11-17 | CVE-2006-5947 | Directory Traversal vulnerability in Conxint FTP Server 2.2.0603 Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands. | 5.0 |
2006-11-17 | CVE-2006-5942 | Input Validation vulnerability in Inventory Manager Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. network website-designs-for-less | 6.8 |
2006-11-16 | CVE-2006-5931 | Remote Security vulnerability in Aigaion 1.2.1 Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. | 5.1 |
2006-11-15 | CVE-2006-5924 | Cross-Site Scripting vulnerability in Efficientip Ipmanager 2.3 Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter. network efficientip | 5.8 |
2006-11-15 | CVE-2006-5922 | Information Disclosure vulnerability in Wheatblog index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message. | 5.0 |
2006-11-15 | CVE-2006-5921 | HTML Injection vulnerability in WheatBlog Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields. network wheatblog | 5.8 |