Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-11-17 CVE-2006-5960 Unspecified vulnerability in web Inhabit A+ Store E-Commerce
Multiple cross-site scripting (XSS) vulnerabilities in account_login.asp in A+ Store E-Commerce allow remote attackers to inject arbitrary web script or HTML via the (1) username (txtUserName) and (2) password (txtPassword) parameters.
network
web-inhabit
6.8
6.8
2006-11-17 CVE-2006-5958 Cross-Site Scripting vulnerability in infinicart
Multiple cross-site scripting (XSS) vulnerabilities in INFINICART allow remote attackers to inject arbitrary web script or HTML via the (1) username and (2) password fields in (a) login.asp, (3) search field in (b) search.asp, and (4) email field in (c) sendpassword.asp.
network
infinicart
6.8
6.8
2006-11-17 CVE-2006-5950 Unspecified vulnerability in Altools Alftp FTP Server 4.1Beta1
Unspecified vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote authenticated users to obtain the installation path via unknown vectors related to the REN command, probably due to response messages.
network
low complexity
altools
5.0
5.0
2006-11-17 CVE-2006-5949 Unspecified vulnerability in Altools Alftp FTP Server 4.1Beta1
Directory traversal vulnerability in ALTools ALFTP FTP Server 4.1 beta 1, and possibly earlier, allows remote attackers to create arbitrary directories via directory traversal sequences in a MKD request.
network
low complexity
altools
5.0
5.0
2006-11-17 CVE-2006-5947 Directory Traversal vulnerability in Conxint FTP Server 2.2.0603
Multiple directory traversal vulnerabilities in Conxint FTP Server 2.2.0603, and possibly earlier, allow remote attackers to read arbitrary files and list arbitrary directories via directory traversal sequences in (1) DIR (LIST or NLST) and (2) GET (RETR) commands.
network
low complexity
conxint
5.0
5.0
2006-11-17 CVE-2006-5942 Input Validation vulnerability in Inventory Manager
Cross-site scripting (XSS) vulnerability in inventory/display/display_results.asp in Website Designs For Less Inventory Manager allows remote attackers to inject arbitrary web script or HTML via the category parameter. 		6.8
6.8
2006-11-16 CVE-2006-5931 Remote Security vulnerability in Aigaion 1.2.1
Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory.
network
high complexity
aigaion
5.1
5.1
2006-11-15 CVE-2006-5924 Cross-Site Scripting vulnerability in Efficientip Ipmanager 2.3
Cross-site scripting (XSS) vulnerability in index.php in Efficient IP iPmanager (IPm) 2.3 allows remote attackers to inject arbitrary web script or HTML via the errmsg parameter.
network
efficientip
5.8
5.8
2006-11-15 CVE-2006-5922 Information Disclosure vulnerability in Wheatblog
index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.
network
low complexity
wheatblog
5.0
5.0
2006-11-15 CVE-2006-5921 HTML Injection vulnerability in WheatBlog
Multiple cross-site scripting (XSS) vulnerabilities in add_comment.php in Wheatblog (wB) allow remote attackers to inject arbitrary web script or HTML via the (1) Name, (2) WWW, and (3) Comment fields.
network
wheatblog
5.8
5.8