Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-15 | CVE-2006-5915 | Input Validation vulnerability in Samedia LandShop LS.PHP Multiple cross-site scripting (XSS) vulnerabilities in ls.php in SAMEDIA LandShop allow remote attackers to inject arbitrary web script or HTML via the (1) start, (2) CAT_ID, (3) keyword, (4) search_area, (5) search_type, (6) infield, or (7) search_order parameter. network samedia | 6.8 |
| 2006-11-15 | CVE-2006-5913 | Remote Security vulnerability in Microsoft IE 7.0 Microsoft Internet Explorer 7 allows remote attackers to (1) cause a security certificate from a secure web site to appear invalid via a link to res://ieframe.dll/sslnavcancel.htm with the target site in the anchor identifier, which displays the site's URL in the address bar but causes Internet Explorer to report that the certificate is invalid, or (2) trigger a "The webpage no longer exists" report via a link to res://ieframe.dll/http_410.htm, a variant of CVE-2006-5805. | 6.4 |
| 2006-11-15 | CVE-2006-5909 | Permissions, Privileges, and Access Controls vulnerability in Paul Tarjan Stanford Conference and Research Forum Beta generaloptions.php in Paul Tarjan Stanford Conference And Research Forum (SCARF) before 20070227 does not require the admin privilege, which allows remote attackers to reconfigure the application or its user accounts. | 5.0 |
| 2006-11-15 | CVE-2006-5905 | Remote Security vulnerability in Web Directory Pro Web Directory Pro allows remote attackers to (1) backup the database and obtain the backup via a direct request to admin/backup_db.php or (2) modify configuration via a direct request to admin/options.php. | 6.4 |
| 2006-11-15 | CVE-2006-5901 | Denial-Of-Service vulnerability in Wr254-Ca Wireless Router Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. | 5.0 |
| 2006-11-15 | CVE-2006-5900 | Cross-Site Scripting vulnerability in Zend Framework Preview 0.2.0 Cross-site scripting (XSS) vulnerability in the incubator/tests/Zend/Http/_files/testRedirections.php sample code in Zend Framework Preview 0.2.0 allows remote attackers to inject arbitrary web script or HTML via arbitrary parameters. network zend | 6.8 |
| 2006-11-15 | CVE-2006-5898 | Directory Traversal vulnerability in phpMyChat Directory traversal vulnerability in localization/languages.lib.php3 in PhpMyChat 0.14.5 and earlier allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-11-15 | CVE-2006-5897 | Path Traversal vulnerability in PHPheaven PHPmychat Plus Multiple directory traversal vulnerabilities in PhpMyChat Plus 1.9 and earlier allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-11-14 | CVE-2006-5894 | Local File Include vulnerability in Rama CMS Lang Parameter Directory traversal vulnerability in lang.php in Rama CMS 0.68 and earlier, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. network rama-cms | 6.8 |
| 2006-11-14 | CVE-2006-4689 | Denial-Of-Service vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability." | 5.0 |