Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-14 | CVE-2006-5198 | Remote Code Execution vulnerability in Winzip 10.0 The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods." | 4.0 |
| 2006-11-14 | CVE-2006-4687 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability." | 5.1 |
| 2006-11-14 | CVE-2006-4252 | Remote Denial of Service and Buffer Overflow vulnerability in PowerDNS PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop. | 5.0 |
| 2006-11-11 | CVE-2006-5866 | Local File Include vulnerability in PHPManta Directory traversal vulnerability in Mdoc/view-sourcecode.php for phpManta 1.0.2 and earlier allows remote attackers to read and include arbitrary files via ".." sequences in the file parameter. | 6.4 |
| 2006-11-11 | CVE-2006-5864 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GNU GV Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as demonstrated using the (1) DocumentMedia, (2) DocumentPaperSizes, and possibly (3) PageMedia and (4) PaperSize headers. | 5.1 |
| 2006-11-11 | CVE-2006-5862 | Local Directory Traversal vulnerability in Network Administration Visualized Network Administration Visualized 3.1.0 Directory traversal vulnerability in the session mechanism of the web interface for Network Administration Visualized (NAV) before 3.1.1 allows attackers with filesystem write access to have an unknown impact via unknown attack vectors. | 4.6 |
| 2006-11-10 | CVE-2006-5861 | Denial-Of-Service vulnerability in Citrix Metaframe and Metaframe Presentation Server The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception. | 5.0 |
| 2006-11-10 | CVE-2006-5853 | Cross-Site Scripting vulnerability in Immediacy .Net CMS 5.2 Cross-site scripting (XSS) vulnerability in logon.aspx in Immediacy CMS (Immediacy .NET CMS) 5.2 allows remote attackers to inject arbitrary web script or HTML via the lang parameter, which is returned to the client in a lang cookie. network immediacy | 6.8 |
| 2006-11-10 | CVE-2006-5852 | Local Security vulnerability in Openbase Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. | 4.6 |
| 2006-11-10 | CVE-2006-5847 | Cross-Site Scripting vulnerability in Freewebshop Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 4.3 |