Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-08 | CVE-2006-5464 | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors. | 5.0 |
| 2006-11-08 | CVE-2006-5462 | Unspecified vulnerability in Mozilla products Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. | 6.4 |
| 2006-11-08 | CVE-2006-4810 | Buffer Overflow vulnerability in GNU Texinfo 4.8 Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file. | 4.6 |
| 2006-11-08 | CVE-2006-5801 | Denial of Service vulnerability in OWFS Owserver File Path The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell. | 5.0 |
| 2006-11-08 | CVE-2006-5799 | Input Validation vulnerability in Xenis.creator CMS Multiple cross-site scripting (XSS) vulnerabilities in default.asp in xenis.creator CMS allow remote attackers to inject arbitrary web script or HTML via the (1) contid or (2) search parameters. network xenis | 6.8 |
| 2006-11-07 | CVE-2006-5789 | Resource Management Errors vulnerability in Jgaa Warftpd 1.82.00Rc11 War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. | 4.0 |
| 2006-11-07 | CVE-2006-5785 | Remote Denial of Service vulnerability in SAP web Application Server 6.40/7.00 Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999. | 5.0 |
| 2006-11-07 | CVE-2006-5784 | Remote Information Disclosure vulnerability in SAP web Application Server 6.40/7.00 Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. | 4.6 |
| 2006-11-07 | CVE-2006-5651 | Information Disclosure vulnerability in Digioz Guestbook 1.7 list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message. | 5.0 |
| 2006-11-07 | CVE-2006-5778 | Information Disclosure vulnerability in Linux-Ftpd-Ssl 0.17 ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. | 4.6 |