Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-07 | CVE-2006-4809 | Arbitrary Code Execution vulnerability in IMlib2 Library Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image. | 5.1 |
| 2006-11-07 | CVE-2006-4806 | Arbitrary Code Execution vulnerability in IMlib2 Library Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images. | 5.1 |
| 2006-11-06 | CVE-2006-5775 | HTML Injection vulnerability in Funkboard 0.71 Cross-site scripting (XSS) vulnerability in profile.php in FunkBoard 0.71 before 4 November 2006 at 18:16 GMT allows remote attackers to inject arbitrary web script or HTML, possibly via the name parameter. network funkboard | 6.8 |
| 2006-11-06 | CVE-2006-5774 | Cross-Site Scripting vulnerability in Hyper NIKKI System Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. network hyper-nikki-system | 4.3 |
| 2006-11-06 | CVE-2006-5773 | Directory Traversal vulnerability in FreeWebShop Directory traversal vulnerability in index.php in FreeWebshop 2.2.1 and earlier allows remote attackers to read arbitrary files and disclose the installation path via a .. | 5.0 |
| 2006-11-06 | CVE-2006-5771 | Cross-Site Scripting vulnerability in Arkoon Ssl360 1.0 Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. network arkoon | 4.3 |
| 2006-11-06 | CVE-2006-5770 | Cross-Site Scripting vulnerability in Mobile Multiple cross-site scripting (XSS) vulnerabilities in ac4p Mobile allow remote attackers to inject arbitrary web script or HTML via (1) Bloks, (2) Newnews, (3) lBlok, and (4) foooot parameter in (a) index.php; Newnews, (5) newmsgs, and Bloks parameter in (b) MobileNews.php; Newnews parameter in (c) polls.php; (6) cats parameter in (d) send.php; (7) footer parameter in (e) up.php; and (8) pagenav parameter in (f) cp/index.php. network ac4p | 6.8 |
| 2006-11-06 | CVE-2006-5769 | Cross-Site Scripting vulnerability in Fixpunkt Gmbh Admin.Tool CMS 3 Andprevious Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors. network fixpunkt-gmbh | 4.3 |
| 2006-11-06 | CVE-2006-5767 | Code Injection vulnerability in Drake Team Drake CMS PHP remote file inclusion vulnerability in includes/xhtml.php in Drake CMS 0.2.2 alpha rev.846 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the d_root parameter. | 6.8 |
| 2006-11-06 | CVE-2006-5763 | Remote File Include vulnerability in Free File Hosting System Multiple PHP remote file inclusion vulnerabilities in Free File Hosting 1.1, and possibly earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter to (1) login.php, (2) register.php, or (3) send.php. | 5.1 |