Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-06 | CVE-2006-5762 | Code Injection vulnerability in Free PHP Scripts Free File Hosting and Free Image Hosting PHP remote file inclusion vulnerability in forgot_pass.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 5.1 |
2006-11-06 | CVE-2006-5746 | Multiple vulnerability in Airmagnet Enterprise 7.5 The console in AirMagnet Enterprise before 7.5 build 6307 does not properly validate the Enterprise Server certificate, which allows remote attackers to read network traffic via a man-in-the-middle (MITM) attack, possibly related to the use of self-signed certificates. | 6.4 |
2006-11-06 | CVE-2006-5743 | Products Management Interface Multiple Input Validation vulnerability in Highwall Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors. network mobilesecure | 4.3 |
2006-11-06 | CVE-2006-5742 | Multiple vulnerability in Airmagnet Enterprise 7.5 The AirMagnet Enterprise console and Remote Sensor console (Laptop) in AirMagnet Enterprise before 7.5 build 6307 allows remote attackers to inject arbitrary web script or HTML from a certain embedded Internet Explorer object into an SSID template value, aka "Cross-Application Scripting (XAS)". | 5.0 |
2006-11-06 | CVE-2006-5741 | Multiple vulnerability in Airmagnet Enterprise 7.5 Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface. network airmagnet | 4.3 |
2006-11-06 | CVE-2006-5736 | SQL-Injection vulnerability in Punbb SQL injection vulnerability in search.php in PunBB before 1.2.14, when the PHP installation is vulnerable to CVE-2006-3017, allows remote attackers to execute arbitrary SQL commands via the result_list array parameter, which is not initialized. | 5.1 |
2006-11-06 | CVE-2006-5732 | SQL Injection vulnerability in T.G.S. CMS Logout.PHP SQL injection vulnerability in logout.php in T.G.S. | 5.0 |
2006-11-06 | CVE-2006-5731 | Arbitrary Code Injection vulnerability in Lithium CMS Lithium CMS Directory traversal vulnerability in classes/index.php in Lithium CMS 4.04c and earlier allows remote attackers to include and execute arbitrary local files via a .. | 6.4 |
2006-11-06 | CVE-2006-5730 | Remote File Include vulnerability in Modxcms 0.9.1 PHP remote file inclusion vulnerability in manager/media/browser/mcpuk/connectors/php/Commands/Thumbnail.php in Modx CMS 0.9.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the base_path parameter. | 5.1 |
2006-11-06 | CVE-2006-5729 | Unspecified vulnerability in Yazd Discussion Forum Yazd Discussion Forum before 3.0 beta does not properly manage forum permissions, which allows remote authenticated users to (1) reply to a message in an arbitrary forum, if authorized to create a message in any forum; and (2) perform certain unauthorized forum actions, related to an "error in how the permissions were assembled" that assigns extra permissions to users. | 6.5 |