Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-04 | CVE-2006-5713 | Information Disclosure and Input Validation vulnerability in EFS Software EFS web Server 4.0 Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. network efs-software | 4.3 |
2006-11-04 | CVE-2006-5712 | HTML Injection vulnerability in Mirapoint Web Mail Expression() Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. network mirapoint | 4.3 |
2006-11-04 | CVE-2006-5711 | Information Disclosure vulnerability in ECI Telecom B-Focus ADSL2+ Combo332+ Wireless Router ECI Telecom B-FOCuS Wireless 802.11b/g ADSL2+ Router allows remote attackers to read arbitrary files via a certain HTTP request, as demonstrated by a request for a router configuration file, related to the /html/defs/ URI. | 5.0 |
2006-11-04 | CVE-2006-5708 | Denial-Of-Service vulnerability in Mdaemon Multiple unspecified vulnerabilities in MDaemon and WorldClient in Alt-N Technologies MDaemon before 9.50 allow attackers to cause a denial of service (memory consumption) via unspecified vectors resulting in memory leaks. | 5.0 |
2006-11-04 | CVE-2006-5705 | Multiple Security vulnerability in WordPress 2.04 Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters in a GET request. network wordpress | 6.0 |
2006-11-04 | CVE-2006-5704 | Unspecified vulnerability in HP Nonstop Server G06.29 HP NonStop Server G06.29, when running Standard Security T6533G06 before T6533G06^ABK, does not properly evaluate access permissions to OSS directories when no optional ACL entry exists, which allows local users to read arbitrary files. | 6.2 |
2006-11-04 | CVE-2006-5703 | Cross-Site Scripting vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5 Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. | 4.3 |
2006-11-04 | CVE-2006-5702 | Information Exposure vulnerability in Tiki Tikiwiki Cms/Groupware 1.9.5 Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages. | 5.0 |
2006-11-04 | CVE-2006-4521 | Denial of Service vulnerability in Novell Edirectory 8.8/8.8.1 The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request. | 5.0 |
2006-11-03 | CVE-2006-5701 | Denial of Service vulnerability in Linux Kernel SquashFS Double Free Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. | 4.9 |