Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-03 | CVE-2006-5679 | Numeric Errors vulnerability in Freebsd 6.1 Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. | 4.6 |
| 2006-11-03 | CVE-2006-5676 | SQL-Injection vulnerability in PhpLeague SQL injection vulnerability in consult/classement.php in Uni-Vert PhpLeague 0.82 and earlier allows remote attackers to execute arbitrary SQL commands via the champ parameter. | 6.4 |
| 2006-11-03 | CVE-2006-5673 | Remote File Include vulnerability in MiniBB PHP remote file inclusion vulnerability in bb_func_txt.php in miniBB 2.0.2 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter. network minibb | 6.8 |
| 2006-11-03 | CVE-2006-5664 | Local Security vulnerability in IBM products The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. | 4.6 |
| 2006-11-03 | CVE-2006-5663 | Local Security vulnerability in IBM products IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. | 4.6 |
| 2006-11-03 | CVE-2006-5661 | Cross-Site Scripting vulnerability in Netquery NQUser.PHP Cross-site scripting (XSS) vulnerability in nquser.php in VIRtech Netquery allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header. network virtech | 6.8 |
| 2006-11-03 | CVE-2006-5656 | Resource Management Errors vulnerability in Vilistextum 2.6.6/2.6.7 Memory leak in the push_align function in src/util.c in Vilistextum before 2.6.9 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the tmp_align variable. | 5.0 |
| 2006-11-03 | CVE-2006-5654 | Denial-Of-Service vulnerability in Java System Web Server Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. | 4.0 |
| 2006-11-03 | CVE-2006-5653 | Cross-Site Scripting vulnerability in SUN Java System Messenger Express 6 Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. network sun | 4.3 |
| 2006-11-03 | CVE-2006-5652 | HTML Injection vulnerability in iPlanet Messaging Server Messenger Express Expression() Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. network sun | 4.3 |