Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-01 | CVE-2006-5647 | Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11 allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a malformed CHM file with a large name length in the CHM chunk header, aka "CHM name length memory consumption vulnerability." | 6.4 |
2006-11-01 | CVE-2006-5646 | Buffer Errors vulnerability in Sophos Anti-Virus and Endpoint Security Heap-based buffer overflow in Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when archive scanning is enabled, allows remote attackers to trigger a denial of service (memory corruption) via a CHM file with an LZX decompression header that specifies a Window_size of 0. | 5.0 |
2006-11-01 | CVE-2006-5645 | Resource Management Errors vulnerability in Sophos Anti-Virus and Endpoint Security Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. | 5.0 |
2006-11-01 | CVE-2006-4839 | Denial of Service and Memory Corruption vulnerability in Sophos Anti-Virus 5.1 Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections. | 5.0 |
2006-11-01 | CVE-2006-4704 | Code Execution vulnerability in Microsoft Visual Studio .Net 2005 Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability." network microsoft | 6.8 |
2006-11-01 | CVE-2006-5643 | Cross-Site Scripting vulnerability in Foresite CMS Index_2.PHP Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter. network foresite-cms | 6.8 |
2006-11-01 | CVE-2006-5636 | Remote File Include vulnerability in Simple Website Software Common.PHP PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter. | 5.1 |
2006-11-01 | CVE-2006-5634 | Code Injection vulnerability in PHPprofiles Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php. | 6.8 |
2006-10-31 | CVE-2006-5633 | Denial of Service vulnerability in Mozilla Firefox Range Script Object Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment on the range, which triggers a null dereference. | 5.0 |
2006-10-31 | CVE-2006-5632 | Cross-Site Scripting vulnerability in IG Shop IG Shop 1.4 Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. network ig-shop | 6.8 |