Vulnerabilities > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-31 | CVE-2006-5631 | Cross-Site Scripting vulnerability in IG Shop IG Shop 1.4 Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via arbitrary query strings when the action parameter is not "1", as demonstrated using script in the action parameter, a different vulnerability than CVE-2006-5632. network ig-shop | 6.8 |
| 2006-10-31 | CVE-2006-5626 | Cross-Site Scripting vulnerability in phpFaber CMS Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. network phpfaber | 4.3 |
| 2006-10-31 | CVE-2006-5625 | Remote File Include vulnerability in NX N X Wcms 2002Prerelease1 PHP remote file inclusion vulnerability in wwwdev/nxheader.inc.php in N/X 2002 Professional Edition Web Content Management System (WCMS) 4.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the c[path] parameter. | 5.1 |
| 2006-10-31 | CVE-2006-5618 | Directory Traversal vulnerability in Netref 4 Directory traversal vulnerability in script/cat_for_aff.php in Netref 4 allows remote attackers to read arbitrary files via a .. | 5.0 |
| 2006-10-30 | CVE-2006-5609 | Directory Traversal vulnerability in Torrentflux 2.1 Directory traversal vulnerability in dir.php in TorrentFlux 2.1 allows remote attackers to list arbitrary directories via "\.\./" sequences in the dir parameter. | 5.0 |
| 2006-10-30 | CVE-2006-5607 | Unspecified vulnerability in Inca Im-204 Adsl Router Directory traversal vulnerability in /cgi-bin/webcm in INCA IM-204 allows remote attackers to read arbitrary files via a "/./." (modified dot dot) sequences in the getpage parameter. | 5.0 |
| 2006-10-30 | CVE-2006-5605 | Cross-Site Scripting vulnerability in PHPcards 1.3 Multiple cross-site scripting (XSS) vulnerabilities in phpcards.footer.php in phpCards 1.3 allow remote attackers to inject arbitrary web script or HTML via the CardFontFace parameter and other unspecified parameters. network phpcards | 6.8 |
| 2006-10-28 | CVE-2006-5602 | Denial-Of-Service vulnerability in Xsupplicant Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors. | 4.0 |
| 2006-10-28 | CVE-2006-5599 | Cross-Site Scripting vulnerability in Oracle Apex 2.2 Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. network oracle | 4.3 |
| 2006-10-28 | CVE-2006-5595 | Remote Security vulnerability in Wireshark Unspecified vulnerability in the AirPcap support in Wireshark (formerly Ethereal) 0.99.3 has unspecified attack vectors related to WEP key parsing. | 5.0 |