Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-26 | CVE-2006-5545 | Unspecified vulnerability in Symantec Mail Security 5.1.0 Premium Antispam in Symantec Mail Security for Domino Server 5.1.x before 5.1.2.28 does not filter certain SMTP address formats, which allows remote attackers to use the product as a spam relay. | 5.0 |
2006-10-26 | CVE-2006-5544 | Unspecified vulnerability in Microsoft IE 7.0 Visual truncation vulnerability in Microsoft Internet Explorer 7 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a malicious URL containing non-breaking spaces (%A0), which causes the address bar to omit some characters from the URL. | 6.4 |
2006-10-26 | CVE-2006-5543 | Remote File Include vulnerability in PGOSD Function.PHP3 PHP remote file inclusion vulnerability in misc/function.php3 in PHP Generator of Object SQL Database (PGOSD), when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the path parameter. | 5.1 |
2006-10-26 | CVE-2006-5542 | Local Denial of Service vulnerability in PostgreSQL backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. | 4.0 |
2006-10-26 | CVE-2006-5540 | Local Denial of Service vulnerability in PostgreSQL backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." | 4.0 |
2006-10-26 | CVE-2006-5538 | Remote Security vulnerability in D-Link Dsl-G624T 3.00B01T01.Yac.20060616 D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to list contents of the cgi-bin directory via unspecified vectors, probably a direct request. | 5.0 |
2006-10-26 | CVE-2006-5537 | Cross-Site Scripting vulnerability in D-Link Dsl-G624T Firmware3.00B01T01.Yac.20060616 Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. network d-link | 4.3 |
2006-10-26 | CVE-2006-5536 | Information Disclosure vulnerability in D-Link Dsl-G624T Firmware3.00B01T01.Yac.20060616 Directory traversal vulnerability in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allows remote attackers to read arbitrary files via a .. | 5.0 |
2006-10-26 | CVE-2006-5535 | Cross-Site Scripting vulnerability in Cpanel 10.9.0R50 Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. network cpanel | 4.3 |
2006-10-26 | CVE-2006-5534 | Cross-Site Scripting vulnerability in Zwahlen Informatik Online Shop Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. | 4.3 |