Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-03-03 CVE-2006-0987 Denial-Of-Service vulnerability in ISC Bind 9.3.2
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
network
low complexity
isc
5.0
2006-03-03 CVE-2006-0986 Information Disclosure vulnerability in WordPress
WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory.
network
low complexity
wordpress
5.0
2006-03-03 CVE-2006-0985 Cross-Site Scripting vulnerability in WordPress
Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters.
network
wordpress
4.3
2006-03-03 CVE-2006-0984 Cross-Site Scripting vulnerability in EJ3 Topo 2.2.178
Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter.
network
ej3
4.3
2006-03-03 CVE-2006-0983 Cross-Site Scripting vulnerability in David Barrett Qwikiwiki 1.4
Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
network
david-barrett
4.3
2006-03-03 CVE-2006-0982 Security Bypass vulnerability in Mcafee Virex 7.7
The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file.
network
low complexity
mcafee
5.0
2006-03-03 CVE-2006-0981 Remote Directory Traversal vulnerability in E-Merge Winace 2.6
Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive.
network
high complexity
e-merge
4.0
2006-03-03 CVE-2006-0980 Cross-Site Scripting vulnerability in JAY Eckles CGI Calendar 2.7
Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi.
network
jay-eckles
4.3
2006-03-03 CVE-2006-0978 HTML Injection vulnerability in Argosoft Mail Server 1.8.8.5
Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers.
network
argosoft
4.3
2006-03-03 CVE-2006-0977 Unspecified vulnerability in Craig Morrison MTS PRO
Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server.
network
low complexity
craig-morrison
5.0