Vulnerabilities > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-03 | CVE-2006-0987 | Denial-Of-Service vulnerability in ISC Bind 9.3.2 The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses. | 5.0 |
2006-03-03 | CVE-2006-0986 | Information Disclosure vulnerability in WordPress WordPress 2.0.1 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) default-filters.php, (2) template-loader.php, (3) rss-functions.php, (4) locale.php, (5) wp-db.php, and (6) kses.php in the wp-includes/ directory; and (7) edit-form-advanced.php, (8) admin-functions.php, (9) edit-link-form.php, (10) edit-page-form.php, (11) admin-footer.php, and (12) menu.php in the wp-admin directory; and possibly (13) list directory contents of the wp-includes directory. | 5.0 |
2006-03-03 | CVE-2006-0985 | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in the "post comment" functionality of WordPress 2.0.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) website, and (3) comment parameters. network wordpress | 4.3 |
2006-03-03 | CVE-2006-0984 | Cross-Site Scripting vulnerability in EJ3 Topo 2.2.178 Cross-site scripting (XSS) vulnerability in inc_header.php in EJ3 TOPo 2.2.178 allows remote attackers to inject arbitrary web script or HTML via the gTopNombre parameter. network ej3 | 4.3 |
2006-03-03 | CVE-2006-0983 | Cross-Site Scripting vulnerability in David Barrett Qwikiwiki 1.4 Cross-site scripting (XSS) vulnerability in index.php in QwikiWiki 1.4 allows remote attackers to inject arbitrary web script or HTML via the page parameter. network david-barrett | 4.3 |
2006-03-03 | CVE-2006-0982 | Security Bypass vulnerability in Mcafee Virex 7.7 The on-access scanner for McAfee Virex 7.7 for Macintosh, in some circumstances, might not activate when malicious content is accessed from the web browser, and might not prevent the content from being saved, which allows remote attackers to bypass virus protection, as demonstrated using the EICAR test file. | 5.0 |
2006-03-03 | CVE-2006-0981 | Remote Directory Traversal vulnerability in E-Merge Winace 2.6 Directory traversal vulnerability in e-merge WinAce 2.6 and earlier allows remote attackers to create and overwrite arbitrary files via certain crafted pathnames in a (1) zip or (2) tar archive. | 4.0 |
2006-03-03 | CVE-2006-0980 | Cross-Site Scripting vulnerability in JAY Eckles CGI Calendar 2.7 Multiple cross-site scripting (XSS) vulnerabilities in Jay Eckles CGI Calendar 2.7 allow remote attackers to inject arbitrary web script or HTML via the year parameter in (1) index.cgi and (2) viewday.cgi. network jay-eckles | 4.3 |
2006-03-03 | CVE-2006-0978 | HTML Injection vulnerability in Argosoft Mail Server 1.8.8.5 Multiple cross-site scripting (XSS) vulnerabilities in the View Headers (aka viewheaders) functionality in ArGoSoft Mail Server Pro 1.8.8.5 allow remote attackers to inject arbitrary web script or HTML via (1) the Subject header, (2) the From header, and (3) certain other unspecified headers. network argosoft | 4.3 |
2006-03-03 | CVE-2006-0977 | Unspecified vulnerability in Craig Morrison MTS PRO Craig Morrison Mail Transport System Professional (aka MTS Pro) acts as an open relay when configured to relay all mail through an external SMTP server, which allows remote attackers to relay mail by connecting to the MTS Pro server, then sending a MAIL FROM that specifies a domain that is local to the server. | 5.0 |