Vulnerabilities > Medium

DATE CVE VULNERABILITY TITLE RISK
2006-05-12 CVE-2006-2340 HTML Injection vulnerability in PassMasterFlex
Cross-site scripting (XSS) vulnerability in PassMasterFlex and PassMasterFlexPlus (PassMasterFlex+) 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) username, (2) password, or (3) User-Agent HTTP header in the Hack Log.
network
lethal-penguin
5.8
2006-05-12 CVE-2006-2339 SQL Injection vulnerability in Evo-Dev Evotopsites and Evotopsites PRO
SQL injection vulnerability in index.php in evoTopsites 2.x and evoTopsites Pro 2.x allows remote attackers to execute arbitrary SQL commands via the (1) cat_id and (2) id parameters.
network
low complexity
evo-dev
6.4
2006-05-12 CVE-2006-2337 Path Traversal vulnerability in D-Link Dsl-G604T
Directory traversal vulnerability in webcm in the D-Link DSL-G604T Wireless ADSL Router Modem allows remote attackers to read arbitrary files via an absolute path in the getpage parameter.
network
low complexity
d-link CWE-22
5.0
2006-05-12 CVE-2006-2336 SQL Injection vulnerability in Mybulletinboard 1.1.1
SQL injection vulnerability in showthread.php in MyBB (aka MyBulletinBoard) 1.1.1 allows remote attackers to execute arbitrary SQL commands via the comma parameter.
network
low complexity
mybulletinboard
6.4
2006-05-12 CVE-2006-2335 Remote Security vulnerability in Jelsoft Vbulletin 3.5.8
Jelsoft vBulletin accepts uploads of Cascading Style Sheets (CSS) and processes them in a way that allows remote authenticated administrators to gain shell access by uploading a CSS file that contains PHP code, then selecting the file via the style chooser, which causes the PHP code to be executed.
network
low complexity
jelsoft
6.5
2006-05-12 CVE-2006-2333 SQL-Injection vulnerability in Mybulletinboard 1.1.1
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote attackers to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2) member.php.
network
low complexity
mybulletinboard
6.4
2006-05-12 CVE-2006-2331 Local File Include vulnerability in PHP-Fusion
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a ..
network
low complexity
php-fusion
6.4
2006-05-12 CVE-2006-2330 Local File Include vulnerability in PHP-Fusion
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
network
low complexity
php-fusion
6.4
2006-05-12 CVE-2006-2329 Information Disclosure vulnerability in Angelinecms 0.6.5
AngelineCMS 0.6.5 and earlier allow remote attackers to obtain sensitive information via a direct request for (1) adodb-access.inc.php, (2) adodb-ado.inc.php, (3) adodb-ado_access.inc, (4) adodb-ado_mssql.inc.php, (5) adodb-borland_ibase, (6) adodb-csv.inc.php, (7) adodb-db2.inc.php, (8) adodb-fbsql.inc.php, (9) adodb-firebird.inc.php, (10) adodb-ibase.inc.php, (11) adodb-informix.inc.php, (12) adodb-informix72.inc, (13) adodb-mssql.inc.php, (14) adodb-mssqlpo.inc.php, (15) adodb-mysql.inc.php, (16) adodb-mysqlt.inc.php, (17) adodb-oci8.inc.php, (18) adodb-oci805.inc.php, (19) adodb-oci8po.inc.php, and (20) adodb-odbc.inc.php, which reveal the path in various error messages; and via a direct request for the (21) lib/system/ directory and (22) possibly other lib/ directories, which provide a directory listing and "architecture view."
network
low complexity
angelinecms
5.0
2006-05-12 CVE-2006-2328 SQL-Injection vulnerability in AngelineCMS
SQL injection vulnerability in lib/adodb/server.php in AngelineCMS 0.6.5 and earlier might allow remote attackers to execute arbitrary SQL commands via the query string.
network
low complexity
angelinecms
6.4