Security Vulnerabilities, CVEs, Published In December 2006 CVSS score >= 9

Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.

Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.

Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.

Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.

Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.

Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."

Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."

Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.

Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.

PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.

PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value

Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.

Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.

SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.

Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.

Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."

Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."

Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.

Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.

Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.

Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.