CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14001 CVE-2007-0020 Exec Code Overflow 2007-01-23 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in the SFTP protocol handler for Panic Transmit (Transmit.app) up to 3.5.5 allows remote attackers to execute arbitrary code via a long ftps:// URL.
14002 CVE-2007-0018 119 Exec Code Overflow 2007-01-24 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the NCTAudioFile2.AudioFile ActiveX control (NCTAudioFile2.dll), as used by multiple products, allows remote attackers to execute arbitrary code via a long argument to the SetFormatLikeSample function. NOTE: the products include (1) NCTsoft NCTAudioStudio, NCTAudioEditor, and NCTDialogicVoice; (2) Magic Audio Recorder, Music Editor, and Audio Converter; (3) Aurora Media Workshop; DB Audio Mixer And Editor; (4) J. Hepple Products including Fx Audio Editor and others; (5) EXPStudio Audio Editor; (6) iMesh; (7) Quikscribe; (8) RMBSoft AudioConvert and SoundEdit Pro 2.1; (9) CDBurnerXP; (10) Code-it Software Wave MP3 Editor and aBasic Editor; (11) Movavi VideoMessage, DVD to iPod, and others; (12) SoftDiv Software Dexster, iVideoMAX, and others; (13) Sienzo Digital Music Mentor (DMM); (14) MP3 Normalizer; (15) Roemer Software FREE and Easy Hi-Q Recorder, and Easy Hi-Q Converter; (16) Audio Edit Magic; (17) Joshua Video and Audio Converter; (18) Virtual CD; (19) Cheetah CD and DVD Burner; (20) Mystik Media AudioEdit Deluxe, Blaze Media, and others; (21) Power Audio Editor; (22) DanDans Digital Media Full Audio Converter, Music Editing Master, and others; (23) Xrlly Software Text to Speech Makerand Arial Sound Recorder / Audio Converter; (24) Absolute Sound Recorder, Video to Audio Converter, and MP3 Splitter; (25) Easy Ringtone Maker; (26) RecordNRip; (27) McFunSoft iPod Audio Studio, Audio Recorder for Free, and others; (28) MP3 WAV Converter; (29) BearShare 6.0.2.26789; and (30) Oracle Siebel SimBuilder and CRM 7.x.
14003 CVE-2007-0002 119 DoS Exec Code Overflow 2007-03-16 2018-10-16
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in WordPerfect Document importer/exporter (libwpd) before 0.8.9 allow user-assisted remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted WordPerfect file in which values to loop counters are not properly handled in the (1) WP3TablesGroup::_readContents and (2) WP5DefinitionGroup_DefineTablesSubGroup::WP5DefinitionGroup_DefineTablesSubGroup functions. NOTE: the integer overflow has been split into CVE-2007-1466.
14004 CVE-2006-7253 255 2015-08-04 2015-08-11
10.0
None Remote Low Not required Complete Complete Complete
GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors.
14005 CVE-2006-7236 16 Exec Code 2009-01-02 2018-10-03
9.3
Admin Remote Medium Not required Complete Complete Complete
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
14006 CVE-2006-7207 Overflow 2007-06-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in ageet AGEphone before 1.4.0 might allow remote attackers to have an unknown impact via unspecified vectors.
14007 CVE-2006-7201 2007-04-30 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
EMC RSA Security SiteKey does not set the secure qualifier on the SiteKey Flash token (aka the PassMark Flash shared object), which might allow remote attackers to obtain the token via HTTP.
14008 CVE-2006-7200 Bypass 2007-04-30 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
EMC RSA Security SiteKey issues challenge-bypass tokens that persist forever without a cancellation interface for end users, which makes it easier for attackers to bypass one stage of authentication by stealing and replaying a token.
14009 CVE-2006-7198 2007-04-30 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IBM WebSphere Application Server (WAS) before 5.1.1.14, and WAS for z/OS 601 before 6.0.2.13, has unknown impact and attack vectors, related to a "Potential security exposure," aka PK26123.
14010 CVE-2006-7185 Exec Code File Inclusion 2007-03-30 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/user_standard.php in CMSmelborp Beta allows remote attackers to execute arbitrary PHP code via a URL in the relative_root parameter.
14011 CVE-2006-7183 Exec Code File Inclusion 2007-03-30 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in styles.php in Exhibit Engine (EE) 1.22 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the toroot parameter.
14012 CVE-2006-7182 Exec Code File Inclusion 2007-03-30 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in noticias.php in MNews 2.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the inc parameter.
14013 CVE-2006-7181 94 Exec Code File Inclusion 2007-03-30 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in Morcego CMS 0.9.6 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) fichero parameter to morcegoCMS.php or the (2) path parameter to adodb/adodb.inc.php. NOTE: vector 1 has been disputed by a third party who shows that $fichero can not be controlled by an attacker.
14014 CVE-2006-7174 Exec Code File Inclusion 2007-03-21 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/functions.php in the Dimension module of phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this may be the same issue as CVE-2006-5235.
14015 CVE-2006-7173 Exec Code 2007-03-20 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Direct static code injection vulnerability in admin.php in PHP-Stats 0.1.9.1b and earlier allows remote attackers to execute arbitrary PHP code via a crafted option_new[report_w_day] parameter in a preferenze action, which can be later accessed via option/php-stats-options.php.
14016 CVE-2006-7156 Exec Code File Inclusion 2007-03-07 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in addon_keywords.php in Keyword Replacer (keyword_replacer) 1.0 and earlier, a module for miniBB, allows remote attackers to execute arbitrary PHP code via a URL in the pathToFiles parameter.
14017 CVE-2006-7153 Exec Code File Inclusion 2007-03-07 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in index.php in MiniBB Forum 2 allows remote attackers to execute arbitrary code via a URL in the pathToFiles parameter.
14018 CVE-2006-7148 Exec Code File Inclusion 2007-03-07 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
14019 CVE-2006-7136 Exec Code File Inclusion 2007-03-06 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in PHP Poll Creator (phpPC) 1.04 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the relativer_pfad parameter to (1) poll.php, (2) poll_kommentar.php, and (3) poll_sm.php, different vectors and version than CVE-2005-1755.
14020 CVE-2006-7134 2007-03-05 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Unrestricted file upload vulnerability in main_user.php in Upload Tool for PHP 1.0 allows remote attackers to upload and execute arbitrary files with executable extensions such as .php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14021 CVE-2006-7132 Dir. Trav. 2007-03-05 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in pmd-config.php in PHPMyDesk 1.0beta allows remote attackers to include arbitrary local files via the pmdlang parameter to viewticket.php.
14022 CVE-2006-7131 Exec Code File Inclusion 2007-03-05 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in extras/mt.php in Jinzora 2.6 allows remote attackers to execute arbitrary PHP code via the web_root parameter.
14023 CVE-2006-7120 Exec Code File Inclusion 2007-03-05 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php.
14024 CVE-2006-7097 2007-03-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.
14025 CVE-2006-7096 DoS Exec Code Overflow 2007-03-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
14026 CVE-2006-7095 DoS Exec Code Overflow 2007-03-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.
14027 CVE-2006-7064 XSS 2007-02-23 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
14028 CVE-2006-7061 XSS 2007-02-23 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
14029 CVE-2006-7052 Exec Code File Inclusion 2007-02-23 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
14030 CVE-2006-7046 94 Exec Code File Inclusion 2007-02-23 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14031 CVE-2006-7036 Exec Code File Inclusion 2007-02-22 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated.
14032 CVE-2006-7032 Exec Code File Inclusion 2007-02-22 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
14033 CVE-2006-7027 2007-02-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
14034 CVE-2006-7022 2007-02-14 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.
14035 CVE-2006-7018 Exec Code 2007-02-14 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.
14036 CVE-2006-7015 Exec Code File Inclusion 2007-02-14 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests.
14037 CVE-2006-7012 Exec Code 2007-02-14 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.
14038 CVE-2006-6997 287 2007-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
14039 CVE-2006-6940 Exec Code Overflow 2007-01-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
14040 CVE-2006-6926 Overflow 2007-01-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
14041 CVE-2006-6918 2007-01-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
14042 CVE-2006-6917 Exec Code Overflow 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
14043 CVE-2006-6909 Exec Code Overflow 2006-12-31 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
14044 CVE-2006-6908 DoS Exec Code Overflow 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
14045 CVE-2006-6907 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
14046 CVE-2006-6905 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14047 CVE-2006-6903 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14048 CVE-2006-6902 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14049 CVE-2006-6901 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14050 CVE-2006-6900 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.