CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14051 CVE-2006-1255 DoS Exec Code Overflow 2006-03-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
14052 CVE-2006-1254 2006-03-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14053 CVE-2006-1250 2006-03-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors.
14054 CVE-2006-1190 Exec Code 2006-04-11 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code.
14055 CVE-2006-1189 119 Exec Code Overflow Mem. Corr. 2006-04-11 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability."
14056 CVE-2006-1186 Exec Code Mem. Corr. 2006-04-11 2018-10-12
10.0
Admin Remote Low Not required Complete Complete Complete
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption.
14057 CVE-2006-1123 Exec Code Sql 2006-03-09 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie.
14058 CVE-2006-1085 Exec Code +Priv Bypass 2006-03-08 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password.
14059 CVE-2006-1069 +Priv 2006-03-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors.
14060 CVE-2006-1047 2006-03-07 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors.
14061 CVE-2006-1038 Overflow 2006-03-07 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string.
14062 CVE-2006-1017 2006-03-06 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions.
14063 CVE-2006-1002 255 2006-03-06 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers.
14064 CVE-2006-1000 Exec Code Sql Bypass 2006-03-06 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp.
14065 CVE-2006-0992 Exec Code Overflow 2006-04-14 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier.
14066 CVE-2006-0990 Exec Code Overflow 2006-03-27 2018-10-18
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
14067 CVE-2006-0989 Exec Code Overflow 2006-03-27 2018-10-18
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors.
14068 CVE-2006-0979 2006-03-03 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors.
14069 CVE-2006-0884 20 Bypass +Info 2006-02-24 2018-10-18
9.3
None Remote Medium Not required Complete Complete Complete
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail.
14070 CVE-2006-0874 2006-02-24 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (from January 8, 2005) is too vague to be sure, and CVE-2006-0854 does not provide version information.
14071 CVE-2006-0864 +Priv 2006-02-23 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value.
14072 CVE-2006-0789 2006-02-19 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session.
14073 CVE-2006-0751 2006-02-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors.
14074 CVE-2006-0749 399 DoS Exec Code Mem. Corr. 2006-04-14 2018-10-19
9.3
Admin Remote Medium Not required Complete Complete Complete
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown vectors involving a "particular sequence of HTML tags" that leads to memory corruption.
14075 CVE-2006-0748 399 Exec Code 2006-04-14 2018-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid and non-sensical ordering of table-related tags" that results in a negative array index.
14076 CVE-2006-0736 Exec Code Overflow 2006-02-27 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the pam_micasa PAM authentication module in CASA on Novell Linux Desktop 9 and Open Enterprise Server 1 allows remote attackers to execute arbitrary code via unspecified vectors.
14077 CVE-2006-0708 Exec Code Overflow 2006-02-15 2018-10-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in NullSoft Winamp 5.13 and earlier allow remote attackers to execute arbitrary code via (1) an m3u file containing a long URL ending in .wma, (2) a pls file containing a File1 field with a long URL ending in .wma, or (3) an m3u file with a long filename, variants of CVE-2005-3188 and CVE-2006-0476.
14078 CVE-2006-0698 Sql 2006-02-15 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerabilities in Zen Cart before 1.2.7 allow remote attackers to cause unknown impact via unspecified vectors related to "other attempted exploits" other than SQL injection.
14079 CVE-2006-0697 264 2006-02-15 2013-01-03
10.0
None Remote Low Not required Complete Complete Complete
Zen Cart before 1.2.7 does not protect the admin/includes directory, which allows remote attackers to cause unknown impact via unspecified vectors, probably direct requests.
14080 CVE-2006-0686 +Priv 2006-02-14 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
add_user.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not check user privileges when adding a new administrative user, which allows remote attackers to gain unauthorized access.
14081 CVE-2006-0685 2006-02-14 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
The check_login function in login.php in Virtual Hosting Control System (VHCS) 2.4.7.1 and earlier does not exit when authentication fails, which allows remote attackers to gain unauthorized access.
14082 CVE-2006-0672 2006-02-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in HP PSC 1210 All-in-One Drivers before 1.0.06 has unknown impact and attack vectors.
14083 CVE-2006-0665 2006-02-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in (1) query_store.php and (2) manage_proj_create.php in Mantis before 1.0.0 has unknown impact and attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. An original vendor bug report is referenced, but not accessible to the general public.
14084 CVE-2006-0559 Exec Code 2006-04-04 2018-10-19
10.0
Admin Remote Low Not required Complete Complete Complete
Format string vulnerability in the SMTP server for McAfee WebShield 4.5 MR2 and earlier allows remote attackers to execute arbitrary code via format strings in the domain name portion of a destination address, which are not properly handled when a bounce message is constructed.
14085 CVE-2006-0411 +Priv 2006-01-25 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
claro_init_local.inc.php in Claroline 1.7.2 uses guessable session cookies (MD5 hash of connection time), which allows remote attackers to hijack sessions and possibly gain administrative privileges.
14086 CVE-2006-0323 119 Exec Code Overflow 2006-03-23 2018-10-19
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
14087 CVE-2006-0316 Exec Code Overflow 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in YGPPicFinder.DLL in AOL You've Got Pictures (YGP) Picture Finder Tool ActiveX Control, as used in AOL 8.0, 8.0 Plus, and 9.0 Classic, allows remote attackers to execute arbitrary code via unspecified vectors.
14088 CVE-2006-0303 2006-01-18 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the (1) publishing component, (2) Contact Component, (3) TinyMCE Compressor, and (4) other components in Joomla! 1.0.5 and earlier have unknown impact and attack vectors.
14089 CVE-2006-0291 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Database Server 10.2.0.1, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) WF02 and (2) WF03 in the Oracle Workflow Cartridge component.
14090 CVE-2006-0290 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Database Server 9.2.0.7, Application Server 9.0.4.2 and 10.1.2.1, Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i), and E-Business Suite and Applications 11.5.10 has unspecified impact and attack vectors, as identified by Oracle Vuln# WF01 in the Oracle Workflow Cartridge component.
14091 CVE-2006-0289 Dir. Trav. 2006-01-18 2018-10-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Application Server 6.0.8.26(PS17) and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP05 and (2) REP06 in the Oracle Reports Developer component. NOTE: Oracle has not disputed reliable researcher claims that REP05 is the same as CVE-2005-2378 and REP06 is the same as CVE-2005-2371, both of which involve directory traversal.
14092 CVE-2006-0288 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in the Oracle Reports Developer component of Oracle Application Server 9.0.4.1 and E-Business Suite and Applications 11.5.10 have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) REP01 and (2) REP02.
14093 CVE-2006-0287 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 10.1.0.5 and Application Server 10.1.2.0.2 has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS02.
14094 CVE-2006-0286 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Oracle HTTP Server component of Oracle Database Server 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# OHS01.
14095 CVE-2006-0285 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Java Net component of Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.4, and Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, has unspecified impact and attack vectors, as identified by Oracle Vuln# JN01.
14096 CVE-2006-0284 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Oracle Application Server 9.0.4.2 and 10.1.2.0.2, and E-Business Suite and Applications 11.5.10, have unspecified impact and attack vectors, as identified by Oracle Vuln# (1) FORM01 and (2) FORM02 in the Oracle Forms component.
14097 CVE-2006-0283 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Database Server 10.1.0.4.2, Application Server 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC02 in the Reorganize Objects & Convert Tablespace component.
14098 CVE-2006-0282 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle Database Server 8.1.7.4, 9.0.1.5, 9.0.1.5 FIPS, 9.2.0.7, and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, and 10.1.2.0.2, and Collaboration Suite Release 2, version 9.0.4.2 (Oracle9i) has unspecified impact and attack vectors, as identified by Oracle Vuln# DBC01 in the Protocol Support component.
14099 CVE-2006-0281 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle JD Edwards HTML Server 8.95.F1 SP23_L1 has unspecified impact and attack vectors, as identified by Oracle Vuln# JDE01.
14100 CVE-2006-0280 2006-01-18 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Oracle PeopleSoft Enterprise Portal 8.4 Bundle 15, 8.8 Bundle 10, and 8.9 Bundle 2 has unspecified impact and attack vectors, as identified by Oracle Vuln# PSE01.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.