CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14101 CVE-2006-6270 Exec Code Sql 2006-12-04 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
14102 CVE-2006-6268 Exec Code Sql 2006-12-04 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).
14103 CVE-2006-6261 DoS Exec Code Overflow 2006-12-04 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in Quintessential Player 4.50.1.82 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) M3u or (2) M3u-8 file; or a (3) crafted PLS file with a long value in the (a) NumberofEntries, (b) Length (aka Length1), (c) Filename (aka File1), (d) Title (aka Title1) field, or other unspecified fields.
14104 CVE-2006-6259 Dir. Trav. 2006-12-04 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.
14105 CVE-2006-6258 XSS 2006-12-04 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
The phpmyadmin subsystem in AlternC 0.9.5 and earlier transmits the SQL password in cleartext in a cookie, which might allow remote attackers to obtain the password by sniffing or by conducting a cross-site scripting (XSS) attack.
14106 CVE-2006-6236 DoS Exec Code 2006-12-03 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods in an AcroPDF ActiveX control, a different set of vectors than CVE-2006-6027.
14107 CVE-2006-6235 Exec Code 2006-12-07 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
14108 CVE-2006-6222 Exec Code Overflow 2006-12-14 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.
14109 CVE-2006-6184 2 DoS Exec Code Overflow 2006-11-30 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
14110 CVE-2006-6183 119 DoS Exec Code Overflow 2006-11-30 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
14111 CVE-2006-6143 DoS Exec Code 2006-12-31 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors.
14112 CVE-2006-6136 2006-11-27 2009-06-17
10.0
None Remote Low Not required Complete Complete Complete
IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) does not perform EAL4 authentication checks at the proper time during "registering of response operation," which has unknown impact and attack vectors.
14113 CVE-2006-6135 2006-11-27 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in IBM WebSphere Application Server 6.1.0 before Fix Pack 3 (6.1.0.3) have unknown impact and attack vectors, related to (1) a "Potential security vulnerability" (PK29725) and (2) "Potential security exposure" (PK30831).
14114 CVE-2006-6121 Exec Code 2006-11-26 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Acer Notebook LunchApp.APlunch ActiveX control allows remote attackers to execute arbitrary commands by calling the Run method.
14115 CVE-2006-6102 Exec Code Overflow Mem. Corr. 2006-12-31 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
14116 CVE-2006-6076 Exec Code Overflow 2006-11-24 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Tape Engine (tapeeng.exe) in CA (formerly Computer Associates) BrightStor ARCserve Backup 11.5 and earlier allows remote attackers to execute arbitrary code via certain RPC requests to TCP port 6502.
14117 CVE-2006-6071 2006-12-01 2017-07-19
9.0
None Remote Low Single system Complete Complete Complete
TWiki 4.0.5 and earlier, when running under Apache 1.3 using ApacheLogin with sessions and "ErrorDocument 401" redirects to a valid wiki topic, does not properly handle failed login attempts, which allows remote attackers to read arbitrary content by cancelling out of a failed authentication with a valid username and invalid password.
14118 CVE-2006-6061 DoS Exec Code Mem. Corr. 2006-11-21 2017-07-19
9.3
Admin Remote Medium Not required Complete Complete Complete
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
14119 CVE-2006-6059 Exec Code Overflow Mem. Corr. 2006-11-21 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in MA521nd5.SYS driver 5.148.724.2003 for NetGear MA521 PCMCIA adapter allows remote attackers to execute arbitrary code via (1) beacon or (2) probe 802.11 frame responses with an long supported rates information element. NOTE: this issue was reported as a "memory corruption" error, but the associated exploit code suggests that it is a buffer overflow.
14120 CVE-2006-6055 Exec Code Overflow 2006-11-21 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in A5AGU.SYS 1.0.1.41 for the D-Link DWL-G132 wireless adapter allows remote attackers to execute arbitrary code via a 802.11 beacon request with a long Rates information element (IE).
14121 CVE-2006-6027 DoS Exec Code 2006-11-21 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
14122 CVE-2006-6026 119 DoS Exec Code Overflow 2006-11-21 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
14123 CVE-2006-5994 Exec Code Mem. Corr. 2006-12-06 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000 and 2002, Office Word and Word Viewer 2003, Word 2004 and 2004 v. X for Mac, and Works 2004, 2005, and 2006 allows remote attackers to execute arbitrary code via a Word document with a malformed string that triggers memory corruption, a different vulnerability than CVE-2006-6456.
14124 CVE-2006-5982 310 2006-11-20 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
SeleniumServer FTP Server 1.0, and possibly earlier, stores user passwords in plaintext in the Servers directory, which allows attackers to obtain passwords by reading the file. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
14125 CVE-2006-5980 2006-11-20 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
adm_lgn_admin.asp in Renasoft NetJetServer 2.5.3.939, and possibly earlier, does not properly perform login authentication, which allows remote attackers to obtain administrative privileges. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
14126 CVE-2006-5978 2006-11-20 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in E-Xoopport before 2.2.0 has unknown impact and attack vectors, as addressed by "Some security fix."
14127 CVE-2006-5972 Exec Code Overflow 2006-11-17 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in WG111v2.SYS in NetGear WG111v2 wireless adapter (USB) allows remote attackers to execute arbitrary code via a long 802.11 beacon request.
14128 CVE-2006-5940 189 2006-11-15 2016-11-18
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors related to "Integer Issues" and parsing of .EXE files.
14129 CVE-2006-5938 20 2006-11-15 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Grisoft AVG Anti-Virus before 7.1.407 has unknown impact and remote attack vectors involving an uninitialized variable and a crafted CAB file.
14130 CVE-2006-5912 2006-11-15 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Campware Campsite before 2.6.2 has unknown impact and attack vectors, related to a "Security fix for you-know-what," possibly related to encrypted passwords.
14131 CVE-2006-5870 189 Exec Code Overflow 2006-12-31 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that triggers heap-based buffer overflows in (1) wmf/winwmf.cxx, during processing of META_ESCAPE records; and wmf/enhwmf.cxx, during processing of (2) EMR_POLYPOLYGON and (3) EMR_POLYPOLYGON16 records.
14132 CVE-2006-5868 Overflow 2006-11-21 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
14133 CVE-2006-5857 399 Exec Code Mem. Corr. 2006-12-31 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader and Acrobat 7.0.8 and earlier allows user-assisted remote attackers to execute code via a crafted PDF file that triggers memory corruption and overwrites a subroutine pointer during rendering.
14134 CVE-2006-5855 DoS Exec Code Overflow 2006-12-06 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
14135 CVE-2006-5822 Exec Code Overflow 2006-12-14 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.
14136 CVE-2006-5820 Exec Code 2007-04-02 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
The LinkSBIcons method in the SuperBuddy ActiveX control (Sb.SuperBuddy.1) in America Online 9.0 Security Edition dereferences an arbitrary function pointer, which allows remote attackers to execute arbitrary code via a modified pointer value.
14137 CVE-2006-5819 2006-11-17 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Verity Ultraseek before 5.7 allows remote attackers to use the server as a proxy for web attacks and host scanning via a direct request to the highlight/index.html script.
14138 CVE-2006-5815 119 DoS Exec Code Overflow 2006-11-08 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
14139 CVE-2006-5809 2006-11-08 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Jonathon J. Freeman OvBB before 0.13a have unknown impact and attack vectors.
14140 CVE-2006-5709 2006-11-03 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in WorldClient in Alt-N Technologies MDaemon before 9.50 has unknown impact and attack vectors related to a "JavaScript exploit."
14141 CVE-2006-5675 Sql 2006-11-02 2017-07-19
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Pentaho Business Intelligence (BI) Suite before 1.2 RC3 (1.2.0.470-RC3) have unknown impact and attack vectors, related to "MySQL Scripts need changes for security," possibly SQL injection vulnerabilities associated with these scripts.
14142 CVE-2006-5657 2006-11-02 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple off-by-one errors in src/text.c in Vilistextum before 2.6.9 have unknown impact and attack vectors.
14143 CVE-2006-5642 2006-10-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.
14144 CVE-2006-5616 Exec Code 2006-10-30 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in OpenPBS, as used in SUSE Linux 9.2 through 10.1, allow attackers to execute arbitrary code via unspecified vectors.
14145 CVE-2006-5611 2006-10-30 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Toshiba Bluetooth Stack before 4.20.01 has unspecified impact and attack vectors, related to the 4.20.01(T) "Security fix." NOTE: due to the lack of details in the vendor advisory, it is not clear whether this issue is related to CVE-2006-5405.
14146 CVE-2006-5601 119 Exec Code Overflow 2006-10-27 2017-07-19
9.0
Admin Remote Low Single system Complete Complete Complete
Stack-based buffer overflow in the eap_do_notify function in eap.c in xsupplicant before 1.2.6, and possibly other versions, allows remote authenticated users to execute arbitrary code via unspecified vectors.
14147 CVE-2006-5583 Exec Code Overflow Mem. Corr. 2006-12-12 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
14148 CVE-2006-5581 Exec Code Mem. Corr. 2006-12-12 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability."
14149 CVE-2006-5579 119 Exec Code Overflow Mem. Corr. 2006-12-12 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability."
14150 CVE-2006-5574 Exec Code 2006-12-31 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in the Brazilian Portuguese Grammar Checker in Microsoft Office 2003 and the Multilingual Interface for Office 2003, Project 2003, and Visio 2003 allows user-assisted remote attackers to execute arbitrary code via crafted text that is not properly parsed.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.