CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
14351 CVE-2006-7120 Exec Code File Inclusion 2007-03-05 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in lib/php/phphtmllib-2.5.4/examples/example6.php for maintain 3.0.0-RC2 allows remote attackers to execute arbitrary PHP code via a URL in the phphtmllib parameter. NOTE: this issue might be in phpHtmlLib. NOTE: CVE disputes this issue for proper installations of maintain, since $phphtmllib is set in includes.inc before being used in example6.php.
14352 CVE-2006-7097 2007-03-02 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in TaskFreak! before 0.1.4 have unknown impact and attack vectors.
14353 CVE-2006-7096 DoS Exec Code Overflow 2007-03-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the network_host_handle_join function in host.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.
14354 CVE-2006-7095 DoS Exec Code Overflow 2007-03-02 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Integer signedness error in the network_receive_packet function in socket.c in dimension 3 engine (dim3) 1.5 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a large data_len value, which is cast to a signed short and results in a buffer overflow.
14355 CVE-2006-7064 XSS 2007-02-23 2017-07-28
9.3
Admin Remote Medium Not required Complete Complete Complete
Cross-site scripting (XSS) vulnerability in forum/admin.php for Invision Power Board (IPB) 2.1.6 and earlier allows remote attackers to inject arbitrary web script or HTML as the administrator via the phpinfo parameter.
14356 CVE-2006-7061 XSS 2007-02-23 2008-09-05
9.3
None Remote Medium Not required Complete Complete Complete
Scriptsez.net E-Dating System stores data files with predictable names under the web document root with insufficient access control, which allows remote attackers to read private messages and leverage them for cross-site scripting (XSS) attacks.
14357 CVE-2006-7052 Exec Code File Inclusion 2007-02-23 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple PHP remote file inclusion vulnerabilities in DotWidget For Articles (dotwidgeta) 0.2 allow remote attackers to execute arbitrary code via a URL in the (1) file_path parameter to (a) index.php, (b) showcatpicks.php, and (c) showarticle.php; and the (2) admin_header_file and (3) admin_footer_file parameters to (d) admin/authors.php, (e) admin/index.php, (f) admin/categories.php, (g) admin/editconfig.php, and (h) admin/articles.php.
14358 CVE-2006-7046 94 Exec Code File Inclusion 2007-02-23 2008-09-05
9.3
Admin Remote Medium Not required Complete Complete Complete
PHP remote file inclusion vulnerability in cmpro.intern/login.inc.php for Clan Manager Pro (CMPRO) 1.1.0 allows remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
14359 CVE-2006-7036 Exec Code File Inclusion 2007-02-22 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in register.php for Andys Chat 4.5 allows remote attackers to execute arbitrary code via the action parameter. NOTE: this issue was announced by an unreliable researcher, but the vendor is no longer distributing the product, so the original claims can not be evaluated.
14360 CVE-2006-7032 Exec Code File Inclusion 2007-02-22 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in phpbb/getmsg.php in FlashBB 1.1.5 and earlier allows remote attackers to execute arbitrary code via a URL in the phpbb_root_path parameter.
14361 CVE-2006-7027 2007-02-22 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Microsoft Internet Security and Acceleration (ISA) Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks.
14362 CVE-2006-7022 2007-02-14 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
The Tools module in fx-APP 0.0.8.1 allows remote attackers to misrepresent the contents of a web page via an arbitrary URL in the url parameter to a showhtml action for index.php, which causes the URL to be displayed within an iframe.
14363 CVE-2006-7018 Exec Code 2007-02-14 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
phpwcms 1.2.5-DEV and earlier, and 1.1 before RC4, allows remote attackers to execute arbitrary code via a crafted argument to the nome_evento parameter to phpwcms_code_snippets/mail_file_form.php and (2) sample_ext_php/mail_file_form.php, which is processed by the render_PHPcode function.
14364 CVE-2006-7015 Exec Code File Inclusion 2007-02-14 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in admin.jobline.php in Jobline 1.1.1 allows remote attackers to execute arbitrary code via a URL in the mosConfig_absolute_path parameter. NOTE: CVE disputes this issue because the script is protected against direct requests.
14365 CVE-2006-7012 Exec Code 2007-02-14 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.
14366 CVE-2006-6997 287 2007-02-12 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
14367 CVE-2006-6940 Exec Code Overflow 2007-01-17 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
14368 CVE-2006-6926 Overflow 2007-01-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
14369 CVE-2006-6918 2007-01-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
14370 CVE-2006-6917 Exec Code Overflow 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
14371 CVE-2006-6909 Exec Code Overflow 2006-12-31 2016-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
14372 CVE-2006-6908 DoS Exec Code Overflow 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
14373 CVE-2006-6907 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
14374 CVE-2006-6905 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14375 CVE-2006-6903 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14376 CVE-2006-6902 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14377 CVE-2006-6901 2006-12-31 2018-10-16
10.0
Admin Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
14378 CVE-2006-6900 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."
14379 CVE-2006-6894 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."
14380 CVE-2006-6884 119 Exec Code Overflow 2006-12-31 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
14381 CVE-2006-6869 Dir. Trav. 2006-12-31 2017-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
14382 CVE-2006-6864 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
14383 CVE-2006-6863 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
14384 CVE-2006-6861 Exec Code Sql 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
14385 CVE-2006-6860 Exec Code Overflow 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
14386 CVE-2006-6859 Exec Code Sql 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
14387 CVE-2006-6853 Exec Code Overflow 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
14388 CVE-2006-6841 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
14389 CVE-2006-6840 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
14390 CVE-2006-6839 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
14391 CVE-2006-6836 2006-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
14392 CVE-2006-6772 134 Exec Code 2006-12-27 2018-08-13
9.3
Admin Remote Medium Not required Complete Complete Complete
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
14393 CVE-2006-6767 DoS 2007-01-16 2017-07-28
9.4
None Remote Low Not required None Complete Complete
oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
14394 CVE-2006-6749 119 Overflow 2006-12-26 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
14395 CVE-2006-6745 +Priv 2006-12-26 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
14396 CVE-2006-6731 Overflow 2006-12-26 2019-10-09
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
14397 CVE-2006-6713 Exec Code Overflow 2006-12-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
14398 CVE-2006-6676 189 Exec Code Overflow 2006-12-20 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.
14399 CVE-2006-6670 2006-12-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.
14400 CVE-2006-6652 119 Exec Code Overflow 2006-12-19 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.