CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
16651 CVE-2006-7012 Exec Code 2007-02-15 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
scart.cgi in SCart 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter of a show_text action.
16652 CVE-2006-6997 287 2007-02-12 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.
16653 CVE-2006-6940 Exec Code Overflow 2007-01-17 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the ParseHeader function in clsOWA.cls in POP3/SMTP to OWA (pop2owa) 1.1.3 allows remote attackers to execute arbitrary code via a long header in an e-mail message.
16654 CVE-2006-6926 Overflow 2007-01-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in eXtremail 2.1 has unknown impact and attack vectors, as demonstrated by VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.
16655 CVE-2006-6918 2007-01-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Admin login for Georgian discussion board (GeoBB) before 1.0 has unknown impact and attack vectors.
16656 CVE-2006-6917 Exec Code Overflow 2006-12-31 2021-04-07
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Computer Associates (CA) BrightStor ARCserve Backup R11.5 Server before SP2 allows remote attackers to execute arbitrary code in the Tape Engine (tapeeng.exe) via a crafted RPC request with (1) opnum 38, which is not properly handled in TAPEUTIL.dll 11.5.3884.0, or (2) opnum 37, which is not properly handled in TAPEENG.dll 11.5.3884.0.
16657 CVE-2006-6909 Exec Code Overflow 2006-12-31 2016-10-18
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in http.c in Karl Dahlke Edbrowse (aka Command line editor browser) 3.1.3 allows remote attackers to execute arbitrary code by operating an FTP server that sends directory listings with (1) long user names or (2) long group names.
16658 CVE-2006-6908 DoS Exec Code Overflow 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors.
16659 CVE-2006-6907 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluesoil Bluetooth stack has unknown impact and attack vectors.
16660 CVE-2006-6905 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Widcomm Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
16661 CVE-2006-6903 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Toshiba Bluetooth stack allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
16662 CVE-2006-6902 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows Mobile Pocket PC edition allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
16663 CVE-2006-6901 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Microsoft Windows allows remote attackers to gain administrative access (aka Remote Root) via unspecified vectors.
16664 CVE-2006-6900 2006-12-31 2018-10-16
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Bluetooth stack in Apple Mac OS 10.4 has unknown impact and attack vectors, related to an "implementation bug."
16665 CVE-2006-6894 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."
16666 CVE-2006-6884 119 Exec Code Overflow 2006-12-31 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 Build 6667 allows remote attackers to execute arbitrary code via a long argument to the CreateNewFolderFromName method, a different vulnerability than CVE-2006-5198.
16667 CVE-2006-6869 Dir. Trav. 2006-12-31 2017-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Directory traversal vulnerability in includes/search/search_mdforum.php in MAXdev MDForum 2.0.1 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the PNSVlang cookie to error.php, as demonstrated by injecting PHP sequences into an Apache HTTP Server log file, which is then included by error.php.
16668 CVE-2006-6864 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
16669 CVE-2006-6863 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
16670 CVE-2006-6861 Exec Code Sql 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
16671 CVE-2006-6860 Exec Code Overflow 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
16672 CVE-2006-6859 Exec Code Sql 2006-12-31 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
16673 CVE-2006-6853 Exec Code Overflow 2006-12-31 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
16674 CVE-2006-6841 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
16675 CVE-2006-6840 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
16676 CVE-2006-6839 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
16677 CVE-2006-6836 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
16678 CVE-2006-6772 134 Exec Code 2006-12-27 2018-08-13
9.3
None Remote Medium Not required Complete Complete Complete
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL certificate associated with an https URL.
16679 CVE-2006-6767 DoS 2007-01-16 2017-07-29
9.4
None Remote Low Not required None Complete Complete
oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure.
16680 CVE-2006-6749 119 Overflow 2006-12-27 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the parse_expression function in parse_config in OpenSER 1.1.0 allows attackers to have an unknown impact via a long str parameter.
16681 CVE-2006-6745 +Priv 2006-12-26 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
16682 CVE-2006-6731 Overflow 2006-12-26 2019-10-09
9.3
None Remote Medium Not required Complete Complete Complete
Multiple buffer overflows in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, and SDK and JRE 1.3.1_18 and earlier allow attackers to develop Java applets that read, write, or execute local files, possibly related to (1) integer overflows in the Java_sun_awt_image_ImagingLib_convolveBI, awt_parseRaster, and awt_parseColorModel functions; (2) a stack overflow in the Java_sun_awt_image_ImagingLib_lookupByteRaster function; and (3) improper handling of certain negative values in the Java_sun_font_SunLayoutEngine_nativeLayout function. NOTE: some of these details are obtained from third party information.
16683 CVE-2006-6713 Exec Code Overflow 2006-12-23 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
16684 CVE-2006-6676 189 Exec Code Overflow 2006-12-21 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.
16685 CVE-2006-6670 2006-12-20 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.
16686 CVE-2006-6652 119 Exec Code Overflow 2006-12-20 2018-10-17
9.0
None Remote Low ??? Complete Complete Complete
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion.
16687 CVE-2006-6636 2006-12-19 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
16688 CVE-2006-6627 Exec Code Overflow 2006-12-18 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
16689 CVE-2006-6605 Exec Code Overflow 2006-12-19 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
16690 CVE-2006-6603 Exec Code Overflow 2006-12-15 2011-03-08
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in the YMMAPI.YMailAttach ActiveX control (ymmapi.dll) before 2005.1.1.4 in Yahoo! Messenger allows remote attackers to execute arbitrary code via a crafted HTML document. NOTE: some details were obtained from third party information.
16691 CVE-2006-6584 DoS Exec Code Overflow 2006-12-15 2017-07-29
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
16692 CVE-2006-6568 Dir. Trav. 2006-12-15 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
16693 CVE-2006-6567 Exec Code File Inclusion 2006-12-15 2017-10-19
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
16694 CVE-2006-6561 Exec Code Mem. Corr. 2006-12-14 2018-05-03
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000, 2002, and Word Viewer 2003 allows user-assisted remote attackers to execute arbitrary code via a crafted DOC file that triggers memory corruption, as demonstrated via the 12122006-djtest.doc file, a different issue than CVE-2006-5994 and CVE-2006-6456.
16695 CVE-2006-6539 DoS Exec Code Overflow 2006-12-14 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.
16696 CVE-2006-6535 2007-01-30 2017-10-11
9.4
None Remote Low Not required None Complete Complete
The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.
16697 CVE-2006-6515 2006-12-14 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
16698 CVE-2006-6504 94 Exec Code Mem. Corr. 2006-12-20 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
16699 CVE-2006-6490 Exec Code Overflow 2007-02-22 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the SupportSoft (1) SmartIssue (tgctlsi.dll) and (2) ScriptRunner (tgctlsr.dll) ActiveX controls, as used by Symantec Automated Support Assistant and Norton AntiVirus, Internet Security, and System Works 2006, allows remote attackers to execute arbitrary code via a crafted HTML message.
16700 CVE-2006-6473 2006-12-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.