Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-12 | CVE-2006-6483 | Cross-Site Scripting vulnerability in ColdFusion MX Adobe ColdFusion MX 7.x before 7.0.2 does not properly filter HTML tags when protecting against cross-site scripting (XSS) attacks, which allows remote attackers to inject arbitrary web script or HTML via a NULL byte (%00) in certain HTML tags, as demonstrated using "%00script" in a tag. | 2.6 |
| 2006-12-12 | CVE-2006-6482 | Input Validation vulnerability in Adobe Coldfusion 7.0 Adobe ColdFusion MX7 allows remote attackers to obtain sensitive information via a URL request (1) for a non-existent (a) JWS, (b) CFM, (c) CFML, or (d) CFC file, which displays the installation path in the resulting error message; or (2) to /CFIDE/administrator/login.cfm without a host, which can reveal the server's internal IP address in an HREF tag. | 5.0 |
| 2006-12-12 | CVE-2006-6335 | Buffer Overflow vulnerability in Sophos Anti-Virus 2.3 Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll. | 10.0 |
| 2006-12-12 | CVE-2006-5583 | Remote Code Execution vulnerability in Microsoft Windows 2003 Server 2000/Sp1/Xpsp2 Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability." | 10.0 |
| 2006-12-12 | CVE-2006-5581 | Unspecified vulnerability in Microsoft Internet Explorer Unspecified vulnerability in Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code via certain DHTML script functions, such as normalize, and "incorrectly created elements" that trigger memory corruption, aka "DHTML Script Function Memory Corruption Vulnerability." | 9.3 |
| 2006-12-12 | CVE-2006-5579 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 6 Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using JavaScript to cause certain errors simultaneously, which results in the access of previously freed memory, aka "Script Error Handling Memory Corruption Vulnerability." | 9.3 |
| 2006-12-12 | CVE-2006-5578 | Information Disclosure vulnerability in Microsoft Internet Explorer Drag and Drop TIF Folder Microsoft Internet Explorer 6 and earlier allows remote attackers to read Temporary Internet Files (TIF) and obtain sensitive information via unspecified vectors involving certain drag and drop operations, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5577. | 2.6 |
| 2006-12-12 | CVE-2006-5577 | Information Disclosure vulnerability in Microsoft Internet Explorer Object Tag TIF Folder Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. network microsoft | 4.3 |
| 2006-12-12 | CVE-2006-6423 | Remote Buffer Overflow vulnerability in MailEnable IMAP Service Login Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix. | 10.0 |
| 2006-12-12 | CVE-2006-6481 | Denial Of Service vulnerability in Clam Anti-Virus Clamav 0.88.6 Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. | 5.0 |