Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-23 | CVE-2006-0859 | Permissions, Privileges, and Access Controls vulnerability in Michael Salzer Guestbox 0.6 Michael Salzer Guestbox 0.6, and other versions before 0.8, allows remote attackers to post an admin comment to a guestbook entry via a certain modified form, possibly related to the nummer parameter. | 5.0 |
| 2006-02-23 | CVE-2006-0858 | Local Privilege Escalation vulnerability in Safe'n'Sec Path Specification Unquoted Windows search path vulnerability in (1) snsmcon.exe, (2) the autostartup mechanism, and (3) an unspecified installation component in StarForce Safe'n'Sec Personal + Anti-Spyware 2.0 and earlier, and possibly other StarForce Safe'n'Sec products, might allow local users to gain privileges via a malicious "program" file in the C: folder. | 7.2 |
| 2006-02-23 | CVE-2006-0857 | Cross-Site Scripting vulnerability in E107 Chatbox Plugin and E107 Cross-site scripting (XSS) vulnerability in Chatbox Plugin 1.0 in e107 0.7.2 allows remote attackers to inject arbitrary HTML or web script via a Chatbox, as demonstrated using a SCRIPT element. | 4.3 |
| 2006-02-23 | CVE-2006-0856 | SQL Injection vulnerability in Scriptme SME GB Host 1.21 SQL injection vulnerability in login.php in Scriptme SmE GB Host 1.21 allows remote attackers to execute arbitrary SQL commands and bypass authentication via the Username parameter. | 7.5 |
| 2006-02-23 | CVE-2006-0855 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Rahul Dhesi ZOO Stack-based buffer overflow in the fullpath function in misc.c for zoo 2.10 and earlier, as used in products such as Barracuda Spam Firewall, allows user-assisted attackers to execute arbitrary code via a crafted ZOO file that causes the combine function to return a longer string than expected. | 5.1 |
| 2006-02-23 | CVE-2006-0720 | Buffer Overflow vulnerability in Nullsoft Winamp M3U File Processing Stack-based buffer overflow in Nullsoft Winamp 5.12 and 5.13 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted .m3u file that causes an incorrect strncpy function call when the player pauses or stops the file. | 7.6 |
| 2006-02-23 | CVE-2006-0812 | Local Privilege Escalation vulnerability in VisNetic AntiVirus The VisNetic AntiVirus Plug-in (DKAVUpSch.exe) for Mail Server 4.6.0.4, 4.6.1.1, and possibly other versions before 4.6.1.2, does not drop privileges before executing other programs, which allows local users to gain privileges. | 7.2 |
| 2006-02-23 | CVE-2006-0803 | The signature verification functionality in the YaST Online Update (YOU) script handling relies on a gpg feature that is not intended for signature verification, which prevents YOU from detecting malicious scripts or code that do not pass the signature check when gpg 1.4.x is being used. | 5.0 |
| 2006-02-23 | CVE-2006-0854 | Code Injection vulnerability in Intensive Point Iuser Ecommerce PHP remote file inclusion vulnerability in common.php in Intensive Point iUser Ecommerce allows remote attackers to include arbitrary files via a URL in the include_path variable, which is not initialized before being used. | 7.5 |
| 2006-02-23 | CVE-2006-0853 | Remote Buffer Overflow vulnerability in Truenorth Software IA Emailserver Corporate5.3.4 Buffer overflow in the IMAP service of TrueNorth Internet Anywhere (IA) eMailserver 5.3.4 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long SEARCH argument. | 6.5 |