Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-18 | CVE-2006-0762 | Local Security vulnerability in Winability Folder Guard 4.11 WinAbility Folder Guard 4.11 allows local users to gain unauthorized access to certain capabilities of the application by renaming or moving the password file (FGuard.FGP), which disables the password requirement. | 4.6 |
2006-02-18 | CVE-2006-0761 | Buffer Overflow vulnerability in BlackBerry Enterprise Server Malformed Word Attachment Buffer overflow in BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server 2.2 and 4.0 before SP3 Hotfix 4 for IBM Lotus Domino, 3.6 before SP7 and 5.0 before SP3 Hotfix 3 for Microsoft Exchangem, and 4.0 for Novell GroupWise before SP3 Hotfix 1 might allow user-assisted remote attackers to execute arbitrary code on the server via a crafted Microsoft Word document that is opened on a wireless device. | 5.1 |
2006-02-18 | CVE-2006-0760 | Information Disclosure vulnerability in lightrpd LightTPD 1.4.8 and earlier, when the web root is on a case-insensitive filesystem, allows remote attackers to bypass URL checks and obtain sensitive information via file extensions with unexpected capitalization, as demonstrated by a request for index.PHP when the configuration invokes the PHP interpreter only for ".php" names. | 2.6 |
2006-02-18 | CVE-2006-0759 | Unspecified vulnerability in Hivemail Multiple SQL injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts; and allow remote authenticated users to execute arbitrary SQL commands via (11) the folderid parameter in index.php and (12) possibly other parameters in certain other scripts, because $_SERVER['PHP_SELF'] is improperly handled. | 7.5 |
2006-02-18 | CVE-2006-0758 | Unspecified vulnerability in Hivemail Multiple cross-site scripting (XSS) vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to inject arbitrary web script or HTML via a URL encoded expression in the query string in (1) index.php and (2) possibly certain other scripts, which is not properly cleansed when accessed from the $_SERVER['PHP_SELF'] variable. network hivemail | 4.3 |
2006-02-18 | CVE-2006-0757 | Unspecified vulnerability in Hivemail Multiple eval injection vulnerabilities in HiveMail 1.3 and earlier allow remote attackers to execute arbitrary PHP code via (1) the contactgroupid parameter in addressbook.update.php, (2) the messageid parameter in addressbook.add.php, (3) the folderid parameter in folders.update.php, and possibly certain parameters in (4) calendar.event.php, (5) index.php, (6) pop.download.php, (7) read.bounce.php, (8) rules.block.php, (9) language.php, and (10) certain other scripts, as demonstrated by an addressbook.update.php request with a contactgroupid value of phpinfo() preceded by facilitators. | 7.5 |
2006-02-18 | CVE-2006-0753 | Denial-Of-Service vulnerability in Microsoft IE 6 Memory leak in Microsoft Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to cause a denial of service (memory consumption) via JavaScript that uses setInterval to repeatedly call a function to set the value of window.status. | 2.6 |
2006-02-18 | CVE-2006-0752 | Remote Virtual Host Detection vulnerability in Honeyd IP Reassembly Niels Provos Honeyd before 1.5 replies to certain illegal IP packet fragments that other IP stack implementations would drop, which allows remote attackers to identify IP addresses that are being simulated using honeyd. | 5.0 |
2006-02-18 | CVE-2006-0751 | Remote Security vulnerability in Noofs Team Network Object Oriented File System 0.7/0.8/0.8.1 Multiple unspecified vulnerabilities in the (1) Filesystem in USErspace (FUSE) client and (2) NOOFS daemon in in Network Object Oriented File System (NOOFS) before 0.9.0 have unspecified impact and attack vectors. | 10.0 |
2006-02-18 | CVE-2006-0750 | SQL Injection vulnerability in Supersmashbrothers Army System 2.1.0Foripb SQL injection vulnerability in army.php in supersmashbrothers (SSB) Army System 2.1.0 for Invision Power Board (IPB) allows remote attackers to execute arbitrary SQL commands via the userstat parameter in an army action to index.php. | 7.5 |