Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-02-17 | CVE-2006-0739 | Denial of Service vulnerability in eStara Softphone eStara SIP softphone allows remote attackers to cause a denial of service (crash) via an INVITE request with a Content-Length field that has more than 9 digits. | 5.0 |
2006-02-17 | CVE-2006-0738 | Denial of Service vulnerability in eStara Softphone Multiple format string vulnerabilities in eStara SIP softphone allow remote attackers to cause a denial of service (hang) via SIP INVITE requests with format string specifiers in the SDP session description, as demonstrated using (1) the field name, (2) the o field (owner/creator and session identifier), or (3) the m field (media name and transport address). | 5.0 |
2006-02-17 | CVE-2006-0737 | Denial of Service vulnerability in eStara Softphone eStara SIP softphone allows remote attackers to cause a denial of service (crash) via a SIP OPTIONS request with a negative Expires field. | 5.0 |
2006-02-17 | CVE-2006-0460 | Buffer Overflow vulnerability in BomberClone Error Messages Multiple buffer overflows in BomberClone before 0.11.6.2 allow remote attackers to execute arbitrary code via long error messages. | 7.5 |
2006-02-16 | CVE-2006-0679 | SQL Injection vulnerability in Francisco Burzi PHP-Nuke EV 7.8 SQL injection vulnerability in index.php in the Your_Account module in PHP-Nuke 7.8 and earlier allows remote attackers to execute arbitrary SQL commands via the username variable (Nickname field). | 7.5 |
2006-02-16 | CVE-2006-0735 | HTML Injection vulnerability in My Blog BBCode Cross-site scripting (XSS) vulnerability in BBcode.pm in M. | 4.3 |
2006-02-16 | CVE-2006-0734 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Valve Software Half-Life Cstrike Dedicated Server The SV_CheckForDuplicateNames function in Valve Software Half-Life CSTRIKE Dedicated Server 1.6 and earlier allows remote authenticated users to cause a denial of service (infinite loop and daemon hang) via a backslash character at the end of a connection string to UDP port 27015. | 4.0 |
2006-02-16 | CVE-2006-0732 | Remote Arbitrary File Access And Deletion vulnerability in SAP Business Connector 4.6/4.7 Directory traversal vulnerability in SAP Business Connector (BC) 4.6 and 4.7 allows remote attackers to read or delete arbitrary files via the fullName parameter to (1) sapbc/SAP/chopSAPLog.dsp or (2) invoke/sap.monitor.rfcTrace/deleteSingle. | 6.4 |
2006-02-16 | CVE-2006-0731 | Unspecified vulnerability in SAP Business Connector WmRoot/adapter-index.dsp in SAP Business Connector Core Fix 7 and earlier allows remote attackers to conduct spoofing (phishing) attacks via an absolute URL in the url parameter, which loads the URL inside a frame. | 4.0 |
2006-02-16 | CVE-2006-0730 | Denial of Service vulnerability in Dovecot Double Free Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (2) dovecot-auth and (3) imap/pop3-login. | 5.0 |