Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-01-25 | CVE-2006-0224 | Local Buffer Overflow vulnerability in Eterm LibAST Library Buffer overflow in Library of Assorted Spiffy Things (LibAST) 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument (alternative configuration file name). | 4.6 |
2006-01-24 | CVE-2006-0321 | Improper Input Validation vulnerability in Fetchmail 6.3.0/6.3.1 fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster. | 5.0 |
2006-01-23 | CVE-2006-0378 | Cross-Site Scripting vulnerability in Netrix X-Site Manager Product_Details.PHP Cross-site scripting (XSS) vulnerability in Netrix X-Site Manager allows remote attackers to inject arbitrary web script or HTML via the product_id parameter, as originally demonstrated for a custom mp3players_details.php program. network netrix | 4.3 |
2006-01-22 | CVE-2006-0376 | Remote Security vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP The 802.11 wireless client in certain operating systems including Windows 2000, Windows XP, and Windows Server 2003 does not warn the user when (1) it establishes an association with a station in ad hoc (aka peer-to-peer) mode or (2) a station in ad hoc mode establishes an association with it, which allows remote attackers to put unexpected wireless communication into place. | 7.5 |
2006-01-22 | CVE-2006-0375 | Remote vulnerability in Advantage Century Telecommunication P202S 1.01.21Firmware1.1.21 Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 on VxWorks uses a hardcoded Network Time Protocol (NTP) server in Taiwan, which could allow remote attackers to provide false time information, block access to time information, or conduct other attacks. | 5.0 |
2006-01-22 | CVE-2006-0374 | Improper Authentication vulnerability in Advantage Century Telecommunication P202S 1.01.21Firmware1.1.21 Advantage Century Telecommunication (ACT) P202S IP Phone 1.01.21 running firmware 1.1.21 has multiple undocumented ports available, which (1) might allow remote attackers to obtain sensitive information, such as memory contents and internal operating-system data, by directly accessing the VxWorks WDB remote debugging ONCRPC (aka wdbrpc) on UDP 17185, (2) reflect network data using echo (TCP 7), or (3) gain access without authentication using rlogin (TCP 513). | 7.5 |
2006-01-22 | CVE-2006-0373 | Cross-Site Scripting vulnerability in Douran FollowWeb Portal Register.ASPX Cross-site scripting (XSS) vulnerability in register.aspx in Douran FollowWeb allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors. network douran | 4.3 |
2006-01-22 | CVE-2006-0372 | SQL Injection vulnerability in Insane Visions Blogphp 1.0 Multiple SQL injection vulnerabilities in config.php in Insane Visions BlogPHP, possibly 1.0, allow remote attackers to execute arbitrary SQL commands via the (1) blogphp_username or (2) blogphp_password parameter in a cookie. | 7.5 |
2006-01-22 | CVE-2006-0368 | Remote Denial Of Service vulnerability in Cisco CallManager Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allow remote attackers to (1) cause a denial of service (CPU and memory consumption) via a large number of open TCP connections to port 2000 and (2) cause a denial of service (fill the Windows Service Manager communication queue) via a large number of TCP connections to port 2001, 2002, or 7727. | 7.8 |
2006-01-22 | CVE-2006-0367 | Remote Privilege Escalation vulnerability in Cisco CallManager CCMAdmin Unspecified vulnerability in Cisco CallManager 3.2 and earlier, 3.3 before 3.3(5)SR1, 4.0 before 4.0(2a)SR2c, and 4.1 before 4.1(3)SR2 allows remote authenticated users with read-only administrative privileges to obtain full administrative privileges via a "crafted URL on the CCMAdmin web page." | 6.5 |