Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-13 | CVE-2006-0190 | Privilege Escalation vulnerability in SUN Solaris 10.0/9.0 Unspecified vulnerability in Sun Solaris 9 and 10 for the x86 platform allows local users to gain privileges or cause a denial of service (panic) via unspecified vectors, possibly involving functions from the mm driver. | 7.2 |
| 2006-01-13 | CVE-2006-0189 | Remote Buffer Overflow vulnerability in Estara Softphone 3.0.1.14/3.0.1.46 Buffer overflow in eStara Softphone 3.0.1.14 through 3.0.1.46 allows remote attackers to execute arbitrary code via a long attribute (aka "a") field in the SDP data of a SIP packet on UDP port 5060. | 7.5 |
| 2006-01-12 | CVE-2006-0187 | Remote Code Execution vulnerability in Microsoft Visual Studio .Net 2005 By design, Microsoft Visual Studio 2005 automatically executes code in the Load event of a user-defined control (UserControl1_Load function), which allows user-assisted attackers to execute arbitrary code by tricking the user into opening a malicious Visual Studio project file. | 5.1 |
| 2006-01-12 | CVE-2006-0185 | Modules IMG Tag HTML Injection vulnerability in PHP-Nuke News Module and Pool Module Multiple cross-site scripting vulnerabilities in the (1) Pool or (2) News Modules in Php-Nuke allow remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag. | 5.0 |
| 2006-01-12 | CVE-2006-0184 | SQL-Injection vulnerability in Asptopsites Multiple SQL injection vulnerabilities in AspTopSites allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to goto.asp or (2) password parameter to includeloginuser.asp. | 7.5 |
| 2006-01-12 | CVE-2006-0183 | Remote Security vulnerability in Acal Calendar Project 2.2.5 Direct static code injection vulnerability in edit.php in ACal Calendar Project 2.2.5 allows authenticated users to execute arbitrary PHP code via (1) the edit=header value, which modifies header.php, or (2) the edit=footer value, which modifies footer.php. | 6.5 |
| 2006-01-12 | CVE-2006-0182 | Security Bypass vulnerability in Acal Calendar Project 2.2.5 login.php in ACal Calendar Project 2.2.5 allows remote attackers to bypass authentication by setting the ACalAuthenticate cookie variable to "inside". | 7.5 |
| 2006-01-12 | CVE-2006-0181 | Unspecified vulnerability in Cisco Cs-Mars 4.1/4.1.2 Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.1.3 has an undocumented administrative account with a default password, which allows local users to gain privileges via the expert command. | 7.2 |
| 2006-01-12 | CVE-2006-0180 | HTML Injection vulnerability in Calogic Calendars 1.2.2 Cross-site scripting (XSS) vulnerability in CaLogic Calendars 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the Title field on the "Adding New Event" page, and possibly other vectors, involving iframe tags. network calogic | 4.3 |
| 2006-01-11 | CVE-2006-0179 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Cisco IP Phone 7940 The Cisco IP Phone 7940 allows remote attackers to cause a denial of service (reboot) via a large amount of TCP SYN packets (syn flood) to arbitrary ports, as demonstrated to port 80. | 5.0 |