Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-23 | CVE-2007-1086 | Local Privilege Escalation vulnerability in IBM DB2 Universal Database Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access." | 7.2 |
| 2007-02-23 | CVE-2006-5877 | Denial Of Service vulnerability in Enigmail Memory Allocation The enigmail extension before 0.94.2 does not properly handle large, encrypted file e-mail attachments, which allows remote attackers to cause a denial of service (crash), as demonstrated with Mozilla Thunderbird. | 7.8 |
| 2007-02-23 | CVE-2007-1085 | Unspecified vulnerability in Google Desktop Cross-site scripting (XSS) vulnerability in Google Desktop allows remote attackers to bypass protection schemes and inject arbitrary web script or HTML, and possibly gain full access to the system, by using an XSS vulnerability in google.com to extract the signature for the internal web server, then calling the "under" parameter in Advanced Search with the proper signature. | 7.6 |
| 2007-02-23 | CVE-2006-7041 | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 The SMTP service in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (infinite loop) via a message in which neither the originator nor recipient address is known. | 7.8 |
| 2007-02-23 | CVE-2006-7040 | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 Unspecified vulnerability in MERCUR Messaging 2005 before Service Pack 4 allows remote attackers to cause a denial of service (crash) via a TOP command to the POP3 service. | 7.8 |
| 2007-02-23 | CVE-2006-7038 | Remote Denial Of Service vulnerability in Atrium Software Mercur Messaging 2005 5.0Sp3 Multiple buffer overflows in MERCUR Messaging 2005 before Service Pack 4 allow remote attackers to cause a denial of service (crash) via (1) "long command lines at port 32000" and (2) certain name service queries that are not properly handled by the SMTP service. | 7.8 |
| 2007-02-23 | CVE-2006-7035 | Denial-Of-Service vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0 Directory traversal vulnerability in make_thumbnail.php in Super Link Exchange Script 1.0 allows remote attackers to read arbitrary files via ".." sequences in the imgpath parameter. | 7.8 |
| 2007-02-23 | CVE-2006-7034 | SQL-Injection vulnerability in Super Link Exchange Script Super Link Exchange Script 1.0 SQL injection vulnerability in directory.php in Super Link Exchange Script 1.0 might allow remote attackers to execute arbitrary SQL queries via the cat parameter. network low complexity apple hp ibm linux microsoft santa-cruz-operation sun windriver super-link-exchange-script | 7.5 |
| 2007-02-23 | CVE-2006-7028 | Denial-Of-Service vulnerability in Solaris Single CPU Sun systems running Solaris 7, 8, or 9, such as Netra, allows remote attackers to cause a denial of service (console hang) via a flood of small TCP/IP packets. | 7.8 |
| 2007-02-23 | CVE-2006-7025 | SQL Injection vulnerability in Sangwan KIM Bookmark4U 2.0/2.1 SQL injection vulnerability in admin/config.php in Bookmark4U 2.0 and 2.1 allows remote attackers to inject arbitrary SQL command via the sqlcmd parameter. | 7.5 |