Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2007-02-09 | CVE-2006-6990 | Remote Security vulnerability in Advanced Search Technologies Inc. Enigma Browser 3.8.8 Cross-domain vulnerability in Enigma Browser 3.8.8 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6989 | Remote Security vulnerability in Netcaptor 4.5.7Personal Cross-domain vulnerability in NetCaptor 4.5.7 Personal Edition allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6988 | Remote Security vulnerability in Flashpeak Slim Browser 4.07Build100 Cross-domain vulnerability in Slim Browser 4.07 build 100 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6987 | Remote Security vulnerability in Softinform Finebrowser Freeware3.2.2 Cross-domain vulnerability in FineBrowser Freeware 3.2.2 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-09 | CVE-2006-6986 | Remote Security vulnerability in Phaseout 5.4.4 Cross-domain vulnerability in PhaseOut 5.4.4 allows remote attackers to access restricted information from other domains via an object tag with a data parameter that references a link on the attacker's originating site that specifies a Location HTTP header that references the target site, which then makes that content available through the outerHTML attribute of the object, a similar vulnerability to CVE-2006-3280. | 7.8 |
2007-02-08 | CVE-2007-0856 | Local Privilege Escalation vulnerability in Trend Micro AntiVirus Scan Engine TMComm TmComm.sys 1.5.0.1052 in the Trend Micro Anti-Rootkit Common Module (RCM), with the VsapiNI.sys 3.320.0.1003 scan engine, as used in Trend Micro PC-cillin Internet Security 2007, Antivirus 2007, Anti-Spyware for SMB 3.2 SP1, Anti-Spyware for Consumer 3.5, Anti-Spyware for Enterprise 3.0 SP2, Client / Server / Messaging Security for SMB 3.5, Damage Cleanup Services 3.2, and possibly other products, assigns Everyone write permission for the \\.\TmComm DOS device interface, which allows local users to access privileged IOCTLs and execute arbitrary code or overwrite arbitrary memory in the kernel context. | 7.2 |
2007-02-08 | CVE-2007-0854 | Code Injection vulnerability in Cpanel Webhost Manager Remote file inclusion vulnerability in scripts2/objcache in cPanel WebHost Manager (WHM) allows remote attackers to execute arbitrary code via a URL in the obj parameter. | 7.5 |
2007-02-08 | CVE-2007-0853 | SQL-Injection vulnerability in Techexcel Inc. Devtrack 6.0.3 SQL injection vulnerability in DevTrack 6.0.3 allows remote attackers to execute arbitrary SQL commands via the Username form field. | 7.5 |
2007-02-08 | CVE-2007-0850 | Local File Include vulnerability in SYSCP System Control Panel Panel_CronScript Table scripts/cronscript.php in SysCP 1.2.15 and earlier includes and executes arbitrary PHP scripts that are referenced by the panel_cronscript table in the SysCP database, which allows attackers with database write privileges to execute arbitrary code by constructing a PHP file and adding its filename to this table. | 7.5 |
2007-02-08 | CVE-2007-0849 | Unspecified vulnerability in Syscp Team Syscp scripts/cronscript.php in SysCP 1.2.15 and earlier does not properly quote pathnames in user home directories, which allows local users to gain privileges by placing shell metacharacters in a directory name, and then using the control panel to protect this directory, a different vulnerability than CVE-2005-2568. | 7.2 |