Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-21 | CVE-2006-6690 | Remote Command Execution vulnerability in Typo3 Class.TX_RTEHTMLArea_PI1.PHP rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | 7.5 |
| 2006-12-21 | CVE-2006-6689 | Code Injection vulnerability in Paristemi Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. | 7.5 |
| 2006-12-21 | CVE-2006-6688 | Input Validation vulnerability in Web-App.Org and Web-App.Net Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. | 7.5 |
| 2006-12-21 | CVE-2006-6685 | Buffer Errors vulnerability in Pedro Lineu Orso Chetcpasswd 2.3.3 Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. | 7.2 |
| 2006-12-21 | CVE-2006-6684 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pedro Lineu Orso Chetcpasswd Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. | 7.5 |
| 2006-12-21 | CVE-2006-6683 | Permissions, Privileges, and Access Controls vulnerability in Pedro Lineu Orso Chetcpasswd Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM. | 7.8 |
| 2006-12-21 | CVE-2006-6681 | Resource Management Errors vulnerability in Chetcpasswd 2.3.3 Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack. | 7.5 |
| 2006-12-21 | CVE-2006-6679 | Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. | 7.5 |
| 2006-12-21 | CVE-2006-6678 | Remote Arbitrary Command Execution vulnerability in Netrik 1.15.2 The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | 7.5 |
| 2006-12-21 | CVE-2006-6672 | SQL-Injection vulnerability in Maxiasp Burak Yilmaz Download Portal 0 Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. | 7.5 |