Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-13 | CVE-2006-5585 | Permissions, Privileges, and Access Controls vulnerability in Microsoft Windows 2003 Server and Windows XP The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." | 7.2 |
| 2006-12-13 | CVE-2006-5584 | Remote Installation Service Remote Code Execution vulnerability in Microsoft Windows 2000 The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. | 7.5 |
| 2006-12-12 | CVE-2006-6486 | SQL-Injection vulnerability in EasyPage SQL injection vulnerability in EasyPage allows remote attackers to execute arbitrary SQL commands via unspecified vectors in sptrees/default.aspx, possibly involving the docId parameter. | 7.5 |
| 2006-12-12 | CVE-2006-6478 | Input Validation vulnerability in Scriptphp Annoncescripthp 2.0 Multiple SQL injection vulnerabilities in AnnonceScriptHP 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) email.php, the (2) no parameter in (b) voirannonce.php, the (3) idmembre parameter in (c) admin/admin_membre/fiche_membre.php, and the (4) idannonce parameter in (d) admin/admin_annonce/okvalannonce.php and (e) admin/admin_annonce/changeannonce.php. | 7.5 |
| 2006-12-12 | CVE-2006-5873 | Denial of Service vulnerability in L2TPNS Heartbeat Handling Buffer overflow in the cluster_process_heartbeat function in cluster.c in layer 2 tunneling protocol network server (l2tpns) before 2.1.21 allows remote attackers to cause a denial of service via a large heartbeat packet. | 7.8 |
| 2006-12-11 | CVE-2006-6462 | Code Injection vulnerability in Cm68 News Cm68 News 12.02.06 PHP remote file inclusion vulnerability in engine/oldnews.inc.php in CM68 News 12.02.06 allows remote attackers to execute arbitrary PHP code via a URL in the addpath parameter. | 7.5 |
| 2006-12-11 | CVE-2006-6461 | Remote Security vulnerability in Stylish Text Ads Script tr1.php in Yourfreeworld Stylish Text Ads Script allows remote attackers to obtain the installation path via an invalid id parameter, which leaks the path in an error message. | 7.8 |
| 2006-12-11 | CVE-2006-6458 | Remote Denial Of Service vulnerability in Trend Micro products The Trend Micro scan engine before 8.320 for Windows and before 8.150 on HP-UX and AIX, as used in Trend Micro PC Cillin - Internet Security 2006, Office Scan 7.3, and Server Protect 5.58, allows remote attackers to cause a denial of service (CPU consumption and system hang) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero, which triggers an infinite loop. | 7.8 |
| 2006-12-10 | CVE-2006-6455 | SQL Injection vulnerability in DUDirectory Multiple SQL injection vulnerabilities in admin/default.asp in DUware DUdirectory 3.1, and possibly DUdirectory Pro and Pro SQL 3.x, allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password parameter. | 7.5 |
| 2006-12-10 | CVE-2006-6450 | SQL Injection vulnerability in Novell Zenworks Patch Management Server 6.3.2.700 Multiple SQL injection vulnerabilities in dagent/downloadreport.asp in Novell ZENworks Patch Management (ZPM) before 6.3.2.700 allow remote attackers to execute arbitrary SQL commands via the (1) agentid and (2) pass parameters. | 7.5 |