Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-12-10 | CVE-2006-6427 | OS Command Injection vulnerability in Xerox Workcentre 12.060.17.000/13.060.17.000/14.060.17.000 The Web User Interface in Xerox WorkCentre and WorkCentre Pro before 12.060.17.000, 13.x before 13.060.17.000, and 14.x before 14.060.17.000 allows remote attackers to execute arbitrary commands via unspecified vectors involving "command injection" in (1) the TCP/IP hostname, (2) Scan-to-mailbox folder names, and (3) certain parameters in the Microsoft Networking configuration. | 7.5 |
| 2006-12-10 | CVE-2006-6419 | Local File-Include vulnerability in JCE Admin Component for Joomla jce.php in the JCE Admin Component in Ryan Demmer Joomla Content Editor (JCE) 1.1.0 beta 2 and earlier for Joomla! (com_jce) allows remote attackers to include and possibly execute arbitrary local files via the (1) plugin or (2) file parameter. | 7.5 |
| 2006-12-10 | CVE-2006-6418 | Buffer Errors vulnerability in HP Tru64 4.0F/4.0G/5.1A Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable. | 7.2 |
| 2006-12-10 | CVE-2006-6417 | Remote File Include vulnerability in B2Evolution 1.8.5/1.9/1.9Beta PHP remote file inclusion vulnerability in inc/CONTROL/import/import-mt.php in b2evolution 1.8.5 through 1.9 beta allows remote attackers to execute arbitrary PHP code via a URL in the inc_path parameter. | 7.5 |
| 2006-12-10 | CVE-2006-6416 | Remote File Include vulnerability in PHPleague - Univert PHPleague 0.8.1 Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to (1) consult/miniseul.php or (2) config.php. | 7.5 |
| 2006-12-10 | CVE-2006-6414 | SQL Injection vulnerability in Dol Storye Dettaglio.ASP Multiple SQL injection vulnerabilities in dettaglio.asp in dol storye allow remote attackers to execute arbitrary SQL commands via the (1) id_doc or (2) id_aut parameter. | 7.5 |
| 2006-12-10 | CVE-2006-6332 | Remote Buffer Overflow vulnerability in Madwifi 0.9.2.1 Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions. | 7.5 |
| 2006-12-10 | CVE-2006-6411 | Denial Of Service vulnerability in Linksys WIP 330 Wireless-G IP Phone 1.0.6A PhoneCtrl.exe in Linksys WIP 330 Wireless-G IP Phone 1.00.06A allows remote attackers to cause a denial of service (crash) via a TCP SYN scan, as demonstrated using TCP ports 1-65535 with nmap. | 7.8 |
| 2006-12-10 | CVE-2006-6402 | SQL Injection vulnerability in Mystats SQL injection vulnerability in mystats.php in MyStats 1.0.8 and earlier allows remote attackers to execute arbitrary SQL commands via the details parameter. | 7.5 |
| 2006-12-10 | CVE-2006-6221 | Unspecified vulnerability in 2X Thinclientserver 3.0 2X ThinClientServer Enterprise Edition before 4.0.2248 allows remote attackers to create multiple privileged accounts via a replay attack using the initial account creation request. | 7.5 |