Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-30 | CVE-2006-4398 | Multiple Security vulnerability in Apple Mac OS X 2006-007 Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests. | 7.2 |
| 2006-11-30 | CVE-2006-6172 | Remote Buffer Overflow vulnerability in Xine-Lib RuleMatches Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches. | 7.5 |
| 2006-11-30 | CVE-2006-6170 | Remote Buffer Overflow vulnerability in ProFTPD MOD_TLS Buffer overflow in the tls_x509_name_oneline function in the mod_tls module, as used in ProFTPD 1.3.0a and earlier, and possibly other products, allows remote attackers to execute arbitrary code via a large data length argument, a different vulnerability than CVE-2006-5815. | 7.5 |
| 2006-11-29 | CVE-2006-4099 | Unspecified vulnerability in Businessobjects Crystal Enterprise 10/9 Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values. | 7.5 |
| 2006-11-29 | CVE-2006-6168 | Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware tiki-register.php in TikiWiki before 1.9.7 allows remote attackers to trigger "notification-spam" via certain vectors such as a comma-separated list of addresses in the email field, related to lack of "a minimal check on email." | 7.5 |
| 2006-11-29 | CVE-2006-6164 | Local Environment Variable Clearing vulnerability in Openbsd 3.9/4.0 The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges. | 7.2 |
| 2006-11-28 | CVE-2006-6161 | SQL Injection vulnerability in Liberum Help Desk 'forgotpass.asp' Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk 0.97.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) uid parameter to (a) inout/status.asp, (b) inout/update.asp, and (c) forgotpass.asp. | 7.5 |
| 2006-11-28 | CVE-2006-6160 | SQL Injection vulnerability in Doug Luxem Liberum Help Desk 0.97.3 SQL injection vulnerability in details.asp in Doug Luxem Liberum Help Desk 0.97.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6157 | SQL Injection vulnerability in Michaelis Freunde Contentnow SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. | 7.5 |
| 2006-11-28 | CVE-2006-6155 | SQL-Injection vulnerability in Hiox Star Rating System Script Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. | 7.5 |