Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-21 | CVE-2006-6024 | Buffer Overflow vulnerability in Qualcomm Eudora Worldmail 3.0Version6.1.22.0 Multiple buffer overflows in Eudora Worldmail, possibly Worldmail 3 version 6.1.22.0, have unknown impact and attack vectors, as demonstrated by the (1) "Eudora WorldMail stack overflow" and (2) "Eudora WorldMail heap overflow" modules in VulnDisco Pack. | 7.5 |
| 2006-11-21 | CVE-2006-6021 | Input Validation vulnerability in BestWebApp Dating Site SQL injection vulnerability in the login component in BestWebApp Dating Site allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) passwd parameters. | 7.5 |
| 2006-11-21 | CVE-2006-6014 | Local Security vulnerability in Netbsd Current The NetBSD-current kernel before 20061028 does not properly perform bounds checking of an unspecified userspace parameter in the ptrace system call during a PT_DUMPCORE request, which allows local users to have an unknown impact. | 7.2 |
| 2006-11-21 | CVE-2006-5991 | SQL-Injection vulnerability in CactuShop Multiple SQL injection vulnerabilities in wwweb concepts CactuShop allow remote attackers to execute arbitrary SQL commands via the (1) prodtype parameter in prodtype.asp and the (2) product parameter in product.asp. | 7.5 |
| 2006-11-20 | CVE-2006-5987 | SQL Injection vulnerability in Aspintranet 1.2 SQL injection vulnerability in default.asp in ASPintranet, possibly 1.2, allows remote attackers to execute arbitrary SQL commands via the a parameter. | 7.5 |
| 2006-11-20 | CVE-2006-5977 | SQL-Injection vulnerability in MultiCalendars Multiple SQL injection vulnerabilities in MultiCalendars allow remote attackers to execute arbitrary SQL commands via the (1) M or (2) Y parameter to rss_out.asp, or the (3) cate parameter to all_calendars.asp. | 7.5 |
| 2006-11-20 | CVE-2006-5976 | Input Validation vulnerability in Drumster Blogme 3.0 Multiple SQL injection vulnerabilities in admin_login.asp in BlogMe 3.0 allow remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password field. | 7.5 |
| 2006-11-18 | CVE-2006-4413 | Remote Desktop Insecure Default Package Permission vulnerability in Apple Remote Desktop 2.0/2.1/3.0 Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. | 7.2 |
| 2006-11-17 | CVE-2006-5962 | SQL-Injection vulnerability in Hpecs Shopping Cart Multiple SQL injection vulnerabilities in Hpecs Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields in the (a) login screen, and (3) searchstring parameter in (b) insearch_list.asp. | 7.5 |
| 2006-11-17 | CVE-2006-5961 | Buffer Overflow vulnerability in Pegasus Mercury Mail Transport System 4.0.1B Buffer overflow in Mercury Mail Transport System 4.01b for Windows has unknown impact and attack vectors, as originally reported in a GLEG VulnDisco pack. | 7.5 |