Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-11-07 | CVE-2006-5781 | Stack Buffer Overflow vulnerability in Iodine 0.3.2 Stack-based buffer overflow in the handshake function in iodine 0.3.2 allows remote attackers to execute arbitrary code via a crafted DNS response. | 7.5 |
| 2006-11-07 | CVE-2006-5650 | Remote Code Execution vulnerability in AOL ICQ 5.1 The ICQPhone.SipxPhoneManager ActiveX control in America Online ICQ 5.1 allows remote attackers to download and execute arbitrary code via the DownloadAgent function, as demonstrated using an ICQ avatar. | 7.5 |
| 2006-11-07 | CVE-2006-5780 | Stack Buffer Overflow vulnerability in Xlink Technology Omni-Nfs Server 5.2 Stack-based buffer overflow in nfsd.exe in XLink Omni-NFS Server 5.2 allows remote attackers to execute arbitrary code via a crafted TCP packet to port 2049 (nfsd), as demonstrated by vd_xlink.pm. | 7.5 |
| 2006-11-07 | CVE-2006-5779 | Reachable Assertion vulnerability in multiple products OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | 7.5 |
| 2006-11-07 | CVE-2006-5777 | Security Bypass vulnerability in Creasito E-Commerce Content Manager Creasito E-Commerce Content Manager 1.3.08 allows remote attackers to bypass authentication and perform privileged functions via a non-empty finame parameter to (1) addnewcont.php, (2) adminpassw.php, (3) amministrazione.php, (4) artins.php, (5) bgcolor.php, (6) cancartcat.php, (7) canccat.php, (8) cancelart.php, (9) cancontsit.php, (10) chanpassamm.php, (11) dele.php, (12) delecat.php, (13) delecont.php, (14) emailall.php, (15) gestflashtempl.php, (16) gestmagart.php, (17) gestmagaz.php, (18) gestpre.php, (19) input.php, (20) input3.php, (21) insnucat.php, (22) instempflash.php, (23) mailfc.php, (24) modfdati.php, (25) rescont4.php, (26) ricordo1.php, (27) ricordo4.php, (28) tabcatalg.php, (29) tabcont.php, (30) tabcont3.php, (31) tabstile.php, (32) tabstile3.php, (33) testimmg.php, and (34) update.php in admin/. | 7.5 |
| 2006-11-06 | CVE-2006-5772 | SQL-Injection vulnerability in FreeWebshop Multiple SQL injection vulnerabilities in index.php in FreeWebshop 2.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) password and (2) prod parameter. | 7.5 |
| 2006-11-06 | CVE-2006-5768 | Remote File Include vulnerability in Cyberfolio Multiple PHP remote file inclusion vulnerabilities in Cyberfolio 2.0 RC1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the av parameter to (1) msg/view.php, (2) msg/inc_message.php, (3) msg/inc_envoi.php, and (4) admin/incl_voir_compet.php. | 7.5 |
| 2006-11-06 | CVE-2006-5766 | Remote File Include vulnerability in Article System Article System 0.6 PHP remote file inclusion vulnerability in volume.php in Article System 0.6 allows remote attackers to execute arbitrary PHP code via a URL in the config[public_dir] parameter. | 7.5 |
| 2006-11-06 | CVE-2006-5764 | Code Injection vulnerability in Free PHP Scripts Free File Hosting PHP remote file inclusion vulnerability in contact.php in Free File Hosting 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the AD_BODY_TEMP parameter. | 7.5 |
| 2006-11-06 | CVE-2006-5760 | Remote File Include vulnerability in PHPDynaSite Multiple PHP remote file inclusion vulnerabilities in phpDynaSite 3.2.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the racine parameter to (1) function_log.php, (2) function_balise_url.php, or (3) connection.php. | 7.5 |