Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-11-06 | CVE-2006-5758 | Buffer Errors vulnerability in Microsoft Windows 2000 and Windows XP The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. | 7.2 |
2006-11-06 | CVE-2006-5745 | Remote Code Execution vulnerability in Microsoft XML Core Services 4.0 Unspecified vulnerability in the setRequestHeader method in the XMLHTTP (XML HTTP) ActiveX Control 4.0 in Microsoft XML Core Services 4.0 on Windows, when accessed by Internet Explorer, allows remote attackers to execute arbitrary code via crafted arguments that lead to memory corruption, a different vulnerability than CVE-2006-4685. | 7.6 |
2006-11-06 | CVE-2006-5744 | Products Management Interface Multiple Input Validation vulnerability in Highwall Multiple SQL injection vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to execute arbitrary SQL commands via an Access Point with a crafted SSID, and via unspecified vectors related to a malicious system operator. | 7.5 |
2006-11-06 | CVE-2006-5739 | Remote Security vulnerability in Leicestershire Communityportals 1.0 PHP remote file inclusion vulnerability in cpadmin/cpa_index.php in Leicestershire communityPortals 1.0_2005-10-18_12-31-18 allows remote attackers to execute arbitrary PHP code via a URL in the cp_root_path parameter, a different vector than CVE-2006-5280. | 7.5 |
2006-11-06 | CVE-2006-5737 | Cross-Site Request Forgery vulnerability in Punbb 1.2.14 PunBB uses a predictable cookie_seed value that can be derived from the time of registration of the superadmin account (installation time), which might allow local users to perform unauthorized actions. | 7.2 |
2006-11-06 | CVE-2006-5735 | File-Upload vulnerability in Punbb Directory traversal vulnerability in include/common.php in PunBB before 1.2.14 allows remote authenticated users to include and execute arbitrary local files via a .. | 7.5 |
2006-11-06 | CVE-2006-5734 | Remote File Include vulnerability in Adaptive Technology Resource Centre Atutor 1.5.3.2 Multiple PHP remote file inclusion vulnerabilities in ATutor 1.5.3.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) section parameter in (a) documentation/common/frame_toc.php and (b) documentation/common/search.php, the (2) req_lang parameter in documentation/common/search.php and (c) documentation/common/vitals.inc.php, the (3) row[dir_name] parameter in (d) include/classes/module/module.class.php, and the (4) lang_path parameter in (e) include/classes/phpmailer/class.phpmailer.php. | 7.5 |
2006-11-06 | CVE-2006-5733 | Local File Include vulnerability in Postnuke Software Foundation Postnuke 0.762 Directory traversal vulnerability in error.php in PostNuke 0.763 and earlier allows remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2006-11-04 | CVE-2006-5723 | SQL Injection vulnerability in DataparkSearch Malformed Hostname SQL injection vulnerability in DataparkSearch Engine 4.42 and earlier allows remote attackers to execute arbitrary SQL commands via a malformed hostname in a URL. | 7.5 |
2006-11-04 | CVE-2006-5720 | SQL Injection vulnerability in PHP-Nuke Journal Module Search.PHP SQL injection vulnerability in modules/journal/search.php in the Journal module in Francisco Burzi PHP-Nuke 7.9 and earlier allows remote attackers to execute arbitrary SQL commands via the forwhat parameter. | 7.5 |