Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-10-11 | CVE-2006-5235 | Remote Security vulnerability in Dimension of phpBB PHP remote file inclusion vulnerability in includes/functions_kb.php in Dimension of phpBB 0.2.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. | 7.5 |
| 2006-10-11 | CVE-2006-5233 | Denial Of Service vulnerability in Polycom Soundpoint IP 301 1.4.1.0040 Polycom SoundPoint IP 301 VoIP Desktop Phone, firmware version 1.4.1.0040, allows remote attackers to cause a denial of service (reboot) via (1) a long URL sent to the HTTP daemon and (2) unspecified manipulations as demonstrated by the Nessus http_fingerprinting_hmap.nasl script. | 7.8 |
| 2006-10-11 | CVE-2006-5231 | Denial Of Service vulnerability in Grandstream Gxp-2000 1.1.0.5 Grandstream GXP-2000 VoIP Desktop Phone, firmware version 1.1.0.5, allows remote attackers to cause a denial of service (hang or reboot) via a large amount of ASCII data sent to port (1) 5060/UDP, (2) 5062/UDP, (3) 5064/UDP, (4) 5066/UDP, (5) 9876/UDP, or (6) 26789/UDP. | 7.8 |
| 2006-10-11 | CVE-2006-5230 | Remote File Include vulnerability in FreeForum FPath Variable PHP remote file inclusion vulnerability in forum.php in FreeForum 0.9.7 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter. | 7.5 |
| 2006-10-10 | CVE-2006-3888 | Buffer Overflow vulnerability in AOL You've Got Pictures ActiveX Controls Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. | 7.5 |
| 2006-10-10 | CVE-2006-3887 | Buffer Overflow vulnerability in AOL You've Got Pictures ActiveX Controls Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2006-10-10 | CVE-2006-4686 | Buffer Overrun vulnerability in Microsoft XML Core Services and XML Parser Buffer overflow in the Extensible Stylesheet Language Transformations (XSLT) processing in Microsoft XML Parser 2.6 and XML Core Services 3.0 through 6.0 allows remote attackers to execute arbitrary code via a crafted Web page. | 7.5 |
| 2006-10-10 | CVE-2006-5228 | SQL Injection vulnerability in Ackertodo 4.0/4.2 Multiple SQL injection vulnerabilities in the Google Gadget login.php (gadget/login.php) in Rob Hensley ackerTodo 4.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) up_login, (2) up_pass, or (3) up_num_tasks parameters. | 7.5 |
| 2006-10-10 | CVE-2006-5226 | Remote File Include vulnerability in Freenews 1.1 PHP remote file inclusion vulnerability in moteur/moteur.php in Prologin.fr Freenews 1.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 7.5 |
| 2006-10-10 | CVE-2006-5225 | SQL Injection vulnerability in Aai-Portal Aaiportal 1.3.2 Multiple SQL injection vulnerabilities in AAIportal before 1.4.0 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |