Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-10-10 | CVE-2006-5170 | Improper Handling of Exceptional Conditions vulnerability in multiple products pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the pam_authenticate function to return a success code even if authentication has failed, as originally reported for xscreensaver. | 7.5 |
2006-10-10 | CVE-2006-5143 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service. | 7.5 |
2006-10-10 | CVE-2006-5142 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Broadcom Brightstor Arcserve Backup 11.5 Stack-based buffer overflow in CA BrightStor ARCserve Backup R11.5 client and server allows remote attackers to execute arbitrary code via long messages to the CheyenneDS Mailslot. | 7.5 |
2006-10-10 | CVE-2006-4997 | Use After Free vulnerability in multiple products The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | 7.5 |
2006-10-05 | CVE-2006-5166 | Remote File Include vulnerability in PHP Web Scripts Easy Banner Functions.PHP PHP remote file inclusion vulnerability in functions.php in PHP Web Scripts Easy Banner Free allows remote attackers to execute arbitrary PHP code via a URL in the s[phppath] parameter. | 7.5 |
2006-10-05 | CVE-2006-5158 | Improper Locking vulnerability in multiple products The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. | 7.5 |
2006-10-05 | CVE-2006-5155 | Remote File Include vulnerability in Videodb 2.0.0/2.0.2/2.2.1 PHP remote file inclusion vulnerability in core/pdf.php in VideoDB 2.2.1 and earlier allows remote attackers to execute arbitrary PHP code via the config[pdf_module] parameter. | 7.5 |
2006-10-05 | CVE-2006-5149 | Path Traversal vulnerability in Openbiblio Multiple directory traversal vulnerabilities in OpenBiblio before 0.5.2 allow remote attackers to include and execute arbitrary local files via a .. | 7.5 |
2006-10-05 | CVE-2006-5148 | Remote File Include vulnerability in Forum82 Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php, (2) message.php, (3) member.php, (4) mail.php, (5) lostpassword.php, (6) gesfil.php, (7) forum82lib.php3, and other unspecified scripts. | 7.5 |
2006-10-05 | CVE-2006-5147 | Remote File Include vulnerability in VAMP Webmail Yesno.PHTML PHP remote file inclusion vulnerability in wamp_dir/setup/yesno.phtml in VAMP Webmail 2.0beta1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the no_url parameter. | 7.5 |