Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-08-29 | CVE-2006-4434 | Use After Free vulnerability in Sendmail Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. | 7.5 |
| 2006-08-29 | CVE-2006-4433 | Remote Security vulnerability in PHP PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into the PHPSESSID, which is stored in the session file. | 7.5 |
| 2006-08-29 | CVE-2006-4432 | Directory Traversal vulnerability in Zend Platform Directory traversal vulnerability in Zend Platform 2.2.1 and earlier allows remote attackers to overwrite arbitrary files via a .. | 7.5 |
| 2006-08-29 | CVE-2006-4431 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zend Platform Multiple buffer overflows in the (a) Session Clustering Daemon and the (b) mod_cluster module in the Zend Platform 2.2.1 and earlier allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a (1) empty or (2) crafted PHP session identifier (PHPSESSID). | 7.5 |
| 2006-08-29 | CVE-2006-4423 | Remote File Include vulnerability in Bigace 1.8.2 Multiple PHP remote file inclusion vulnerabilities in Bigace 1.8.2 allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[_BIGACE][DIR][admin] parameter in (a) system/command/admin.cmd.php, (b) admin/include/upload_form.php, and (c) admin/include/item_main.php; and the (2) GLOBALS[_BIGACE][DIR][libs] parameter in (d) system/command/admin.cmd.php and (e) system/command/download.cmd.php. | 7.5 |
| 2006-08-28 | CVE-2006-4419 | SQL Injection vulnerability in Promanager 0.73 SQL injection vulnerability in note.php in ProManager 0.73 allows remote attackers to execute arbitrary SQL commands via the note_id parameter. | 7.5 |
| 2006-08-28 | CVE-2006-4417 | SQL Injection vulnerability in Xoops Edituser.PHP SQL injection vulnerability in edituser.php in Xoops before 2.0.15 allows remote attackers to execute arbitrary SQL commands via the user_avatar parameter. | 7.5 |
| 2006-08-28 | CVE-2006-4416 | Local Insecure Program Execution vulnerability in IBM AIX 5.1/5.2/5.3 Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program. | 7.2 |
| 2006-08-27 | CVE-2006-4363 | Remote File Include vulnerability in Cropimage Component Cropimage Component 1.0 PHP remote file inclusion vulnerability in admin.cropcanvas.php in the CropImage component (com_cropimage) 1.0 for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the cropimagedir parameter. | 7.5 |
| 2006-08-27 | CVE-2006-4357 | Remote File Include vulnerability in DieselScripts Smart Traffic PHP remote file inclusion vulnerability in clients/index.php in Diesel Smart Traffic allows remote attackers to execute arbitrary PHP code via a URL in the src parameter. | 7.5 |