Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-26 | CVE-2006-3124 | Buffer Overflow vulnerability in Streamripper 1.61.24/1.61.25 Buffer overflow in the HTTP header parsing in Streamripper before 1.61.26 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted HTTP headers. | 7.5 |
2006-08-25 | CVE-2006-2112 | Permissions, Privileges, and Access Controls vulnerability in multiple products Fuji Xerox Printing Systems (FXPS) print engine, as used in products including (1) Dell 3000cn through 5110cn and (2) Fuji Xerox DocuPrint firmware before 20060628 and Network Option Card firmware before 5.13, allows remote attackers to use the FTP printing interface as a proxy ("FTP bounce") by using arbitrary PORT arguments to connect to systems for which access would be otherwise restricted. | 7.5 |
2006-08-24 | CVE-2006-4350 | SQL-Injection vulnerability in Oneorzero 1.6.4.1 SQL injection vulnerability in index.php in OneOrZero 1.6.4.1 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-08-24 | CVE-2006-4348 | Remote File Include vulnerability in Kochsuite Component Kochsuite Component 0.9.4 PHP remote file inclusion vulnerability in config.kochsuite.php in the Kochsuite (com_kochsuite) 0.9.4 component for Mambo and Joomla! allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter. | 7.5 |
2006-08-24 | CVE-2006-4347 | SQL Injection vulnerability in Jiran Cool Manager and Cool Messenger Office School Server SQL injection vulnerability in user logon authentication request handling in Cool_CoolD.exe in Cool Manager 5.0 (5,60,90,28) and Cool Messenger Office/School Server 5.5 (5,65,12,13) allows remote attackers to execute arbitrary SQL commands via the username field. | 7.5 |
2006-08-24 | CVE-2006-4346 | Remote vulnerability in Digium Asterisk 1.2.10 Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to (1) execute code via format string specifiers or (2) overwrite files via directory traversals involving unspecified vectors, as demonstrated by the CALLERIDNAME variable. | 7.5 |
2006-08-24 | CVE-2006-4345 | Remote vulnerability in Asterisk Stack-based buffer overflow in channels/chan_mgcp.c in MGCP in Asterisk 1.0 through 1.2.10 allows remote attackers to execute arbitrary code via a crafted audit endpoint (AUEP) response. | 7.5 |
2006-08-24 | CVE-2006-4329 | Remote File Include vulnerability in Shadows Rising RPG Multiple PHP remote file inclusion vulnerabilities in Shadows Rising RPG (Pre-Alpha) 0.0.5b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the CONFIG[gameroot] parameter to (1) core/includes/security.inc.php, (2) core/includes/smarty.inc.php, (3) qcms/includes/smarty.inc.php or (4) qlib/smarty.inc.php. | 7.5 |
2006-08-24 | CVE-2006-4326 | Buffer Errors vulnerability in Justsystem Formliner, Ichitaro and Ichitaro Government Stack-based buffer overflow in Justsystem Ichitaro 9.x through 13.x, Ichitaro 2004, 2005, 2006, and Government 2006; Ichitaro for Linux; and FormLiner before 20060818 allows remote attackers to execute arbitrary code via long Unicode strings in a crafted document, as being actively exploited by malware such as Trojan.Tarodrop. | 7.5 |
2006-08-24 | CVE-2006-4323 | SQL Injection vulnerability in Cityforfree Indexcity 1.0 SQL injection vulnerability in list.php in CityForFree indexcity 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cate_id parameter. | 7.5 |