Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-08-08 | CVE-2006-3638 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01 and 6 does not properly handle uninitialized COM objects, which allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code, as demonstrated by the Nth function in the DirectAnimation.DATuple ActiveX control, aka "COM Object Instantiation Memory Corruption Vulnerability." | 7.5 |
2006-08-08 | CVE-2006-3586 | Input Validation vulnerability in Jetbox CMS 2.1Sr1 SQL injection vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to execute arbitrary SQL commands via the (1) frontsession COOKIE parameter and (2) view parameter in index.php, and the (3) login parameter in admin/cms/index.php. | 7.5 |
2006-08-08 | CVE-2006-3584 | Input Validation vulnerability in Jetbox Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables. | 7.5 |
2006-08-08 | CVE-2006-3583 | Improper Authentication vulnerability in Jetbox CMS 2.1Sr1 Session fixation vulnerability in Jetbox CMS 2.1 SR1 allows remote attackers to hijack web sessions via a crafted link and the administrator section. | 7.5 |
2006-08-08 | CVE-2006-3451 | Improper Input Validation vulnerability in Microsoft IE 5.0/6 Microsoft Internet Explorer 5 SP4 and 6 do not properly garbage collect when "multiple imports are used on a styleSheets collection" to construct a chain of Cascading Style Sheets (CSS), which allows remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
2006-08-08 | CVE-2006-3450 | Improper Input Validation vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 6 allows remote attackers to execute arbitrary code by using the document.getElementByID Javascript function to access crafted Cascading Style Sheet (CSS) elements, and possibly other unspecified vectors involving certain layout positioning combinations in an HTML file. | 7.5 |
2006-08-08 | CVE-2006-3862 | Multiple vulnerability in IBM Informix Dynamic Server Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable (envariable). | 7.5 |
2006-08-08 | CVE-2006-4018 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. | 7.5 |
2006-08-07 | CVE-2006-4013 | Path Traversal vulnerability in Symantec Brightmail Antispam Multiple directory traversal vulnerabilities in Symantec Brightmail AntiSpam (SBAS) before 6.0.4, when the Control Center is allowed to connect from any computer, allow remote attackers to read and overwrite certain files via directory traversal sequences in (1) DATABLOB-GET and (2) DATABLOB-SAVE requests. | 7.6 |
2006-08-07 | CVE-2006-4010 | SQL Injection vulnerability in Vwar Virtual WAR 1.5.0 SQL injection vulnerability in war.php in Virtual War (Vwar) 1.5.0 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. | 7.5 |