Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-10 | CVE-2006-3473 | CRLF Injection vulnerability in Drupal Form_mail Module CRLF injection vulnerability in form_mail Drupal Module before 1.8.2.2 allows remote attackers to inject e-mail headers, which facilitates sending spam messages, a different issue than CVE-2006-1225. | 7.5 |
| 2006-07-10 | CVE-2006-3470 | Remote Security vulnerability in Openmanage Cd The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges. | 7.5 |
| 2006-07-08 | CVE-2006-1176 | Remote Buffer Overflow vulnerability in EBay Enhanced Picture Service ActiveX Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document. | 7.5 |
| 2006-07-07 | CVE-2006-3431 | Remote Code Execution vulnerability in Microsoft Excel Style Handling and Repair Buffer overflow in certain Asian language versions of Microsoft Excel might allow user-assisted attackers to execute arbitrary code via a crafted STYLE record in a spreadsheet that triggers the overflow when the user attempts to repair the document or selects the "Style" option, as demonstrated by nanika.xls. | 7.5 |
| 2006-07-07 | CVE-2006-3430 | SQL Injection vulnerability in multiple products SQL injection vulnerability in checkprofile.asp in (1) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1 and (2) Novell ZENworks 6.2 SR1 and earlier, allows remote attackers to execute arbitrary SQL commands via the agentid parameter. | 7.5 |
| 2006-07-07 | CVE-2006-3425 | Authentication Bypass vulnerability in PatchLink Update Server Proxyreg.ASP FastPatch for (a) PatchLink Update Server (PLUS) before 6.1 P1 and 6.2.x before 6.2 SR1 P1, and (b) Novell ZENworks 6.2 SR1 and earlier, does not require authentication for dagent/proxyreg.asp, which allows remote attackers to list, add, or delete PatchLink Distribution Point (PDP) proxy servers via modified (1) List, (2) Proxy, or (3) Delete parameters. | 7.5 |
| 2006-07-07 | CVE-2006-3424 | Remote Security vulnerability in Webex Downloader Activex Control Multiple buffer overflows in WebEx Downloader ActiveX Control, possibly in versions before November 2005, allow remote attackers to execute arbitrary code via unspecified vectors. | 7.5 |
| 2006-07-07 | CVE-2006-3422 | Remote File Include vulnerability in Wonderedit PRO CMS Gold PHP remote file inclusion vulnerability in WonderEdit Pro CMS allows remote attackers to execute arbitrary PHP code via the config[template_path] parameter in user_bottom.php, as used by multiple templates including (1) rwb (template/rwb/user_bottom.php), (2) gwb (template/rwb/user_bottom.php, (3) blues, (4) bluwhi, and (5) grns. | 7.5 |
| 2006-07-07 | CVE-2006-3420 | Cross-Site Request Forgery vulnerability in MyBulletinBoard Cross-site request forgery (CSRF) vulnerability in editpost.php in MyBulletinBoard (MyBB) before 1.1.5 allows remote attackers to perform unauthorized actions as a logged in user and delete arbitrary forum posts via a bbcode IMG tag with a modified delete parameter in a deletepost action. | 7.5 |
| 2006-07-07 | CVE-2006-3409 | Information Disclosure And Denial of Service vulnerability in Trac Integer overflow in Tor before 0.1.1.20 allows remote attackers to execute arbitrary code via crafted large inputs, which result in a buffer overflow when elements are added to smartlists. | 7.5 |