Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-07-06 | CVE-2006-3402 | SQL Injection vulnerability in Virtuastore 2.0 SQL injection vulnerability in VirtuaStore 2.0 allows remote attackers to execute arbitrary SQL commands via the password parameter when logging in. | 7.5 |
| 2006-07-06 | CVE-2006-3401 | Buffer Errors vulnerability in ID Software Quake 3 Engine 1.32B/1.32C/Icculus812 Stack-based buffer overflow in Quake 3 Engine as used by Quake 3: Arena 1.32b and 1.32c allows remote attackers to cause a denial of service and possibly execute code via long CS_ITEMS values. | 7.5 |
| 2006-07-06 | CVE-2006-3400 | Stack Buffer Overflow vulnerability in Quake 3 Engine Client Stack-based buffer overflow in the CG_ServerCommand function in Quake 3 Engine as used by Soldier of Fortune 2 (SOF2MP) GOLD 1.03 allows remote attackers to cause a denial of service and possibly execute code by sending a long command from the server. | 7.5 |
| 2006-07-06 | CVE-2006-3394 | SQL Injection vulnerability in Bxcp 0.2.9.7/0.3 SQL injection vulnerability in the files mod in index.php in BXCP 0.3.0.4 allows remote attackers to execute arbitrary SQL commands via the where parameter in a view action. | 7.5 |
| 2006-07-06 | CVE-2006-3393 | Remote Denial of Service vulnerability in NASCAR Racing UDP Datagram Papyrus NASCAR Racing 4 4.1.3.1.6 and earlier, 2002 Season 1.1.0.2 and earlier, and 2003 Season 1.2.0.1 and earlier allows remote attackers to cause a denial of service (CPU consumption) by sending an empty UDP datagram, which is not properly discarded due to use of the FIONREAD asynchronous socket. | 7.8 |
| 2006-07-06 | CVE-2006-3381 | Unspecified vulnerability in Sturgeon Upload Sturgeon Upload SturGeoN Upload allows remote attackers to execute arbitrary PHP code by uploading a file with a .php extension, then directly accessing the file. | 7.5 |
| 2006-07-06 | CVE-2006-3378 | Privilege Escalation vulnerability in Ubuntu Linux 5.04/5.10/6.06Lts passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits. | 7.2 |
| 2006-07-06 | CVE-2006-3376 | Integer Overflow vulnerability in Wvware Libwmf and WV2 Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field in a WMF file. | 7.5 |
| 2006-07-06 | CVE-2006-3375 | Remote File Include vulnerability in Randshop 1.1.1 PHP remote file inclusion vulnerability in includes/header.inc.php in Randshop 1.1.1 allows remote attackers to execute arbitrary PHP code via the dateiPfad parameter. | 7.5 |
| 2006-07-06 | CVE-2006-3374 | Remote File Include vulnerability in Randshop 0.9.3 PHP remote file inclusion vulnerability in index.php in Randshop 1.2 and earlier, including 0.9.3, allows remote attackers to execute arbitrary PHP code via a URL in the incl parameter. | 7.5 |