Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-06-03 | CVE-2006-2794 | Remote Security vulnerability in Aspsitem 1.83 Hesabim.asp in ASPSitem 2.0 and earlier allows remote attackers to read private messages of other users via a modified id parameter. | 7.8 |
| 2006-06-03 | CVE-2006-2793 | SQL-Injection vulnerability in Aspsitem 1.83 SQL injection vulnerability in Anket.asp in ASPSitem 2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the hid parameter. | 7.5 |
| 2006-06-03 | CVE-2006-2792 | SQL-Injection vulnerability in Woltlab Burning Board 2.3.4 SQL injection vulnerability in misc.php in Woltlab Burning Board (WBB) 2.3.4 allows remote attackers to execute arbitrary SQL commands via the sid parameter. | 7.5 |
| 2006-06-02 | CVE-2006-2790 | Local Privilege Escalation vulnerability in SUN Storage Automated Diagnostic Environment 2.4 A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges. | 7.2 |
| 2006-06-02 | CVE-2006-2788 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mozilla Firefox Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code. | 7.5 |
| 2006-06-02 | CVE-2006-2777 | Unspecified vulnerability in Mozilla Firefox and Seamonkey Unspecified vulnerability in Mozilla Firefox before 1.5.0.4 and SeaMonkey before 1.0.2 allows remote attackers to execute arbitrary code by using the nsISelectionPrivate interface of the Selection object to add a SelectionListener and create notifications that are executed in a privileged context. | 7.5 |
| 2006-06-02 | CVE-2006-2776 | Unspecified vulnerability in Mozilla Firefox and Thunderbird Certain privileged UI code in Mozilla Firefox and Thunderbird before 1.5.0.4 calls content-defined setters on an object prototype, which allows remote attackers to execute code at a higher privilege than intended. | 7.5 |
| 2006-06-02 | CVE-2006-2775 | Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Thunderbird Mozilla Firefox and Thunderbird before 1.5.0.4 associates XUL attributes with the wrong URL under certain unspecified circumstances, which might allow remote attackers to bypass restrictions by causing a persisted string to be associated with the wrong URL. | 7.5 |
| 2006-06-02 | CVE-2006-2760 | SQL Injection vulnerability in Warpspeed 4Nforum 0.91 SQL injection vulnerability in modules.php in 4nNukeWare 4nForum 0.91 allows remote attackers to execute arbitrary SQL commands via the tid parameter. | 7.5 |
| 2006-06-01 | CVE-2006-2753 | SQL Injection vulnerability in MySQL Mysql_real_escape Function SQL injection vulnerability in MySQL 4.1.x before 4.1.20 and 5.0.x before 5.0.22 allows context-dependent attackers to execute arbitrary SQL commands via crafted multibyte encodings in character sets such as SJIS, BIG5, and GBK, which are not properly handled when the mysql_real_escape function is used to escape the input. | 7.5 |