Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2006-03-23 CVE-2006-1283 Unspecified vulnerability in Freebsd
opiepasswd in One-Time Passwords in Everything (OPIE) in FreeBSD 4.10-RELEASE-p22 through 6.1-STABLE before 20060322 uses the getlogin function to determine the invoking user account, which might allow local users to configure OPIE access to the root account and possibly gain root privileges if a root shell is permitted by the configuration of the wheel group or sshd.
local
low complexity
freebsd
7.2
2006-03-23 CVE-2006-1364 Resource Exhaustion vulnerability in Microsoft Asp.Net 1.0/1.1
Microsoft w3wp (aka w3wp.exe) does not properly handle when the AspCompat directive is not used when referencing COM components in ASP.NET, which allows remote attackers to cause a denial of service (resource consumption or crash) by repeatedly requesting each of several documents that refer to COM components, or are restricted documents located under the ASP.NET application path.
network
low complexity
microsoft CWE-400
7.8
2006-03-23 CVE-2006-1363 Remote Security vulnerability in Justin White Freewps 2.11
images.php in Justin White (aka YTZ) Free Web Publishing System (FreeWPS) 2.11 allows remote attackers to execute arbitrary PHP code by uploading a .php file into the /upload directory as specified in the dirPath parameter, then performing a direct request to that file.
network
low complexity
justin-white
7.5
2006-03-23 CVE-2006-1362 SQL-Injection vulnerability in Mini-Nuke Cms
Multiple SQL injection vulnerabilities in Mini-Nuke CMS System 1.8.2 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the uid parameter in (a) members.asp, the (2) catid parameter in (b) articles.asp and (c) programs.asp, and the (3) id parameter in (d) hpages.asp and (e) forum.asp.
network
low complexity
mini-nuke
7.5
2006-03-23 CVE-2006-1360 SQL Injection vulnerability in Musicbox 2.3Beta2
Multiple SQL injection vulnerabilities in MusicBox 2.3 Beta 2 allow remote attackers to execute arbitrary SQL commands via the (1) id, (2) type, or (3) show parameter to (a) index.php; or the (4) message1 or (5) message parameter to (b) cart.php.
network
low complexity
musicbox CWE-89
7.5
2006-03-23 CVE-2006-0905 A "programming error" in fast_ipsec in FreeBSD 4.8-RELEASE through 6.1-STABLE and NetBSD 2 through 3 does not properly update the sequence number associated with a Security Association, which allows packets to pass sequence number checks and allows remote attackers to capture IPSec packets and conduct replay attacks.
network
low complexity
freebsd netbsd
7.5
2006-03-22 CVE-2006-0058 Remote Code Execution vulnerability in Sendmail Asynchronous Signal Handling
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
network
high complexity
sendmail
7.6
2006-03-22 CVE-2006-1354 Authentication Bypass vulnerability in FreeRADIUS EAP-MSCHAPv2
Unspecified vulnerability in FreeRADIUS 1.0.0 up to 1.1.0 allows remote attackers to bypass authentication or cause a denial of service (server crash) via "Insufficient input validation" in the EAP-MSCHAPv2 state machine module.
network
low complexity
freeradius
7.5
2006-03-22 CVE-2006-1353 SQL Injection vulnerability in Aspportal 3.0.0/3.1.0/3.1.1
Multiple SQL injection vulnerabilities in ASPPortal 3.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the downloadid parameter in download_click.asp and (2) content_ID parameter in news/News_Item.asp; authenticated administrators can also conduct attacks via (3) user_id parameter to users/add_edit_user.asp, (4) bannerid parameter to banner_adds/banner_add_edit.asp, (5) cat_id parameter to categories/add_edit_cat.asp, (6) Content_ID parameter to News/add_edit_news.asp, (7) download_id parameter to downloads/add_edit_download.asp, (8) Poll_ID parameter to poll/add_edit_poll.asp, (9) contactid parameter to contactus/contactus_add_edit.asp, (10) sortby parameter to poll/poll_list.asp, and (11) unspecified inputs to downloads/add_edit_download.asp.
network
low complexity
aspportal
7.5
2006-03-22 CVE-2006-1350 Remote File Include vulnerability in Free Articles Directory Page Parameter Directory
PHP remote file include vulnerability in index.php in 99Articles.com (aka ArticlesOne.com) Free articles directory allows remote attackers to include and execute arbitrary PHP code via a URL in the page parameter.
network
low complexity
articlesone
7.5