Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-19 | CVE-2006-1257 | Authentication Bypass vulnerability in Microsoft Commerce Server 2002 The sample files in the authfiles directory in Microsoft Commerce Server 2002 before SP2 allow remote attackers to bypass authentication by logging in to authfiles/login.asp with a valid username and any password, then going to the main site twice. | 7.5 |
2006-03-19 | CVE-2006-1252 | Remote Command Execution vulnerability in Light Weight Calendar Light Weight Calendar 1.0 Eval injection vulnerability in cal.php in Light Weight Calendar (LWC) 1.0 allows remote attackers to execute arbitrary PHP code via the date parameter to index.php. | 7.5 |
2006-03-17 | CVE-2006-1246 | Local Privilege Escalation vulnerability in IBM AIX 5.3 Unspecified vulnerability in mklvcopy in BOS.RTE.LVM in IBM AIX 5.3 allows local users to execute arbitrary commands when mklvcopy calls external commands, possibly due to an untrusted search path vulnerability. | 7.2 |
2006-03-17 | CVE-2006-1245 | Buffer Overflow vulnerability in Microsoft IE 6.0 Buffer overflow in mshtml.dll in Microsoft Internet Explorer 6.0.2900.2180, and probably other versions, allows remote attackers to execute arbitrary code via an HTML tag with a large number of script action handlers such as onload and onmouseover, as demonstrated using onclick, aka the "Multiple Event Handler Memory Corruption Vulnerability." | 7.5 |
2006-03-15 | CVE-2006-1244 | Multiple Unspecified vulnerability in XPDF Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. | 7.6 |
2006-03-15 | CVE-2006-1243 | Local File Include vulnerability in Simple PHP Blog Directory traversal vulnerability in install05.php in Simple PHP Blog (SPB) 0.4.7.1 and earlier allows remote attackers to include and execute arbitrary local files via directory traversal sequences and a NUL (%00) character in the blog_language parameter, as demonstrated by injecting PHP sequences into an Apache access_log file, which is then included using install05.php. | 7.5 |
2006-03-15 | CVE-2006-1237 | SQL Injection vulnerability in Dsportal Dsnewsletter 1.0 Multiple SQL injection vulnerabilities in DSNewsletter 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the email parameter to (1) include/sub.php, (2) include/confirm.php, or (3) include/unconfirm.php. | 7.5 |
2006-03-15 | CVE-2006-1236 | Unspecified vulnerability in Crossfire 1.9.0 Buffer overflow in the SetUp function in socket/request.c in CrossFire 1.9.0 allows remote attackers to execute arbitrary code via a long setup sound command, a different vulnerability than CVE-2006-1010. | 7.5 |
2006-03-14 | CVE-2006-1232 | SQL-Injection vulnerability in Dsportal Dsdownload 1.0 Multiple SQL injection vulnerabilities in DSDownload 1.0, with magic_quotes_gpc disabled, allow remote attackers to execute arbitrary SQL commands via the (1) key and (2) category parameters to (a) search.php and (b) downloads.php. | 7.5 |
2006-03-14 | CVE-2006-1229 | SQL-Injection vulnerability in Hosting Controller Hosting Controller 6.1Hotfix2.9 SQL injection vulnerability in search.asp in Hosting Controller 6.1 (Hotfix 2.9) allows remote attackers to execute arbitrary SQL commands via the search parameter. | 7.5 |