Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-0400 | Unspecified vulnerability in Apple mac OS X and mac OS X Server CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives." | 7.5 |
2006-03-14 | CVE-2006-0399 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0398 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-0397 | Code Injection vulnerability in Apple mac OS X and mac OS X Server Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. | 7.5 |
2006-03-14 | CVE-2006-1217 | SQL Injection vulnerability in Dsportal Dspoll 1.1 SQL injection vulnerability in DSPoll 1.1 allows remote attackers to execute arbitrary SQL commands via the pollid parameter to (1) results.php, (2) topolls.php, (3) pollit.php. | 7.5 |
2006-03-14 | CVE-2006-0457 | Local Copy_To_User Race vulnerability in Linux Kernel Security Key Functions Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory. | 7.1 |
2006-03-14 | CVE-2006-1213 | Unspecified vulnerability in Jiro Banner System 1.0Experience/1.0Professional JiRo's Banner System Experience and Professional 1.0 and earlier allows remote attackers to bypass access restrictions and gain privileges via a direct request to certain scripts in the files directory, as demonstrated by using addadmin.asp to create a new administrator account. | 7.5 |
2006-03-14 | CVE-2006-1212 | Remote Code Execution vulnerability in Corenews 2.0.1 Unspecified vulnerability in index.php in Core CoreNews 2.0.1 allows remote attackers to execute arbitrary commands via the page parameter, possibly due to a PHP remote file include vulnerability. | 7.5 |
2006-03-14 | CVE-2006-1211 | SQL-Injection vulnerability in Micromuse Netcool Neusecure 3.0.236 IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 configures a MySQL database to allow connections from any source IP address with the ns database account, which allows remote attackers to bypass the Netcool/NeuSecure application layer and perform unauthorized database actions. | 7.5 |
2006-03-14 | CVE-2006-1210 | Unspecified vulnerability in Micromuse Netcool Neusecure 3.0.236 The web interface for IBM Tivoli Micromuse Netcool/NeuSecure 3.0.236 includes the MySQL database username and password in cleartext in body.phtml, which allows remote attackers to gain privileges by reading the source. | 7.5 |