Vulnerabilities > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2006-03-14 | CVE-2006-1203 | Remote PHP Script Code Injection vulnerability in txtForum PHP remote file include vulnerability in common.php in txtForum 1.0.4-dev and earlier allows remote attackers to include and execute arbitrary PHP code via a URL in the skin parameter to login.php, and possibly other parameters to other PHP scripts, related to include statements in common.php. | 7.5 |
2006-03-14 | CVE-2006-1200 | Remote PHP Script Code Injection vulnerability in Link Bank Direct static code injection vulnerability in add_link.txt in daverave Link Bank allows remote attackers to execute arbitrary PHP code via the url_name parameter, which is not sanitized before being stored in links.txt, which is later used in an include statement. | 7.5 |
2006-03-13 | CVE-2006-1197 | Local Privilege Escalation vulnerability in SafeDisc Secdrv.SYS SafeDisc installs the driver service for the secdrv.sys driver with insecure permissions, which allows local users to gain privileges by changing the configuration to reference a malicious program. | 7.2 |
2006-03-13 | CVE-2006-0819 | Input Validation vulnerability in Gnome Dwarf Http Server 1.3.2 Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request. | 7.8 |
2006-03-13 | CVE-2006-1183 | Local Installation Password Disclosure vulnerability in Ubuntu Linux 5.10 The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. | 7.2 |
2006-03-12 | CVE-2006-1164 | Input Validation vulnerability in Nodez 4.6.1.1 Nodez 4.6.1.1 and earlier stores sensitive data in the list.gtdat file under the web document root with insufficient access control, which allows remote attackers to obtain usernames and password hashes by directly accessing list.gtdat. | 7.5 |
2006-03-12 | CVE-2006-1159 | Input Validation vulnerability in EFS Software EFS web Server 3.2 Format string vulnerability in Easy File Sharing (EFS) Web Server 3.2 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in the query string argument in an HTTP GET request. | 7.8 |
2006-03-12 | CVE-2006-1158 | Remote Denial of Service vulnerability in Kerio MailServer Kerio MailServer before 6.1.3 Patch 1 allows remote attackers to cause a denial of service (application crash) via a crafted IMAP LOGIN command. | 7.8 |
2006-03-10 | CVE-2006-1154 | Code Injection vulnerability in Fscripts Fantastic News 2.1.1/2.1.2/2.1.4 PHP remote file inclusion vulnerability in archive.php in Fantastic News 2.1.2 allows remote attackers to include arbitrary files via the CONFIG[script_path] variable. | 7.5 |
2006-03-10 | CVE-2006-1150 | Remote Denial Of Service vulnerability in TEG Tenes Empanadas Graciela 0.11.1 Buffer overflow in Tenes Empanadas Graciela (TEG) 0.11.1, automatically appends an _ (underscore) to the end of duplicate nicknames, which allows remote attackers to cause a denial of service (application crash) by creating multiple users with long, identical nicknames, which triggers an off-by-one error. | 7.8 |