Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-02-04 | CVE-2006-0542 | SQL Injection vulnerability in Nukedweb Guestbookhost 20050425 Multiple SQL injection vulnerabilities in config.php in NukedWeb GuestBookHost 2005.04.25 allow remote attackers to execute arbitrary SQL commands via the (1) email and (2) password parameters. | 7.5 |
| 2006-02-04 | CVE-2006-0540 | Input Validation vulnerability in Tachyon Vanilla Guestbook 1.0Beta Multiple SQL injection vulnerabilities in Tachyon Vanilla Guestbook 1.0 beta allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
| 2006-02-04 | CVE-2006-0537 | Remote RCPT TO Buffer Overflow vulnerability in Kinesphere Corporation Exchange Pop3 5.0Build050203 Buffer overflow in the POP3 server in Kinesphere Corporation eXchange before 5.0.060125 allows remote attackers to execute arbitrary code via a long RCPT TO argument. | 7.5 |
| 2006-02-04 | CVE-2006-0531 | Local Authentication Bypass vulnerability in SUN Java System Access Manager 7.0 Unspecified vulnerability in Sun Java System Access Manager 7.0 allows local users logged in as "root" to bypass authentication and gain top-level administrator privileges via the amadmin CLI tool. | 7.2 |
| 2006-02-02 | CVE-2006-0294 | Unspecified vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Mozilla Firefox before 1.5.0.1, Thunderbird 1.5 if running Javascript in mail, and SeaMonkey before 1.0 allow remote attackers to execute arbitrary code by changing an element's style from position:relative to position:static, which causes Gecko to operate on freed memory. | 7.5 |
| 2006-02-02 | CVE-2006-0293 | Unspecified vulnerability in Mozilla Firefox 1.5 The function allocation code (js_NewFunction in jsfun.c) in Firefox 1.5 allows attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via user-defined methods that trigger garbage collection in a way that operates on freed objects. | 7.5 |
| 2006-02-02 | CVE-2006-0292 | Unspecified vulnerability in Mozilla Firefox and Mozilla The Javascript interpreter (jsinterp.c) in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via unknown attack vectors related to garbage collection. | 7.5 |
| 2006-02-02 | CVE-2006-0526 | Local Privilege Escalation vulnerability in AOL Client Software 8.0/9.0 The default configuration of the America Online (AOL) client software allows all users to modify a certain registry value that specifies a DLL file name, which might allow local users to gain privileges via a Trojan horse program. | 7.2 |
| 2006-02-02 | CVE-2006-0523 | SQL-Injection vulnerability in MyBulletinBoard SQL injection vulnerability in global.php in MyBB before 1.03 allows remote attackers to execute arbitrary SQL commands via the templatelist variable. | 7.5 |
| 2006-02-02 | CVE-2006-0522 | SQL Injection vulnerability in Symantec Sygate Management Server SMS Authentication Servlet SQL injection vulnerability in the Authentication Servlet in Symantec Sygate Management Server (SMS) version 4.1 build 1417 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via unknown attack vectors related to a URL. | 7.5 |