Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-31 | CVE-2006-0478 | Unspecified vulnerability in CRE Loaded CRE Loaded 6.15 CRE Loaded 6.15 allows remote attackers to perform privileged actions, including uploading and creating arbitrary files, via a direct request to files.php. | 7.5 |
| 2006-01-31 | CVE-2006-0477 | Remote Buffer Overflow vulnerability in GIT Buffer overflow in git-checkout-index in GIT before 1.1.5 allows remote attackers to execute arbitrary code via an index file with a long symbolic link. | 7.5 |
| 2006-01-31 | CVE-2006-0476 | Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.12 Buffer overflow in Nullsoft Winamp 5.12 allows remote attackers to execute arbitrary code via a playlist (pls) file with a long file name (File1 field). | 7.6 |
| 2006-01-31 | CVE-2006-0474 | Remote Integer Overflow vulnerability in Shareaza 2.2.1.0 Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in (c) Packet.h. | 7.5 |
| 2006-01-30 | CVE-2006-0301 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf Heap-based buffer overflow in Splash.cc in xpdf, as used in other products such as (1) poppler, (2) kdegraphics, (3) gpdf, (4) pdfkit.framework, and others, allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. | 7.5 |
| 2006-01-30 | CVE-2006-0468 | Denial of Service vulnerability in Communigate Pro Server LDAP CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite. | 7.5 |
| 2006-01-27 | CVE-2006-0464 | SQL-Injection vulnerability in Ideocontent Manager Multiple SQL injection vulnerabilities in index.php in IdeoContent Manager allow remote attackers to execute arbitrary SQL commands via the (1) goto_id or (2) mid parameter. | 7.5 |
| 2006-01-27 | CVE-2006-0462 | SQL Injection vulnerability in Andonet Blog 2004.09.02 SQL injection vulnerability in comentarios.php in AndoNET Blog 2004.09.02 allows remote attackers to execute arbitrary SQL commands via the entrada parameter. | 7.5 |
| 2006-01-27 | CVE-2006-0057 | Unspecified vulnerability in Microsoft IE and Internet Explorer Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to bypass the Kill bit settings for dangerous ActiveX controls via unknown vectors involving crafted HTML, which can expose the browser to attacks that would otherwise be prevented by the Kill bit setting. | 7.5 |
| 2006-01-27 | CVE-2006-0448 | Remote vulnerability in E-Post MailServer Multiple directory traversal vulnerabilities in (1) EPSTIMAP4S.EXE and (2) SPA-IMAP4S.EXE in the IMAP service in E-Post Mail 4.05 and SPA-PRO Mail 4.05 allow remote attackers to (a) list arbitrary directories or cause a denial of service via the LIST command; or create arbitrary files via the (b) APPEND, (c) COPY, or (d) RENAME commands. | 7.5 |