Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-01-27 | CVE-2006-0447 | Remote vulnerability in E-Post Corporation Mail Server, Smtp Server and Spa-Pro Mail Atsolomon Multiple buffer overflows in E-Post Mail Server 4.10 and SPA-PRO Mail @Solomon 4.00 allow remote attackers to execute arbitrary code via a long username to the (1) AUTH PLAIN or (2) AUTH LOGIN SMTP commands, which is not properly handled by (a) EPSTRS.EXE or (b) SPA-RS.EXE; (3) a long username in the APOP POP3 command, which is not properly handled by (c) EPSTPOP4S.EXE or (d) SPA-POP3S.EXE; (4) a long IMAP DELETE command, which is not properly handled by (e) EPSTIMAP4S.EXE or (f) SPA-IMAP4S.EXE. | 7.5 |
| 2006-01-26 | CVE-2006-0441 | Buffer Overflow vulnerability in Karjasoft Sami FTP Server 2.0.1 Stack-based buffer overflow in Sami FTP Server 2.0.1 allows remote attackers to execute arbitrary code via a long USER command, which triggers the overflow when the log is viewed. | 7.5 |
| 2006-01-26 | CVE-2006-0436 | Unspecified vulnerability in HP Hp-Ux 11.00/11.11/11.4 Unspecified vulnerability in HP HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain privileges via unknown attack vectors. | 7.2 |
| 2006-01-26 | CVE-2006-0435 | Unspecified vulnerability in Oracle Application Server and Http Server Unspecified vulnerability in Oracle PL/SQL (PLSQL), as used in Database Server DS 9.2.0.7 and 10.1.0.5, Application Server 1.0.2.2, 9.0.4.2, 10.1.2.0.2, 10.1.2.1.0, and 10.1.3.0.0, E-Business Suite and Applications 11.5.10, and Collaboration Suite 10.1.1, 10.1.2.0, 10.1.2.1, and 9.0.4.2, allows attackers to bypass the PLSQLExclusion list and access excluded packages and procedures, aka Vuln# PLSQL01. | 7.5 |
| 2006-01-25 | CVE-2006-0428 | Multiple vulnerability in Oracle Weblogic Portal 8.1 Unspecified vulnerability in BEA WebLogic Portal 8.1 SP3 through SP5, when using Web Services Remote Portlets (WSRP), allows remote attackers to access restricted web resources via crafted URLs. | 7.5 |
| 2006-01-25 | CVE-2006-0426 | Multiple vulnerability in BEA Weblogic Server 8.1 BEA WebLogic Server and WebLogic Express 8.1 through SP4, when configuration auditing is enabled and a password change occurs, stores the old and new passwords in cleartext in the DefaultAuditRecorder.log file, which could allow attackers to gain privileges. | 7.5 |
| 2006-01-25 | CVE-2006-0423 | Multiple vulnerability in Oracle Weblogic Portal 8.1 BEA WebLogic Portal 8.1 through SP3 stores the password for the RDBMS Authentication provider in cleartext in the config.xml file, which allows attackers to gain privileges. | 7.5 |
| 2006-01-25 | CVE-2006-0418 | Remote Code Injection Weakness in 123 Flash Chat Eval injection vulnerability in 123 Flash Chat Server 5.0 and 5.1 allows attackers to execute arbitrary code via a crafted username. | 7.5 |
| 2006-01-25 | CVE-2006-0417 | SQL Injection vulnerability in miniBloggie Login.PHP SQL injection vulnerability in login.php in miniBloggie 1.0 and earlier, when gpc_magic_quotes is disabled, allows remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) username and (2) password parameters. | 7.5 |
| 2006-01-25 | CVE-2006-0413 | SQL Injection vulnerability in Newsphp Multiple SQL injection vulnerabilities in index.php in NewsPHP allow remote attackers to execute arbitrary SQL commands via the (1) discuss, (2) tim, (3) id, (4) last, and (5) limit parameter. | 7.5 |