Vulnerabilities > High

DATE CVE VULNERABILITY TITLE RISK
2007-03-07 CVE-2006-7161 SQL-Injection vulnerability in Aspindir Hazirsite 2.0
SQL injection vulnerability in giris_yap.asp in Hazir Site 2.0 allows remote attackers to bypass authentication via the (1) k_a class or (2) sifre parameter.
network
low complexity
aspindir
7.5
2007-03-07 CVE-2006-7157 Buffer Errors vulnerability in Google Earth 4.0.2091
Buffer overflow in Google Earth v4.0.2091 (beta) allows remote user-assisted attackers to cause a denial of service (crash) via a KML or KMZ file with a long href element.
network
google CWE-119
7.1
2007-03-07 CVE-2006-7155 Unspecified vulnerability in Novell Bordermanager 3.8
Novell BorderManager 3.8 SP4 generates the same ISAKMP cookies for the same source IP and port number during the same day, which allows remote attackers to conduct denial of service and replay attacks.
network
low complexity
novell
7.5
2007-03-07 CVE-2006-7152 Privilege Escalation vulnerability in Asp-Nuke Community Cookie
default.asp in ASP-Nuke Community 1.5 and earlier allows remote attackers to gain privileges by setting certain pseudo cookie values.
network
asp-nuke
8.5
2007-03-07 CVE-2006-7150 SQL-Injection vulnerability in Mambo Open Source 4.6/4.6.1
Multiple SQL injection vulnerabilities in Mambo 4.6.x allow remote attackers to execute arbitrary SQL commands via the mcname parameter to (1) moscomment.php and (2) com_comment.php.
network
low complexity
mambo
7.5
2007-03-07 CVE-2006-7144 SQL-Injection vulnerability in Call-Center-Software
SQL injection vulnerability in Call Center Software 0.93 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via the user name in the login page.
network
low complexity
call-center-software
7.5
2007-03-07 CVE-2006-7142 Use of Hard-coded Credentials vulnerability in Utimaco Safeguard 4.30
The centralized management feature for Utimaco Safeguard stores hard-coded cryptographic keys in executable programs for encrypted configuration files, which allows attackers to recover the keys from the configuration files and decrypt the disk drive.
local
low complexity
utimaco CWE-798
7.8
2007-03-07 CVE-2007-1306 Remote Denial of Service vulnerability in Asterisk SIP Channel Driver
Asterisk 1.4 before 1.4.1 and 1.2 before 1.2.16 allows remote attackers to cause a denial of service (crash) by sending a Session Initiation Protocol (SIP) packet without a URI and SIP-version header, which results in a NULL pointer dereference.
network
low complexity
digium
7.8
2007-03-07 CVE-2007-1303 Directory Traversal vulnerability in RRDBrowse File Parameter
Directory traversal vulnerability in rb.cgi in RRDBrowse 1.6 and earlier allows remote attackers to read arbitrary files via a ..
network
low complexity
rrdbrowse
7.8
2007-03-07 CVE-2007-1300 Information Disclosure vulnerability in Douran Software Technologies Isputil 3.32.84.1
DOURAN Software Technologies ISPUtil 3.32.84.1, and possibly earlier versions, stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain user and reseller data via a direct request for scripts/activesessions.ini.
network
low complexity
douran-software-technologies
7.8