CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 9 and 10)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
17351 CVE-2006-4936 20 2006-09-23 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
Moodle before 1.6.2 does not properly validate the module instance id when creating a course module object, which has unspecified impact and remote attack vectors.
17352 CVE-2006-4935 20 2006-09-23 2020-12-01
10.0
None Remote Low Not required Complete Complete Complete
The Database module in Moodle before 1.6.2 does not properly handle uploaded files, which has unspecified impact and remote attack vectors.
17353 CVE-2006-4902 Exec Code 2006-12-14 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
17354 CVE-2006-4868 119 Exec Code Overflow 2006-09-19 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Vector Graphics Rendering engine (vgx.dll), as used in Microsoft Outlook and Internet Explorer 6.0 on Windows XP SP2, and possibly other versions, allows remote attackers to execute arbitrary code via a Vector Markup Language (VML) file with a long fill parameter within a rect tag.
17355 CVE-2006-4860 2006-09-19 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in (1) index.php, (2) minixml.inc.php, (3) doc.inc.php, (4) element.inc.php, (5) node.inc.php, (6) treecomp.inc.php, (7) forum.html.php, (8) forum.php, (9) antihack.php, (10) content.php, (11) initglobals.php, and (12) imanager.php in Limbo (aka Lite Mambo) CMS 1.0.4.2 before 20060311 have unknown impact and attack vectors.
17356 CVE-2006-4831 2006-09-15 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in IP over DNS is now easy (iodine) before 0.3.2 has unknown impact and attack vectors, related to "potential security problems."
17357 CVE-2006-4830 Dir. Trav. 2006-09-15 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in EditBlogTemplatesPlugin.java in David Czarnecki Blojsom 2.30 allows remote attackers to have an unknown impact by sending an HTTP request with a certain value of blogTemplate.
17358 CVE-2006-4812 94 Exec Code Overflow 2006-10-10 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend Engine ecalloc function (Zend/zend_alloc.c).
17359 CVE-2006-4732 Overflow 2006-09-13 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Visual Basic (VB) 6 has an unknown impact ("overflow") via a project that contains a certain Click event procedure, as demonstrated using the msgbox function and the VB.Label object.
17360 CVE-2006-4697 Exec Code 2007-02-13 2021-07-23
9.3
None Remote Medium Not required Complete Complete Complete
Microsoft Internet Explorer 5.01, 6, and 7 uses certain COM objects from Imjpcksid.dll as ActiveX controls, which allows remote attackers to execute arbitrary code via unspecified vectors. NOTE: this issue might be related to CVE-2006-4193.
17361 CVE-2006-4696 94 Exec Code 2006-10-10 2018-10-17
9.0
None Remote Low ??? Complete Complete Complete
Unspecified vulnerability in the Server service in Microsoft Windows 2000 SP4, Server 2003 SP1 and earlier, and XP SP2 and earlier allows remote attackers to execute arbitrary code via a crafted packet, aka "SMB Rename Vulnerability."
17362 CVE-2006-4695 94 Exec Code 2006-12-31 2018-10-12
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in certain COM objects in Microsoft Office Web Components 2000 allows user-assisted remote attackers to execute arbitrary code via a crafted URL, aka "Office Web Components URL Parsing Vulnerability."
17363 CVE-2006-4694 94 Exec Code 2006-09-27 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office XP and Office 2003 allows user-assisted attackers to execute arbitrary code via a crafted record in a PPT file, as exploited by malware such as Exploit:Win32/Controlppt.W, Exploit:Win32/Controlppt.X, and Exploit-PPT.d/Trojan.PPDropper.F. NOTE: it has been reported that the attack vector involves SlideShowWindows.View.GotoNamedShow.
17364 CVE-2006-4693 Exec Code 2006-10-10 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2004 for Mac and v.X for Mac allows remote user-assisted attackers to execute arbitrary code via a crafted string in a Word file, a different issue than CVE-2006-3647 and CVE-2006-3651.
17365 CVE-2006-4691 Exec Code Overflow 2006-11-14 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
17366 CVE-2006-4585 Exec Code +Priv Sql 2006-09-06 2018-10-17
9.0
None Remote Low ??? Complete Complete Complete
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
17367 CVE-2006-4571 DoS Exec Code 2006-09-15 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
17368 CVE-2006-4565 119 DoS Exec Code Overflow 2006-09-15 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
17369 CVE-2006-4534 Exec Code 2006-09-05 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in Microsoft Word 2000, 2002, and Office 2003 allows remote user-assisted attackers to execute arbitrary code via unspecified vectors involving a crafted file resulting in a malformed stack, as exploited by malware with names including Trojan.Mdropper.Q, Mofei, and Femo.
17370 CVE-2006-4510 Exec Code 2006-10-24 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
The evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request containing a value that is larger than the number of objects transmitted, which triggers an invalid free of unallocated memory.
17371 CVE-2006-4509 Exec Code Overflow 2006-10-24 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Integer overflow in the evtFilteredMonitorEventsRequest function in the LDAP service in Novell eDirectory before 8.8.1 FTF1 allows remote attackers to execute arbitrary code via a crafted request.
17372 CVE-2006-4485 2006-08-31 2018-10-30
10.0
None Remote Low Not required Complete Complete Complete
The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
17373 CVE-2006-4483 2006-08-31 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
17374 CVE-2006-4482 119 Overflow 2006-08-31 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
17375 CVE-2006-4465 Exec Code 2006-08-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
** DISPUTED ** Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code.
17376 CVE-2006-4461 2006-08-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.
17377 CVE-2006-4404 2006-11-30 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
17378 CVE-2006-4309 2006-08-23 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.
17379 CVE-2006-4305 Exec Code Overflow 2006-08-30 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
17380 CVE-2006-4304 DoS Exec Code Overflow +Info 2006-08-24 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
17381 CVE-2006-4289 Exec Code Overflow 2006-08-22 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.
17382 CVE-2006-4243 269 2019-11-06 2019-11-06
10.0
None Remote Low Not required Complete Complete Complete
linux vserver 2.6 before 2.6.17 suffers from privilege escalation in remount code.
17383 CVE-2006-4228 +Priv Bypass 2006-08-18 2018-10-17
9.0
None Remote Low ??? Complete Complete Complete
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface.
17384 CVE-2006-4221 Exec Code Overflow 2006-08-18 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.
17385 CVE-2006-4181 Exec Code 2006-11-28 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
17386 CVE-2006-4098 Exec Code Overflow 2006-12-31 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
17387 CVE-2006-4084 2006-08-11 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
17388 CVE-2006-4037 Exec Code 2006-08-09 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
17389 CVE-2006-4028 2006-08-09 2011-09-01
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).
17390 CVE-2006-3985 119 Exec Code Overflow 2006-08-05 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.
17391 CVE-2006-3977 2006-08-04 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
17392 CVE-2006-3976 2006-08-04 2021-04-09
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
17393 CVE-2006-3893 Exec Code Overflow 2006-12-04 2017-07-20
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document.
17394 CVE-2006-3892 Exec Code 2007-03-02 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
The Management Console server in EMC NetWorker (formerly Legato NetWorker) 7.3.2 before Jumbo Update 1 uses weak authentication, which allows remote attackers to execute arbitrary commands.
17395 CVE-2006-3890 Exec Code Overflow 2006-11-21 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
17396 CVE-2006-3877 94 Exec Code 2006-10-10 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via an unspecified "crafted file," a different vulnerability than CVE-2006-3435, CVE-2006-4694, and CVE-2006-3876.
17397 CVE-2006-3876 94 Exec Code 2006-10-10 2018-10-30
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in PowerPoint in Microsoft Office 2000, Office 2002, Office 2003, Office 2004 for Mac, and Office v.X for Mac allows user-assisted attackers to execute arbitrary code via a crafted Data record in a PPT file, a different vulnerability than CVE-2006-3435 and CVE-2006-4694.
17398 CVE-2006-3864 94 Exec Code Overflow Mem. Corr. 2006-10-10 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Unspecified vulnerability in mso.dll in Microsoft Office 2000, XP, and 2003, and Microsoft PowerPoint 2000, XP, and 2003, allows remote user-assisted attackers to execute arbitrary code via a malformed record in a (1) .DOC, (2) .PPT, or (3) .XLS file that triggers memory corruption, related to an "array boundary condition" (possibly an array index overflow), a different vulnerability than CVE-2006-3434, CVE-2006-3650, and CVE-2006-3868.
17399 CVE-2006-3845 Exec Code Overflow 2006-07-25 2017-07-20
9.3
None Remote Medium Not required Complete Complete Complete
Stack-based buffer overflow in lzh.fmt in WinRAR 3.00 through 3.60 beta 6 allows remote attackers to execute arbitrary code via a long filename in a LHA archive.
17400 CVE-2006-3838 119 Exec Code Overflow 2006-07-27 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in eIQnetworks Enterprise Security Analyzer (ESA) before 2.5.0, as used in products including (a) Sidewinder, (b) iPolicy Security Manager, (c) Astaro Report Manager, (d) Fortinet FortiReporter, (e) Top Layer Network Security Analyzer, and possibly other products, allow remote attackers to execute arbitrary code via long (1) DELTAINTERVAL, (2) LOGFOLDER, (3) DELETELOGS, (4) FWASERVER, (5) SYSLOGPUBLICIP, (6) GETFWAIMPORTLOG, (7) GETFWADELTA, (8) DELETERDEPDEVICE, (9) COMPRESSRAWLOGFILE, (10) GETSYSLOGFIREWALLS, (11) ADDPOLICY, and (12) EDITPOLICY commands to the Syslog daemon (syslogserver.exe); (13) GUIADDDEVICE, (14) ADDDEVICE, and (15) DELETEDEVICE commands to the Topology server (Topology.exe); the (15) LICMGR_ADDLICENSE command to the License Manager (EnterpriseSecurityAnalyzer.exe); the (16) TRACE and (17) QUERYMONITOR commands to the Monitoring agent (Monitoring.exe); and possibly other vectors related to the Syslog daemon (syslogserver.exe).
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.