| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2006-7232 |
89 |
|
DoS Sql |
2006-12-31 |
2010-08-21 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY. |
|
2 |
CVE-2006-6916 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Getahead Direct Web Remoting (DWR) before 1.1.3 allows attackers to cause a denial of service (infinite loop) via unknown vectors related to "crafted input." |
|
3 |
CVE-2006-6915 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
ftpd in IBM AIX 5.2.0 and 5.3.0 allows remote authenticated users to cause a denial of service (port exhaustion) via unspecified vectors. NOTE: some details were obtained from third party sources. |
|
4 |
CVE-2006-6910 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
formbankcgi.exe in Fersch Formbankserver 1.9, when the PATH_INFO begins with Abfrage, allows remote attackers to cause a denial of service (daemon crash) via multiple requests containing many /../ sequences in the Name parameter. |
|
5 |
CVE-2006-6908 |
|
|
DoS Exec Code Overflow |
2006-12-31 |
2008-11-15 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Buffer overflow in the Bluetooth Stack COM Server in the Widcomm Bluetooth stack, as packaged as Widcomm Stack 3.x and earlier on Windows, Widcomm BTStackServer 1.4.2.10 and 1.3.2.7 on Windows, Widcomm Bluetooth Communication Software 1.4.1.03 on Windows, and the Bluetooth implementation in Windows Mobile or Windows CE on the HP IPAQ 2215 and 5450, allows remote attackers to cause a denial of service (service crash) and possibly execute arbitrary code via unspecified vectors. |
|
6 |
CVE-2006-6885 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
An ActiveX control in SwDir.dll in Macromedia Shockwave 10 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the swURL attribute. |
|
7 |
CVE-2006-6876 |
|
|
DoS Overflow Mem. Corr. |
2006-12-31 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Buffer overflow in the fetchsms function in the SMS handling module (libsms_getsms.c) in OpenSER 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) via a crafted SMS message, triggering memory corruption when the "beginning" buffer is copied to the third (pdu) argument. |
|
8 |
CVE-2006-6870 |
|
|
DoS |
2006-12-31 |
2010-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The consume_labels function in avahi-core/dns.c in Avahi before 0.6.16 allows remote attackers to cause a denial of service (infinite loop) via a crafted compressed DNS response with a label that points to itself. |
|
9 |
CVE-2006-6855 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
AIDeX Mini-WebServer 1.1 early release 3 allows remote attackers to cause a denial of service (daemon crash) via a flood of HTTP GET requests, possibly related to display of HTTP log data by the GUI. NOTE: some of these details are obtained from third party information. |
|
10 |
CVE-2006-6847 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
An ActiveX control in ierpplug.dll for RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the RealPlayer.OpenURLInPlayerBrowser method with a long second argument. |
|
11 |
CVE-2006-6827 |
|
|
DoS |
2006-12-31 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Flash8b.ocx in Macromedia Flash 8 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long string in the Flash8b.AllowScriptAccess method. |
|
12 |
CVE-2006-6811 |
|
|
DoS Overflow |
2006-12-29 |
2008-11-15 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue was originally reported as a buffer overflow. |
|
13 |
CVE-2006-6810 |
|
|
DoS Mem. Corr. |
2006-12-29 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Unspecified vulnerability in the clear_user_list function in src/main.c in DB Hub 0.3 allows remote attackers to cause a denial of service (application crash) via crafted network traffic, which triggers memory corruption. |
|
14 |
CVE-2006-6797 |
|
|
DoS |
2006-12-28 |
2008-09-05 |
6.6 |
None |
Local |
Low |
Not required |
Complete |
None |
Complete |
|
The Client Server Run-Time Subsystem (CSRSS) in Microsoft Windows allows local users to cause a denial of service (crash) or read arbitrary memory from csrss.exe via crafted arguments to the NtRaiseHardError function with status 0x50000018, a different vulnerability than CVE-2006-6696. |
|
15 |
CVE-2006-6775 |
|
|
DoS |
2006-12-27 |
2008-09-05 |
3.5 |
None |
Remote |
Medium |
Single system |
None |
None |
Partial |
|
acFTP 1.5 allows remote authenticated users to cause a denial of service via a crafted argument to the (1) REST or (2) PBSZ command. |
|
16 |
CVE-2006-6762 |
|
|
DoS |
2006-12-26 |
2008-09-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The IMAP daemon (IMAPD) in Novell NetMail before 3.52e FTF2 allows remote authenticated users to cause a denial of service via an APPEND command with a single "(" (parenthesis) in the argument. |
|
17 |
CVE-2006-6759 |
|
1
|
DoS |
2006-12-26 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A certain ActiveX control in rpau3260.dll in RealNetworks RealPlayer 10.5 allows remote attackers to cause a denial of service (Internet Explorer crash) by invoking the RealPlayer.Initialize method with certain arguments. |
|
18 |
CVE-2006-6751 |
134 |
|
DoS |
2006-12-26 |
2011-10-18 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in XM Easy Personal FTP Server 5.2.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the USER command or certain other available or nonexistent commands. NOTE: It was later reported that 5.3.0 is also vulnerable. |
|
19 |
CVE-2006-6750 |
|
|
DoS |
2006-12-26 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in XM Easy Personal FTP Server 5.0.1 allows remote attackers to cause a denial of service (application crash) via format string specifiers in a long PORT command. NOTE: this issue might be related to CVE-2006-2226. |
|
20 |
CVE-2006-6742 |
|
|
DoS Overflow |
2006-12-26 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple buffer overflows in FTP Print Server 2.4 and 2.4.5 in HP LaserJet 5000 Series printers with firmware R.25.15 or R.25.47, and HP LaserJet 5100 Series printers with firmware V.29.12, allow remote attackers to cause a denial of service (device crash) via a long string in the (1) LIST or (2) NLST command. |
|
21 |
CVE-2006-6728 |
|
|
DoS |
2006-12-26 |
2008-11-15 |
6.4 |
None |
Remote |
Low |
Not required |
None |
Partial |
Partial |
|
Unspecified vulnerability in the info request mechanism in LAN Messenger before 1.5.1.2 allows remote attackers to cause a denial of service (application crash) or transmit spam via unspecified vectors. |
|
22 |
CVE-2006-6724 |
|
|
DoS |
2006-12-26 |
2008-09-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
BolinTech Dream FTP Server 1.02 allows remote authenticated users, including anonymous users, to cause a denial of service (application crash) via a certain invalid PORT command. |
|
23 |
CVE-2006-6723 |
399 |
|
DoS |
2006-12-26 |
2010-10-14 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
The Workstation service in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to cause a denial of service (memory consumption) via a large maxlen value in an NetrWkstaUserEnum RPC request. |
|
24 |
CVE-2006-6719 |
|
|
DoS |
2006-12-23 |
2010-09-15 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. |
|
25 |
CVE-2006-6714 |
|
|
DoS |
2006-12-22 |
2008-09-05 |
7.8 |
None |
Remote |
Low |
Not required |
None |
None |
Complete |
|
Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. |
|
26 |
CVE-2006-6698 |
|
|
DoS |
2006-12-22 |
2008-09-05 |
1.9 |
None |
Local |
Medium |
Not required |
None |
None |
Partial |
|
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. |
|
27 |
CVE-2006-6693 |
|
|
DoS Exec Code Overflow |
2006-12-21 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions. |
|
28 |
CVE-2006-6692 |
|
|
DoS Exec Code |
2006-12-21 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog. |
|
29 |
CVE-2006-6685 |
119 |
|
DoS Exec Code Overflow |
2006-12-21 |
2010-07-16 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
|
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
30 |
CVE-2006-6684 |
|
|
DoS Exec Code Overflow |
2006-12-21 |
2008-09-05 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. |
|
31 |
CVE-2006-6677 |
|
|
DoS |
2006-12-20 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error. |
|
32 |
CVE-2006-6673 |
|
|
DoS |
2006-12-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands. |
|
33 |
CVE-2006-6664 |
|
|
DoS Exec Code |
2006-12-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information. |
|
34 |
CVE-2006-6663 |
|
|
DoS |
2006-12-20 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." |
|
35 |
CVE-2006-6660 |
|
|
DoS |
2006-12-20 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. |
|
36 |
CVE-2006-6659 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. |
|
37 |
CVE-2006-6655 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
1.7 |
None |
Local |
Low |
Single system |
None |
None |
Partial |
|
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. |
|
38 |
CVE-2006-6654 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. |
|
39 |
CVE-2006-6653 |
20 |
|
DoS |
2006-12-19 |
2011-07-25 |
1.7 |
None |
Local |
Low |
Single system |
None |
None |
Partial |
|
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). |
|
40 |
CVE-2006-6643 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. |
|
41 |
CVE-2006-6638 |
|
|
DoS |
2006-12-19 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. |
|
42 |
CVE-2006-6628 |
|
|
DoS Overflow |
2006-12-18 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. |
|
43 |
CVE-2006-6624 |
|
1
|
DoS |
2006-12-18 |
2008-09-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. |
|
44 |
CVE-2006-6609 |
|
|
DoS |
2006-12-17 |
2008-09-05 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. |
|
45 |
CVE-2006-6602 |
|
|
DoS |
2006-12-15 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
explorer.exe in Windows Explorer 6.00.2900.2180 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a crafted WMV file. |
|
46 |
CVE-2006-6601 |
399 |
|
DoS |
2006-12-15 |
2011-03-09 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
None |
Partial |
|
Windows Media Player 10.00.00.4036 in Microsoft Windows XP SP2 allows user-assisted remote attackers to cause a denial of service via a .MID (MIDI) file with a malformed header chunk without any track chunks, possibly involving (1) number of tracks of (2) time division fields that are set to 0. |
|
47 |
CVE-2006-6584 |
|
|
DoS Exec Code Overflow |
2006-12-15 |
2008-09-05 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
|
Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. |
|
48 |
CVE-2006-6576 |
119 |
1
|
DoS Exec Code Overflow |
2006-12-15 |
2011-10-18 |
7.5 |
User |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
|
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command. NOTE: it was later reported that 4.70 is also affected. NOTE: the USER vector is already covered by CVE-2005-0634. |
|
49 |
CVE-2006-6565 |
|
|
DoS |
2006-12-15 |
2011-02-14 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a wildcard argument to the (1) LIST or (2) NLST commands, which results in a NULL pointer dereference, a different set of vectors than CVE-2006-6564. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. |
|
50 |
CVE-2006-6564 |
|
|
DoS |
2006-12-15 |
2008-09-05 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
FileZilla Server before 0.9.22 allows remote attackers to cause a denial of service (crash) via a malformed argument to the STOR command, which results in a NULL pointer dereference. NOTE: CVE analysis suggests that the problem might be due to a malformed PORT command. |
