| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
32151 |
CVE-2006-5852 |
|
|
+Priv |
2006-11-09 |
2017-10-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. |
|
32152 |
CVE-2006-5851 |
59 |
|
|
2006-11-09 |
2017-10-18 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
openexec in OpenBase SQL before 10.0.1 allows local users to create arbitrary files via a symlink attack on the /tmp/output file, a different vulnerability than CVE-2006-5328. |
|
32153 |
CVE-2006-5847 |
79 |
|
XSS |
2006-11-09 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. |
|
32154 |
CVE-2006-5842 |
|
|
+Info |
2006-11-09 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information. |
|
32155 |
CVE-2006-5825 |
|
|
XSS |
2006-11-09 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Kayako SupportSuite 3.00.32 allows remote attackers to inject arbitrary web script or HTML via the query string. |
|
32156 |
CVE-2006-5824 |
|
|
DoS Overflow |
2006-11-09 |
2017-07-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
|
32157 |
CVE-2006-5823 |
|
|
DoS Mem. Corr. |
2006-11-09 |
2018-10-30 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
|
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. |
|
32158 |
CVE-2006-5817 |
|
|
|
2006-11-08 |
2008-09-05 |
2.1 |
None |
Local |
Low |
Not required |
None |
Partial |
None |
|
prl_dhcpd in Parallels Desktop for Mac Build 1940 uses insecure permissions (0666) for /Library/Parallels/.dhcpd_configuration, which allows local users to modify DHCP configuration. |
|
32159 |
CVE-2006-5808 |
|
|
+Priv |
2006-11-08 |
2017-07-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". |
|
32160 |
CVE-2006-5807 |
|
|
|
2006-11-08 |
2017-07-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". |
|
32161 |
CVE-2006-5806 |
|
|
|
2006-11-08 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
SSL VPN Client in Cisco Secure Desktop before 3.1.1.45, when configured to spawn a web browser after a successful connection, stores sensitive browser session information in a directory outside of the CSD vault and does not restrict the user from saving files outside of the vault, which is not cleared after the VPN connection terminates and allows local users to read unencrypted data. |
|
32162 |
CVE-2006-5800 |
|
|
XSS |
2006-11-08 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in default.asp in xenis.creator CMS allows remote attackers to inject arbitrary web script or HTML via the nav parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
32163 |
CVE-2006-5793 |
20 |
|
DoS |
2006-11-17 |
2018-10-17 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read. |
|
32164 |
CVE-2006-5791 |
|
|
XSS |
2006-11-07 |
2017-07-19 |
2.6 |
None |
Remote |
High |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the filename for downloading, which is not quoted in an error message by the send_file_direct function, and (2) the Type or Category values in a New entry, which is not properly handled in an error message by the submit_elog function. |
|
32165 |
CVE-2006-5789 |
399 |
|
DoS |
2006-11-07 |
2018-10-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312. |
|
32166 |
CVE-2006-5784 |
|
|
|
2006-11-07 |
2018-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. |
|
32167 |
CVE-2006-5778 |
|
|
Bypass |
2006-11-07 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. |
|
32168 |
CVE-2006-5774 |
|
|
XSS |
2006-11-06 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
|
32169 |
CVE-2006-5771 |
|
|
XSS |
2006-11-06 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
|
32170 |
CVE-2006-5769 |
|
|
XSS |
2006-11-06 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors. |
|
32171 |
CVE-2006-5761 |
|
|
XSS |
2006-11-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. |
|
32172 |
CVE-2006-5755 |
|
|
DoS |
2006-12-31 |
2017-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task. |
|
32173 |
CVE-2006-5754 |
|
|
DoS |
2007-01-30 |
2017-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. |
|
32174 |
CVE-2006-5752 |
|
|
XSS |
2007-06-27 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. |
|
32175 |
CVE-2006-5743 |
|
|
XSS |
2006-11-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors. |
|
32176 |
CVE-2006-5741 |
|
|
XSS |
2006-11-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface. |
|
32177 |
CVE-2006-5738 |
|
|
Exec Code Sql |
2006-11-06 |
2008-09-05 |
2.1 |
None |
Remote |
High |
Single system |
None |
Partial |
None |
|
Multiple SQL injection vulnerabilities in PunBB before 1.2.14 allow remote authenticated administrators to execute arbitrary SQL commands via unspecified vectors. |
|
32178 |
CVE-2006-5728 |
399 |
|
DoS |
2006-11-06 |
2017-10-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags. |
|
32179 |
CVE-2006-5726 |
|
|
DoS Mem. Corr. |
2006-11-06 |
2008-09-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. |
|
32180 |
CVE-2006-5724 |
|
|
DoS Overflow |
2006-11-03 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
Heap-based buffer overflow the "Answering Service" function in ICQ 2003b Build 3916 allows local users to cause a denial of service (application crash) via a long string in the "AwayMsg Presets" value in the ICQ\ICQPro\DefaultPrefs\Presets registry key. |
|
32181 |
CVE-2006-5721 |
|
|
DoS |
2006-11-03 |
2018-10-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation. |
|
32182 |
CVE-2006-5718 |
|
|
XSS |
2006-11-03 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. |
|
32183 |
CVE-2006-5717 |
|
|
XSS |
2006-11-03 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files. |
|
32184 |
CVE-2006-5713 |
|
|
XSS |
2006-11-03 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
32185 |
CVE-2006-5712 |
|
|
XSS |
2006-11-03 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. |
|
32186 |
CVE-2006-5703 |
79 |
|
XSS |
2006-11-03 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. |
|
32187 |
CVE-2006-5701 |
|
|
DoS |
2006-11-03 |
2017-07-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
|
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. |
|
32188 |
CVE-2006-5681 |
|
|
+Info |
2006-12-19 |
2008-09-05 |
2.6 |
None |
Remote |
High |
Not required |
Partial |
None |
None |
|
QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. |
|
32189 |
CVE-2006-5679 |
189 |
|
DoS Exec Code Overflow |
2006-11-03 |
2011-10-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
|
32190 |
CVE-2006-5664 |
|
|
|
2006-11-02 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. |
|
32191 |
CVE-2006-5663 |
|
|
+Priv |
2006-11-02 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
|
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. |
|
32192 |
CVE-2006-5659 |
|
|
|
2006-11-02 |
2017-07-19 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
|
PAM_extern before 0.2 sends a password as a command line argument, which allows local users to obtain the password by listing the command line arguments, such as ps. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
|
32193 |
CVE-2006-5654 |
|
|
DoS |
2006-11-02 |
2017-07-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
|
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. |
|
32194 |
CVE-2006-5653 |
|
|
XSS |
2006-11-02 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. |
|
32195 |
CVE-2006-5652 |
|
|
XSS |
2006-11-02 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. |
|
32196 |
CVE-2006-5649 |
|
|
DoS |
2006-12-13 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. |
|
32197 |
CVE-2006-5648 |
|
|
DoS |
2006-12-13 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
|
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. |
|
32198 |
CVE-2006-5626 |
|
|
XSS |
2006-10-31 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
|
Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number. |
|
32199 |
CVE-2006-5619 |
399 |
|
DoS |
2006-10-31 |
2018-10-17 |
2.1 |
None |
Local |
Low |
Not required |
None |
None |
Partial |
|
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flowlabels. |
|
32200 |
CVE-2006-5614 |
|
|
DoS |
2006-10-30 |
2017-10-18 |
2.6 |
None |
Remote |
High |
Not required |
None |
None |
Partial |
|
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference. |
