CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In December 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-3893 Exec Code Overflow 2006-12-04 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in the ActiveX controls in Newtone ImageKit 5 before Fix 30 and 6 before Fix 40, as used in CASIO Photo Loader software before 3.01 and possibly other software, allow remote attackers to execute arbitrary code via a crafted HTML document.
2 CVE-2006-4098 Exec Code Overflow 2006-12-31 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the CSRadius service in Cisco Secure Access Control Server (ACS) for Windows before 4.1 and ACS Solution Engine before 4.1 allows remote attackers to execute arbitrary code via a crafted RADIUS Accounting-Request packet.
3 CVE-2006-4902 Exec Code 2006-12-14 2017-07-19
10.0
Admin Remote Low Not required Complete Complete Complete
The NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 does not properly check for chained commands, which allows remote attackers to execute arbitrary commands by appending malicious commands to valid commands.
4 CVE-2006-5583 Exec Code Overflow Mem. Corr. 2006-12-12 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the SNMP Service in Microsoft Windows 2000 SP4, XP SP2, Server 2003, Server 2003 SP1, and possibly other versions allows remote attackers to execute arbitrary code via a crafted SNMP packet, aka "SNMP Memory Corruption Vulnerability."
5 CVE-2006-5822 Exec Code Overflow 2006-12-14 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long CONNECT_OPTIONS request, a different issue than CVE-2006-6222.
6 CVE-2006-5855 DoS Exec Code Overflow 2006-12-06 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in IBM Tivoli Storage Manager (TSM) before 5.2.9 and 5.3.x before 5.3.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in (1) the language field at logon that begins with a 0x18 byte, (2) two unspecified parameters to the SmExecuteWdsfSession function, and (3) the contact field in an open registration message.
7 CVE-2006-6102 Exec Code Overflow Mem. Corr. 2006-12-31 2017-10-10
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures.
8 CVE-2006-6222 Exec Code Overflow 2006-12-14 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetBackup bpcd daemon (bpcd.exe) in Symantec Veritas NetBackup 5.0 before 5.0_MP7, 5.1 before 5.1_MP6, and 6.0 before 6.0_MP4 allows remote attackers to execute arbitrary code via a long request with a malformed length prefix.
9 CVE-2006-6235 Exec Code 2006-12-07 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated stack memory.
10 CVE-2006-6259 Dir. Trav. 2006-12-04 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple directory traversal vulnerabilities in (a) class/functions.php and (b) class/m_bro.php in AlternC 0.9.5 and earlier allow remote attackers to (1) create arbitrary files and directories via a .. (dot dot) in the "create name" field and (2) read arbitrary files via a .. (dot dot) in the "web root" field when configuring a subdomain.
11 CVE-2006-6268 Exec Code Sql 2006-12-04 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
SQL injection vulnerability in system/core/profile/profile.inc.php in Neocrome Land Down Under (LDU) 8.x and earlier allows remote authenticated users to execute arbitrary SQL commands via a url-encoded id parameter to users.php that begins with a valid filename, as demonstrated by "default.gif" followed by a double-encoded NULL and ' (apostrophe) (%2500%2527).
12 CVE-2006-6270 Exec Code Sql 2006-12-04 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in ASPMForum allow remote attackers to execute arbitrary SQL commands via (1) the soruid parameter in forum2.asp, (2) the ak parameter in kullanicilistesi.asp, (3) the kelimeler parameter in aramayap.asp, and (4) the kullaniciadi parameter in giris.asp; and allow remote authenticated users to execute arbitrary SQL commands via (5) the mesajno parameter in mesajkutum.asp. NOTE: the harf parameter in kullanicilistesi.asp and the baslik parameter in forum.asp are already covered by CVE-2005-4141.
13 CVE-2006-6299 Exec Code Overflow 2006-12-05 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in Msg.dll in Novell ZENworks 7 Asset Management (ZAM) before SP1 IR11 and the Collection client allows remote attackers to execute arbitrary code via crafted packets, which trigger a heap-based buffer overflow.
14 CVE-2006-6335 Exec Code Overflow 2006-12-12 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Sophos Anti-Virus scanning engine before 2.40 allow remote attackers to execute arbitrary code via (1) a SIT archive with a long filename that is not null-terminated, which triggers a heap-based overflow in veex.dll due to improper length calculation, and (2) a CPIO archive, with a long filename that is not null-terminated, which triggers a stack-based overflow in veex.dll.
15 CVE-2006-6336 Exec Code Overflow 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the Mail Management Server (MAILMA.exe) in Eudora WorldMail 3.1.x allows remote attackers to execute arbitrary code via a crafted request containing successive delimiters.
16 CVE-2006-6346 DoS +Info 2006-12-06 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in SAP Internet Graphics Service (IGS) 6.40 Patchlevel 15 and earlier, and 7.00 Patchlevel 3 and earlier, allows remote attackers to cause a denial of service (service shutdown), obtain sensitive information (configuration files), and conduct certain other unauthorized activities, related to "Undocumented Features." NOTE: it is possible that there are multiple issues. This information is based upon a vague initial disclosure. Details will be updated after the grace period has ended. This is likely a different issue than CVE-2006-4134.
17 CVE-2006-6350 2006-12-06 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
listpics 5 stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for listpics.mdb.
18 CVE-2006-6351 2006-12-06 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
KhaledMuratList stores sensitive data under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for (1) CL2F9R1A2C1N.mdb or (2) Data2F9R1A2C1N.mdb.
19 CVE-2006-6355 Exec Code Sql 2006-12-06 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in default.asp in DuWare DuClassmate allows remote attackers to execute arbitrary SQL commands via the iCity parameter. NOTE: the iState parameter is already covered by CVE-2005-2049.
20 CVE-2006-6361 119 DoS Exec Code Overflow 2006-12-07 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in the uploadprogress_php_rfc1867_file function in uploadprogress.c in Bitflux Upload Progress Meter before 8276 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via crafted HTTP POST fileupload requests.
21 CVE-2006-6409 DoS Bypass 2006-12-09 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
F-Secure Anti-Virus for Linux Gateways 4.65 allows remote attackers to cause a denial of service (possibly fatal scan error), and possibly bypass virus detection, by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
22 CVE-2006-6423 Exec Code Overflow 2006-12-11 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the IMAP service for MailEnable Professional and Enterprise Edition 2.0 through 2.35, Professional Edition 1.6 through 1.84, and Enterprise Edition 1.1 through 1.41 allows remote attackers to execute arbitrary code via a pre-authentication command followed by a crafted parameter and a long string, as addressed by the ME-10025 hotfix.
23 CVE-2006-6443 Overflow 2006-12-10 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Buffer overflow in the Novell Distributed Print Services (NDPS) Print Provider for Windows component (NDPPNT.DLL) in Novell Client 4.91 has unknown impact and remote attack vectors.
24 CVE-2006-6454 Exec Code 2006-12-10 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
execInBackground.php in J-OWAMP Web Interface 2.1b and earlier allows remote attackers to execute arbitrary commands via shell metacharacters to the (1) exe and (2) args parameters, which are used in an exec function call. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
25 CVE-2006-6460 +Info 2006-12-11 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Yourfreeworld.com Short Url & Url Tracker Script allows remote attackers to obtain sensitive information via an invalid id parameter to login.php, which leaks the path in an error message. NOTE: this issue might be resultant from CVE-2006-2509.
26 CVE-2006-6470 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature.
27 CVE-2006-6471 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 use weak permissions for certain files, which allows unspecified file access.
28 CVE-2006-6472 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
The httpd.conf file in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 configures port 443 to be always active, which has unknown impact and remote attack vectors.
29 CVE-2006-6473 2006-12-11 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 have unknown impact and attack vectors, related to (1) an Immediate Image Overwrite (IIO) error message at the Local User Interface (LUI) if overwrite fails, (2) an IIO failure when a Held Job is deleted, and (3) an On Demand Image Overwrite failure when the overwrite is greater than 2 Gb.
30 CVE-2006-6515 2006-12-13 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Mantis before 1.1.0a2 sets the default value of $g_bug_reminder_threshold to "reporter" instead of a more privileged role, which has unknown impact and attack vectors, possibly related to frequency of reminders.
31 CVE-2006-6539 DoS Exec Code Overflow 2006-12-13 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Multiple buffer overflows in Winamp Web Interface (Wawi) 7.5.13 and earlier (1) allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via an (a) long username or a (b) crafted packet to the FindBasicAuth function in security.cpp, related to the /browse URI; and allow remote authenticated users to cause a denial of service (application crash) and possibly execute arbitrary code via a long path string in the (2) Browse, (3) CControl::Download, and (4) CControl::Load functions, related to the file parameter in the /dl URI. NOTE: some of these details are obtained from third party information.
32 CVE-2006-6567 Exec Code File Inclusion 2006-12-15 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.
33 CVE-2006-6568 Dir. Trav. 2006-12-15 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in includes/kb_constants.php in the Knowledge Base (mx_kb) 2.0.2 module for mxBB allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the phpEx parameter.
34 CVE-2006-6584 DoS Exec Code Overflow 2006-12-15 2017-07-28
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple buffer overflows in italkplus (Italk+) before 0.92.1 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors.
35 CVE-2006-6605 Exec Code Overflow 2006-12-19 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
36 CVE-2006-6627 Exec Code Overflow 2006-12-18 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability."
37 CVE-2006-6636 2006-12-19 2017-07-28
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
38 CVE-2006-6670 2006-12-20 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.
39 CVE-2006-6713 Exec Code Overflow 2006-12-22 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests.
40 CVE-2006-6836 2006-12-31 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in osp-cert in IBM OS/400 V5R3M0 have unspecified impact and attack vectors, related to ASN.1 parsing.
41 CVE-2006-6839 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to "criteria for 'bad' redirection targets."
42 CVE-2006-6840 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in phpBB before 2.0.22 has unknown impact and remote attack vectors related to a "negative start parameter."
43 CVE-2006-6841 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
44 CVE-2006-6853 Exec Code Overflow 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in Durian Web Application Server 3.02 freeware on Windows allows remote attackers to execute arbitrary code via a long string in a crafted packet to TCP port 4002.
45 CVE-2006-6859 Exec Code Sql 2006-12-31 2017-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
SQL injection vulnerability in coupon_detail.asp in Website Designs For Less Click N' Print Coupons 2005.01 and earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
46 CVE-2006-6860 Exec Code Overflow 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the sendToMythTV function in MythControlServer.c in MythControl 1.0 and earlier allows remote attackers to execute arbitrary code via a crafted sendStr string to the Bluetooth interface. NOTE: some of these details are obtained from third party information.
47 CVE-2006-6861 Exec Code Sql 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple SQL injection vulnerabilities in Outfront Spooky Login 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the UserUpdate parameter to login/register.asp or (2) unspecified parameters to includes/a_register.asp.
48 CVE-2006-6863 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
** DISPUTED ** PHP remote file inclusion vulnerability in the Enigma2 plugin (Enigma2.php) in Enigma WordPress Bridge allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter. NOTE: CVE disputes this issue, since $boarddir is set to a fixed value.
49 CVE-2006-6864 Exec Code File Inclusion 2006-12-31 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
PHP remote file inclusion vulnerability in E2_header.inc.php in Enigma2 Coppermine Bridge 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the boarddir parameter.
50 CVE-2006-6894 2006-12-31 2008-09-05
10.0
None Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in SPINE before 1.2 have unknown impact and attack vectors, related to (1) "Placeholders in database handler" and (2) "Macro admin security."
Total number of vulnerabilities : 738   Page : 1 (This Page)2 3 4 5 6 7 8 9 10 11 12 13 14 15
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.