CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In 2006(Gain Privilege) (CVSS score >= 7)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6878 +Priv 2006-12-31 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action.
2 CVE-2006-6752 Overflow +Priv 2006-12-26 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries.
3 CVE-2006-6745 +Priv 2006-12-26 2018-10-30
9.3
Admin Remote Medium Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE.
4 CVE-2006-6528 +Priv 2006-12-13 2008-09-05
7.5
User Remote Low Not required Partial Partial Partial
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges.
5 CVE-2006-6418 119 Overflow +Priv 2006-12-10 2017-07-28
7.2
Admin Local Low Not required Complete Complete Complete
Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable.
6 CVE-2006-6165 +Priv Bypass 2006-11-28 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment.
7 CVE-2006-6164 +Priv 2006-11-28 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges.
8 CVE-2006-5818 Exec Code Overflow +Priv 2006-11-08 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors.
9 CVE-2006-5758 119 DoS Overflow +Priv Mem. Corr. 2006-11-06 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
10 CVE-2006-5639 +Priv 2006-10-31 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."
11 CVE-2006-5585 264 +Priv 2006-12-12 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability."
12 CVE-2006-5584 +Priv 2006-12-12 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS.
13 CVE-2006-5091 +Priv 2006-09-29 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors.
14 CVE-2006-5014 +Priv 2006-09-26 2008-09-05
9.0
Admin Remote Low Single system Complete Complete Complete
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin.
15 CVE-2006-4887 +Priv Bypass 2006-09-19 2018-10-30
7.2
Admin Local Low Not required Complete Complete Complete
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it.
16 CVE-2006-4585 Exec Code +Priv Sql 2006-09-06 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges.
17 CVE-2006-4447 +Priv 2006-08-29 2010-09-15
7.2
Admin Local Low Not required Complete Complete Complete
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit.
18 CVE-2006-4416 +Priv 2006-08-28 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program.
19 CVE-2006-4413 +Priv 2006-11-17 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
20 CVE-2006-4411 +Priv 2006-11-30 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
21 CVE-2006-4392 +Priv 2006-10-03 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function.
22 CVE-2006-4370 +Priv 2006-08-26 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file.
23 CVE-2006-4316 +Priv 2006-08-23 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges.
24 CVE-2006-4315 +Priv 2006-08-23 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories.
25 CVE-2006-4254 +Priv 2006-08-21 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors.
26 CVE-2006-4228 +Priv Bypass 2006-08-18 2018-10-17
9.0
Admin Remote Low Single system Complete Complete Complete
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface.
27 CVE-2006-4082 +Priv 2006-08-11 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Barracuda Spam Firewall (BSF), possibly 3.3.03.053, contains a hardcoded password for the admin account for logins from 127.0.0.1 (localhost), which allows local users to gain privileges.
28 CVE-2006-3973 +Priv 2006-11-22 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.
29 CVE-2006-3809 Exec Code +Priv 2006-07-27 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allows scripts with the UniversalBrowserRead privilege to gain UniversalXPConnect privileges and possibly execute code or obtain sensitive data by reading into a privileged context.
30 CVE-2006-3784 +Priv 2006-07-24 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Symantec pcAnywhere 12.5 uses weak default permissions for the "Symantec\pcAnywhere\Hosts" folder, which allows local users to gain privileges by inserting a superuser .cif (aka caller or CallerID) file into the folder, and then using a pcAnywhere client to login as a local administrator.
31 CVE-2006-3745 DoS +Priv 2006-08-23 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the sctp_make_abort_user function in the SCTP implementation in Linux 2.6.x before 2.6.17.10 and 2.4.23 up to 2.4.33 allows local users to cause a denial of service (panic) and possibly gain root privileges via unknown attack vectors.
32 CVE-2006-3733 264 Exec Code +Priv 2006-07-21 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
jmx-console/HtmlAdaptor in the jmx-console in the JBoss web application server, as shipped with Cisco Security Monitoring, Analysis and Response System (CS-MARS) before 4.2.1, allows remote attackers to gain privileges as the CS-MARS administrator and execute arbitrary Java code via an invokeOp action in the BSHDeployer jboss.scripts service name.
33 CVE-2006-3697 264 Exec Code +Priv 2006-07-21 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
Agnitum Outpost Firewall Pro 3.51.759.6511 (462), as used in (1) Lavasoft Personal Firewall 1.0.543.5722 (433) and (2) Novell BorderManager Novell Client Firewall 2.0, does not properly restrict user activities in application windows that run in a LocalSystem context, which allows local users to gain privileges and execute commands (a) via the "open folder" option when no instance of explorer.exe is running, possibly related to the ShellExecute API function; or (b) by overwriting a batch file through the "Save Configuration As" option. NOTE: this might be a vulnerability in Microsoft Windows and explorer.exe instead of the firewall.
34 CVE-2006-3601 +Priv 2006-07-18 2016-11-28
10.0
Admin Remote Low Not required Complete Complete Complete
** UNVERIFIABLE ** Unspecified vulnerability in an unspecified DNN Modules module for DotNetNuke (.net nuke) allows remote attackers to gain privileges via unspecified vectors, as used in an attack against the Microsoft France web site. NOTE: due to the lack of details and uncertainty about which product is affected, this claim is not independently verifiable.
35 CVE-2006-3508 DoS Exec Code Overflow +Priv 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Heap-based buffer overflow in the AirPort wireless driver on Apple Mac OS X 10.4.7 allows physically proximate attackers to cause a denial of service (crash), gain privileges, and execute arbitrary code via a crafted frame that is not properly handled during scan cache updates.
36 CVE-2006-3470 +Priv 2006-07-10 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
The Dell Openmanage CD launches X11 and SSH daemons that do not require authentication, which allows remote attackers to gain privileges.
37 CVE-2006-3443 264 +Priv 2006-08-08 2019-04-30
7.2
Admin Local Low Not required Complete Complete Complete
Untrusted search path vulnerability in Winlogon in Microsoft Windows 2000 SP4, when SafeDllSearchMode is disabled, allows local users to gain privileges via a malicious DLL in the UserProfile directory, aka "User Profile Elevation of Privilege Vulnerability."
38 CVE-2006-3378 +Priv 2006-07-06 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits.
39 CVE-2006-3335 +Priv 2006-07-02 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in mkdir in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allows local users to gain privileges via unknown attack vectors.
40 CVE-2006-3209 +Priv 2006-06-23 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
** DISPUTED ** The Task scheduler (at.exe) on Microsoft Windows XP spawns each scheduled process with SYSTEM permissions, which allows local users to gain privileges. NOTE: this issue has been disputed by third parties, who state that the Task scheduler is limited to the Administrators group by default upon installation.
41 CVE-2006-3203 255 +Priv 2006-06-23 2018-10-18
10.0
Admin Remote Low Not required Complete Complete Complete
The installation of Ultimate PHP Board (UPB) 1.9.6 and earlier includes a default administrator login account and password, which allows remote attackers to gain privileges.
42 CVE-2006-3084 264 +Priv 2006-08-09 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
The (1) ftpd and (2) ksu programs in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which might allow local users to gain privileges by causing setuid to fail to drop privileges. NOTE: as of 20060808, it is not known whether an exploitable attack scenario exists for these issues.
43 CVE-2006-3083 399 +Priv 2006-08-09 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain privileges by causing setuid to fail to drop privileges using attacks such as resource exhaustion.
44 CVE-2006-2790 +Priv 2006-06-02 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
A package component in Sun Storage Automated Diagnostic Environment (StorADE) 2.4 uses world-writable permissions for certain critical files and directories, which allows local users to gain privileges.
45 CVE-2006-2787 +Priv 2006-06-02 2018-10-18
9.3
Admin Remote Medium Not required Complete Complete Complete
EvalInSandbox in Mozilla Firefox and Thunderbird before 1.5.0.4 allows remote attackers to gain privileges via javascript that calls the valueOf method on objects that were created outside of the sandbox.
46 CVE-2006-2679 +Priv 2006-05-31 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
Unspecified vulnerability in the VPN Client for Windows Graphical User Interface (GUI) (aka the VPN client dialer) in Cisco VPN Client for Windows 4.8.00.* and earlier, except for 4.7.00.0533, allows local authenticated, interactive users to gain privileges, possibly due to privileges of dialog boxes, aka bug ID CSCsd79265.
47 CVE-2006-2607 +Priv 2006-05-25 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a program that exceeds the process limits as defined in /etc/security/limits.conf.
48 CVE-2006-2580 Exec Code +Priv 2006-05-24 2018-10-18
7.5
User Remote Low Not required Partial Partial Partial
Multiple unspecified vulnerabilities in HP OpenView Network Node Manager (OV NNM) 6.20, 6.4x, 7.01, and 7.50 allow remote attackers to gain privileged access, execute arbitrary commands, or create arbitrary files via unknown vectors.
49 CVE-2006-2574 +Priv 2006-05-24 2018-10-18
7.2
Admin Local Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Software Distributor in HP-UX B.11.00, B.11.04, B.11.11, and B.11.23 allow local users to gain privileges via unspecified attack vectors.
50 CVE-2006-2522 +Priv 2006-05-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Dayfox Blog 2.0 and earlier stores user credentials in edit/slog_users.txt under the web document root with insufficient access control, which allows remote attackers to gain privileges.
Total number of vulnerabilities : 105   Page : 1 (This Page)2 3
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.