CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2006(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6184 2 DoS Exec Code Overflow 2006-11-30 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in Allied Telesyn TFTP Server (AT-TFTP) 1.9, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long filename in a (1) GET or (2) PUT command.
2 CVE-2006-6183 119 DoS Exec Code Overflow 2006-11-30 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via a long mode field (aka transporting mode) in a (1) GET or (2) PUT command.
3 CVE-2006-6172 DoS Exec Code Overflow 2006-11-30 2010-09-15
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
4 CVE-2006-6146 DoS Overflow 2006-11-28 2008-09-05
2.6
None Remote High Not required None None Partial
Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.
5 CVE-2006-6141 DoS Overflow 2006-11-27 2018-10-17
5.0
None Remote Low Not required None None Partial
Buffer overflow in Tftpd32 3.01 allows remote attackers to cause a denial of service via a long GET or PUT request, which is not properly handled when the request is displayed in the title of the gauge window.
6 CVE-2006-6134 119 DoS Exec Code Overflow 2006-11-27 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the WMCheckURLScheme function in WMVCORE.DLL in Microsoft Windows Media Player (WMP) 10.00.00.4036 on Windows XP SP2, Server 2003, and Server 2003 SP1 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long HREF attribute, using an unrecognized protocol, in a REF element in an ASX PlayList file.
7 CVE-2006-6130 DoS 2006-11-27 2017-07-28
4.9
None Local Low Not required None None Complete
Apple Mac OS X AppleTalk allows local users to cause a denial of service (kernel panic) by calling the AIOCREGLOCALZN ioctl command with a crafted data structure on an AppleTalk socket.
8 CVE-2006-6129 DoS Exec Code Overflow Mem. Corr. 2006-11-26 2017-07-28
4.6
User Local Low Not required Partial Partial Partial
Integer overflow in the fatfile_getarch2 in Apple Mac OS X allows local users to cause a denial of service and possibly execute arbitrary code via a crafted Mach-O Universal program that triggers memory corruption.
9 CVE-2006-6128 DoS Mem. Corr. 2006-11-26 2017-07-28
2.1
None Local Low Not required None None Partial
The ReiserFS functionality in Linux kernel 2.6.18, and possibly other versions, allows local users to cause a denial of service via a malformed ReiserFS file system that triggers memory corruption when a sync is performed.
10 CVE-2006-6127 DoS 2006-11-26 2017-07-28
2.1
None Local Low Not required None None Partial
Apple Mac OS X kernel allows local users to cause a denial of service via a process that uses kevent to register a queue and an event, then fork a child process that uses kevent to register an event for the same queue as the parent.
11 CVE-2006-6126 DoS Mem. Corr. 2006-11-26 2017-07-28
2.1
None Local Low Not required None None Partial
Apple Mac OS X allows local users to cause a denial of service (memory corruption) via a crafted Mach-O binary with a malformed load_command data structure.
12 CVE-2006-6062 DoS Mem. Corr. 2006-11-21 2017-07-19
5.1
User Remote High Not required Partial Partial Partial
Unspecified vulnerability in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to cause a denial of service (crash) via a malformed UDTO HFS+ disk image, such as with "bad sectors," which triggers memory corruption.
13 CVE-2006-6061 DoS Exec Code Mem. Corr. 2006-11-21 2017-07-19
9.3
Admin Remote Medium Not required Complete Complete Complete
com.apple.AppleDiskImageController in Apple Mac OS X 10.4.8, and possibly other versions, allows remote attackers to execute arbitrary code via a malformed DMG image that triggers memory corruption. NOTE: the severity of this issue has been disputed by a third party, who states that the impact is limited to a denial of service (kernel panic) due to a vm_fault call with a non-aligned address.
14 CVE-2006-6060 DoS 2006-11-21 2017-07-19
4.9
None Local Low Not required None None Complete
The NTFS filesystem code in Linux kernel 2.6.x up to 2.6.18, and possibly other versions, allows local users to cause a denial of service (CPU consumption) via a malformed NTFS file stream that triggers an infinite loop in the __find_get_block_slow function.
15 CVE-2006-6058 189 DoS Overflow 2006-11-21 2018-10-30
4.0
None Local High Not required None None Complete
The minix filesystem code in Linux kernel 2.6.x before 2.6.24, including 2.6.18, allows local users to cause a denial of service (hang) via a malformed minix file stream that triggers an infinite loop in the minix_bmap function. NOTE: this issue might be due to an integer overflow or signedness error.
16 CVE-2006-6057 DoS 2006-11-21 2017-07-19
4.9
None Local Low Not required None None Complete
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference in the init_journal function.
17 CVE-2006-6056 DoS 2006-11-21 2017-10-10
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit function, as demonstrated using an HFS filesystem image.
18 CVE-2006-6054 DoS 2006-11-21 2017-10-10
4.0
None Local High Not required None None Complete
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
19 CVE-2006-6053 DoS 2006-11-21 2017-10-10
4.9
None Local Low Not required None None Complete
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
20 CVE-2006-6027 DoS Exec Code 2006-11-21 2018-10-17
9.3
Admin Remote Medium Not required Complete Complete Complete
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
21 CVE-2006-6026 119 DoS Exec Code Overflow 2006-11-21 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Heap-based buffer overflow in Real Networks Helix Server and Helix Mobile Server before 11.1.3, and Helix DNA Server 11.0 and 11.1, allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a DESCRIBE request that contains an invalid LoadTestPassword field.
22 CVE-2006-6025 DoS 2006-11-21 2008-09-05
5.0
None Remote Low Not required None None Partial
QUALCOMM Eudora WorldMail 4.0 allows remote attackers to cause a denial of service, as demonstrated by a certain module in VulnDisco Pack. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. As of 20061118, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.
23 CVE-2006-6017 DoS 2006-11-21 2008-09-05
4.0
None Remote Low Single system None None Partial
WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.
24 CVE-2006-6015 DoS Overflow 2006-11-21 2018-10-17
5.0
None Remote Low Not required None None Partial
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
25 CVE-2006-6011 DoS 2006-11-21 2018-10-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in SAP Web Application Server before 6.40 patch 6 allows remote attackers to cause a denial of service (enserver.exe crash) via a certain UDP packet to port 64999, aka "two bytes UDP crash," a different vulnerability than CVE-2006-5785.
26 CVE-2006-5989 DoS Overflow 2006-11-20 2017-10-10
5.0
None Remote Low Not required None None Partial
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
27 CVE-2006-5988 DoS 2006-11-20 2017-11-22
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.
28 CVE-2006-5973 DoS Overflow 2006-11-20 2018-10-17
5.0
None Remote Low Not required None None Partial
Off-by-one buffer overflow in Dovecot 1.0test53 through 1.0.rc14, and possibly other versions, when index files are used and mmap_disable is set to "yes," allows remote authenticated IMAP or POP3 users to cause a denial of service (crash) via unspecified vectors involving the cache file.
29 CVE-2006-5939 369 DoS 2006-11-15 2017-07-19
7.8
None Remote Low Not required None None Complete
Grisoft AVG Anti-Virus before 7.1.407 allows remote attackers to cause a denial of service (crash) via a crafted DOC file that triggers a divide-by-zero error. NOTE: some of these details are obtained from third party information.
30 CVE-2006-5901 DoS 2006-11-15 2018-10-17
5.0
None Remote Low Not required None None Partial
Hawking Technology wireless router WR254-CA uses a hardcoded IP address among the set of DNS server IP addresses, which could allow remote attackers to cause a denial of service or hijack the router by attacking or spoofing the server at the hardcoded address. NOTE: it could be argued that this issue reflects an inherent limitation of DNS itself, so perhaps it should not be included in CVE.
31 CVE-2006-5861 DoS 2006-11-10 2017-07-19
5.0
None Remote Low Not required None None Partial
The Independent Management Architecture (IMA) service (ImaSrv.exe) in Citrix MetaFrame XP 1.0 and 2.0, and Presentation Server 3.0 and 4.0, allows remote attackers to cause a denial of service (service exit) via a crafted packet that causes the service to access an unmapped memory address and triggers an unhandled exception.
32 CVE-2006-5836 DoS Exec Code 2006-11-09 2017-07-19
7.2
Admin Local Low Not required Complete Complete Complete
The fpathconf syscall function in bsd/kern/kern_descrip.c in the Darwin kernel (XNU) 8.8.1 in Apple Mac OS X allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via a file descriptor with an unrecognized file type.
33 CVE-2006-5833 DoS Exec Code 2006-11-09 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
gbcms_php_files/up_loader.php GreenBeast CMS 1.3 does not require authentication to upload files, which allows remote attackers to cause a denial of service (disk consumption) and execute arbitrary code by uploading arbitrary files, such as executing PHP code via an uploaded PHP file.
34 CVE-2006-5826 DoS Exec Code Overflow 2006-11-09 2018-10-17
5.8
User Remote Low Multiple systems Partial Partial Partial
Buffer overflow in Texas Imperial Software WFTPD Pro Server 3.23.1.1 allows remote authenticated users to execute arbitrary code or cause a denial of service (application crash) via crafted APPE commands that contain "/" (slash) or "\" (backslash) characters.
35 CVE-2006-5824 DoS Overflow 2006-11-09 2017-07-19
4.9
None Local Low Not required None None Complete
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem.
36 CVE-2006-5823 DoS Mem. Corr. 2006-11-09 2018-10-30
4.0
None Local High Not required None None Complete
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
37 CVE-2006-5815 119 DoS Exec Code Overflow 2006-11-08 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the sreplace function in ProFTPD 1.3.0 and earlier allows remote attackers, probably authenticated, to cause a denial of service and execute arbitrary code, as demonstrated by vd_proftpd.pm, a "ProFTPD remote exploit."
38 CVE-2006-5813 DoS 2006-11-08 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Novell eDirectory 8.8 allows attackers to cause a denial of service, as demonstrated by vd_novell3.pm, a "Novell eDirectory 8.8 DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
39 CVE-2006-5812 DoS 2006-11-08 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in Kerio MailServer allows attackers to cause a denial of service, as demonstrated by vd_kms4.pm, a "Kerio MailServer DoS." NOTE: As of 20061108, this disclosure has no actionable information. However, since it is from a reliable researcher, it is being assigned a CVE identifier for tracking purposes.
40 CVE-2006-5801 DoS 2006-11-08 2017-07-19
5.0
None Remote Low Not required None None Partial
The owserver module in owfs and owhttpd 2.5p5 and earlier does not properly check the path type, which allows attackers to cause a denial of service (application crash) related to use of the path in owshell.
41 CVE-2006-5793 20 DoS 2006-11-17 2018-10-17
2.6
None Remote High Not required None None Partial
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks that trigger an out-of-bounds read.
42 CVE-2006-5790 DoS Exec Code 2006-11-07 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Multiple format string vulnerabilities in elogd.c in ELOG 2.6.2 and earlier allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) an entry with an attachment whose name contains format string specifiers (el_submit function), and possibly other vectors in the (2) receive_config, (3) show_rss_feed, (4) show_elog_list, (5) show_logbook_node, and (6) server_loop functions.
43 CVE-2006-5789 399 DoS 2006-11-07 2018-10-17
4.0
None Remote Low Single system None None Partial
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312.
44 CVE-2006-5785 DoS 2006-11-07 2018-10-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to cause a denial of service (enserver.exe crash) via a 0x72F2 sequence on UDP port 64999.
45 CVE-2006-5783 DoS 2006-11-07 2018-10-17
7.8
None Remote Low Not required None None Complete
** DISPUTED ** Firefox 1.5.0.7 on Kubuntu Linux allows remote attackers to cause a denial of service (crash) via a long URL in an A tag. NOTE: this issue has been disputed by several vendors, who could not reproduce the report. In addition, the scope of the impact - system freeze - suggests an issue that is not related to Firefox. Due to this impact, CVE concurs with the dispute.
46 CVE-2006-5782 DoS 2006-11-08 2018-10-17
7.8
None Remote Low Not required None None Complete
radexecd.exe in HP OpenView Client Configuraton Manager (CCM) does not require authentication before executing commands in the installation directory, which allows remote attackers to cause a denial of service (reboot) by calling radbootw.exe or create arbitrary files by calling radcrecv.
47 CVE-2006-5779 399 DoS 2006-11-07 2018-10-17
5.0
None Remote Low Not required None None Partial
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
48 CVE-2006-5758 119 DoS Overflow +Priv Mem. Corr. 2006-11-06 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures.
49 CVE-2006-5757 17 DoS 2006-11-06 2017-10-10
1.2
None Local High Not required None None Partial
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed data structures.
50 CVE-2006-5748 DoS Exec Code Mem. Corr. 2006-11-08 2018-10-17
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors that trigger memory corruption.
Total number of vulnerabilities : 76   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.