CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In September 2006(Denial Of Service)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-5098 DoS 2006-09-29 2008-09-05
5.0
None Remote Low Not required None None Partial
lib/exec/fetch.php in DokuWiki before 2006-03-09e allows remote attackers to cause a denial of service (CPU consumption) via large w and h parameters, when resizing an image.
2 CVE-2006-5084 20 DoS Exec Code 2006-09-28 2016-12-07
7.5
User Remote Low Not required Partial Partial Partial
Format string vulnerability in the NSRunAlertPanel function in eBay Skype for Mac 1.5.*.79 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a malformed Skype URL, as originally reported to involve a null dereference.
3 CVE-2006-5075 DoS 2006-09-28 2017-07-19
7.8
None Remote Low Not required None None Complete
The Kernel SSL Proxy service (svc:/network/ssl/proxy) in Sun Solaris 10 before 20060926 allows remote attackers to cause a denial of service (system crash) via unspecified vectors related to an SSL client.
4 CVE-2006-5073 DoS 2006-09-28 2018-10-30
7.8
None Remote Low Not required None None Complete
Unspecified vulnerability in Sun Solaris 8, 9 and 10 allows remote attackers to cause a denial of service (panic) via crafted IPv6 packets, a different vulnerability than CVE-2006-5013.
5 CVE-2006-5051 362 DoS Exec Code 2006-09-27 2017-10-10
9.3
Admin Remote Medium Not required Complete Complete Complete
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
6 CVE-2006-5033 DoS 2006-09-27 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in StoresAndCalendarsList.cgi in Paul Smith Computer Services vCAP 1.9.0 Beta and earlier allows remote attackers to cause a denial of service via the session parameter, possibly related to format string specifiers or malformed URL encoding.
7 CVE-2006-5013 DoS 2006-09-26 2017-10-10
7.8
None Remote Low Not required None None Complete
Sun Solaris 10 before patch 118855-16 (20060925), when run on x64 systems using IPv6, allows remote attackers to cause a denial of service (kernel panic) via crafted IPv6 packets.
8 CVE-2006-5012 DoS 2006-09-26 2018-10-30
6.6
None Local Low Not required None Complete Complete
Unspecified vulnerability in Sun Solaris 8, 9, and 10 before 20060925 allows local users to cause a denial of service (disable syslog) and prevent security messages from being logged via unspecified vectors.
9 CVE-2006-4948 DoS Exec Code Overflow 2006-09-22 2017-07-19
7.5
User Remote Low Not required Partial Partial Partial
Stack-based buffer overflow in tftpd.exe in ProSysInfo TFTP Server TFTPDWIN 0.4.2 and earlier allows remote attackers to execute arbitrary code or cause a denial of service via a long file name. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
10 CVE-2006-4925 DoS 2006-09-28 2018-10-17
5.0
None Remote Low Not required None None Partial
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
11 CVE-2006-4924 399 DoS 2006-09-26 2018-10-17
7.8
None Remote Low Not required None None Complete
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack detector.
12 CVE-2006-4910 DoS 2006-09-20 2018-10-30
5.0
None Remote Low Not required None None Partial
The web administration interface (mainApp) to Cisco IDS before 4.1(5c), and IPS 5.0 before 5.0(6p1) and 5.1 before 5.1(2) allows remote attackers to cause a denial of service (unresponsive device) via a crafted SSLv2 Client Hello packet.
13 CVE-2006-4888 DoS 2006-09-19 2008-09-05
5.0
None Remote Low Not required None None Partial
Microsoft Internet Explorer 6 and earlier allows remote attackers to cause a denial of service (application hang) via a CSS-formatted HTML INPUT element within a DIV element that has a larger size than the INPUT.
14 CVE-2006-4855 399 DoS 2006-09-19 2018-10-17
4.9
None Local Low Not required None None Complete
The \Device\SymEvent driver in Symantec Norton Personal Firewall 2006 9.1.0.33, and other versions of Norton Personal Firewall, Internet Security, AntiVirus, SystemWorks, Symantec Client Security SCS 1.x, 2.x, 3.0, and 3.1, Symantec AntiVirus Corporate Edition SAVCE 8.x, 9.x, 10.0, and 10.1, Symantec pcAnywhere 11.5 only, and Symantec Host, allows local users to cause a denial of service (system crash) via invalid data, as demonstrated by calling DeviceIoControl to send the data.
15 CVE-2006-4833 DoS 2006-09-15 2018-10-17
7.8
None Remote Low Not required None None Complete
Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allow remote attackers to cause a denial of service (hang or reboot) via an ICMP packet with the same destination and source address and port, aka the "Land" vulnerability.
16 CVE-2006-4832 DoS Exec Code Overflow 2006-09-15 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the telnet service in Verso NetPerformer FRAD ACT SDM-95xx 7.xx (R1) and earlier, SDM-93xx 10.x.x (R2) and earlier, and SDM-92xx 9.x.x (R1) and earlier allows remote attackers to cause a denial of service (reboot) and possibly execute arbitrary code via a long username.
17 CVE-2006-4820 DoS 2006-09-15 2018-10-17
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in X.25 on HP-UX B.11.00, B.11.11, and B.11.23 allows local users to cause an unspecified denial of service via unknown vectors.
18 CVE-2006-4800 DoS Exec Code Overflow 2006-09-14 2018-10-30
7.5
User Remote Low Not required Partial Partial Partial
Multiple buffer overflows in libavcodec in ffmpeg before 0.4.9_p20060530 allow remote attackers to cause a denial of service or possibly execute arbitrary code via multiple unspecified vectors in (1) dtsdec.c, (2) vorbis.c, (3) rm.c, (4) sierravmd.c, (5) smacker.c, (6) tta.c, (7) 4xm.c, (8) alac.c, (9) cook.c, (10) shorten.c, (11) smacker.c, (12) snow.c, and (13) tta.c. NOTE: it is likely that this is a different vulnerability than CVE-2005-4048 and CVE-2006-2802.
19 CVE-2006-4795 DoS 2006-09-14 2018-10-17
4.6
None Local Low Single system None None Complete
Unspecified vulnerability in the Address and Routing Parameter Area (ARPA) transport software in HP-UX B.11.11 and B.11.23 before 20060912 allows local users to cause a denial of service via unspecified vectors.
20 CVE-2006-4789 DoS Exec Code Overflow 2006-09-14 2017-10-18
4.6
User Local Low Not required Partial Partial Partial
Buffer overflow in Open Movie Editor 0.0.20060901 allows local users to cause a denial of service (system crash) or execute arbitrary code via a long project name in an open_movie_editor_project XML tag.
21 CVE-2006-4781 DoS Exec Code Overflow 2006-09-14 2017-10-18
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in FutureSoft TFTP Server Multithreaded (MT) 1.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code by sending a crafted packet to port 69/UDP, which triggers the overflow when constructing an absolute path name. NOTE: Some details are obtained from third party information.
22 CVE-2006-4775 399 DoS 2006-09-13 2018-10-17
7.8
None Remote Low Not required None None Complete
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) and CatOS allows remote attackers to cause a denial of service by sending a VTP update with a revision value of 0x7FFFFFFF, which is incremented to 0x80000000 and is interpreted as a negative number in a signed context.
23 CVE-2006-4774 399 DoS 2006-09-13 2018-10-17
7.8
None Remote Low Not required None None Complete
The VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(19) allows remote attackers to cause a denial of service by sending a VTP version 1 summary frame with a VTP version field value of 2.
24 CVE-2006-4773 DoS 2006-09-13 2017-07-19
5.0
None Remote Low Not required None None Partial
Sun StorEdge 6130 Array Controllers with firmware 06.12.10.11 and earlier allow remote attackers to cause a denial of service (controller reboot) via a flood of traffic on the LAN.
25 CVE-2006-4765 DoS 2006-09-13 2018-10-17
5.0
None Remote Low Not required None None Partial
NETGEAR DG834GT Wireless ADSL router running firmware 1.01.28 allows attackers to cause a denial of service (device hang) via a long string in the username field in the login window.
26 CVE-2006-4724 DoS 2006-09-13 2017-07-19
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the ColdFusion Flash Remoting Gateway in Adobe ColdFusion MX 7 and 7.01 allows remote attackers to cause a denial of service (infinite loop) via unspecified vectors involving a crafted command.
27 CVE-2006-4682 DoS 2006-09-11 2008-09-05
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in IBM Director before 5.10 allow remote attackers to cause a denial of service (crash) via unspecified vectors involving (1) malformed WMI CIM server requests and (2) malformed packets.
28 CVE-2006-4654 DoS 2006-09-08 2018-10-17
5.1
User Remote High Not required Partial Partial Partial
Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service (crash) or "compromise the server" via encoded format string specifiers in the query string.
29 CVE-2006-4627 DoS 2006-09-07 2018-08-13
5.0
None Remote Low Not required None None Partial
System Information ActiveX control (msinfo.dll), when accessed via Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via a SaveFile function with a long (1) computer and possibly (2) filename and (3) category argument.
30 CVE-2006-4623 DoS 2006-09-11 2018-10-17
7.8
None Remote Low Not required None None Complete
The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.
31 CVE-2006-4616 DoS 2006-09-06 2017-07-19
5.0
None Remote Low Not required None None Partial
SMTP service in MailEnable Standard, Professional, and Enterprise before ME-10014 (20060904) allows remote attackers to cause a denial of service via an SPF lookup for a domain with a large number of records, which triggers a null pointer exception.
32 CVE-2006-4613 DoS 2006-09-06 2017-07-19
7.8
None Remote Low Not required None None Complete
Multiple unspecified vulnerabilities in SnapGear before 3.1.4u1 allow remote attackers to cause a denial of service via unspecified vectors involving (1) IPSec replay windows and (2) the use of vulnerable versions of ClamAV before 0.88.4. NOTE: it is possible that vector 2 is related to CVE-2006-4018.
33 CVE-2006-4571 DoS Exec Code 2006-09-15 2018-10-17
10.0
Admin Remote Low Not required Complete Complete Complete
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.
34 CVE-2006-4566 DoS 2006-09-15 2018-10-17
5.0
None Remote Low Not required None None Partial
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character set ("[\\"), which leads to a buffer over-read.
35 CVE-2006-4565 119 DoS Exec Code Overflow 2006-09-15 2018-10-17
9.3
None Remote Medium Not required Complete Complete Complete
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression with a "minimal quantifier."
36 CVE-2006-4541 20 DoS 2006-09-05 2018-10-17
4.6
User Local Low Not required Partial Partial Partial
RapDrv.sys in BlackICE PC Protection 3.6.cpn, cpj, cpiE, and possibly 3.6 and earlier, allows local users to cause a denial of service (crash) via a NULL third argument to the NtOpenSection API function. NOTE: it was later reported that 3.6.cqn is also affected.
37 CVE-2006-4538 DoS 2006-09-05 2018-10-30
4.9
None Local Low Not required None None Complete
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
38 CVE-2006-4535 399 DoS 2006-09-19 2017-10-10
4.9
None Local Low Not required None None Complete
The Linux kernel 2.6.17.10 and 2.6.17.11 and 2.6.18-rc5 allows local users to cause a denial of service (crash) via an SCTP socket with a certain SO_LINGER value, possibly related to the patch for CVE-2006-3745. NOTE: older kernel versions for specific Linux distributions are also affected, due to backporting of the CVE-2006-3745 patch.
39 CVE-2006-4523 DoS 2006-09-01 2018-10-17
5.0
None Remote Low Not required None None Partial
The web-based management interface in 2Wire, Inc. HomePortal and OfficePortal Series modems and routers allows remote attackers to cause a denial of service (crash) via a CRLF sequence in a GET request.
40 CVE-2006-4459 DoS Overflow 2006-09-05 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Integer overflow in AnywhereUSB/5 1.80.00 allows local users to cause a denial of service (crash) via a 1 byte header size specified in the USB string descriptor.
41 CVE-2006-4343 476 DoS 2006-09-28 2018-10-17
4.3
None Remote Medium Not required None None Partial
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer dereference.
42 CVE-2006-4338 DoS 2006-09-19 2018-10-17
5.0
None Remote Low Not required None None Partial
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
43 CVE-2006-4335 DoS Exec Code 2006-09-19 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted GZIP archive that triggers an out-of-bounds write, aka a "stack modification vulnerability."
44 CVE-2006-4334 DoS 2006-09-19 2018-10-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
45 CVE-2006-4178 DoS 2006-09-25 2018-10-17
4.9
None Local Low Not required None None Complete
Integer signedness error in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) via unspecified arguments that use negative signed integers to cause the bzero function to be called with a large length parameter, a different vulnerability than CVE-2006-4172.
46 CVE-2006-4172 DoS Exec Code Overflow 2006-09-25 2018-10-17
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow vulnerability in the i386_set_ldt call in FreeBSD 5.5, and possibly earlier versions down to 5.2, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2006-4178.
47 CVE-2006-4096 DoS 2006-09-05 2018-10-17
5.0
None Remote Low Not required None None Partial
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
48 CVE-2006-4095 DoS 2006-09-05 2018-10-17
5.0
None Remote Low Not required None None Partial
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
49 CVE-2006-3873 DoS Exec Code Overflow 2006-09-12 2018-10-17
7.5
User Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in URLMON.DLL in Microsoft Internet Explorer 6 SP1 on Windows 2000 and XP SP1, with versions the MS06-042 patch before 20060912, allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long URL in a GZIP-encoded website that was the target of an HTTP redirect, due to an incomplete fix for CVE-2006-3869.
50 CVE-2006-3509 DoS Exec Code Overflow 2006-09-21 2008-09-05
7.2
Admin Local Low Not required Complete Complete Complete
Integer overflow in the API for the AirPort wireless driver on Apple Mac OS X 10.4.7 might allow physically proximate attackers to cause a denial of service (crash) or execute arbitrary code in third-party wireless software that uses the API via crafted frames.
Total number of vulnerabilities : 54   Page : 1 (This Page)2
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.