# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
14701 |
CVE-2006-1735 |
264 |
|
Exec Code |
2006-04-14 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an XBL method binding (XBL.method.eval) to create Javascript functions that are compiled with extra privileges. |
14702 |
CVE-2006-1730 |
189 |
|
Exec Code Overflow |
2006-04-14 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow. |
14703 |
CVE-2006-1728 |
|
|
Exec Code |
2006-04-14 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. |
14704 |
CVE-2006-1726 |
264 |
|
Exec Code Bypass |
2006-04-14 |
2018-10-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method. |
14705 |
CVE-2006-1668 |
|
|
Exec Code |
2006-04-07 |
2017-10-18 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
newimage.php in Eric Gerdes Crafty Syntax Image Gallery (CSIG) (aka PHP thumbnail Photo Gallery) 3.1g and earlier allows remote authenticated users to upload and execute arbitrary PHP code via a multipart/form-data POST with a .jpg filename in the fullimage parameter and the ext parameter set to .php. |
14706 |
CVE-2006-1652 |
119 |
|
DoS Exec Code Overflow |
2006-04-06 |
2018-10-18 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Multiple buffer overflows in (a) UltraVNC (aka [email protected]) 1.0.1 and earlier and (b) tabbed_viewer 1.29 (1) allow user-assisted remote attackers to execute arbitrary code via a malicious server that sends a long string to a client that connects on TCP port 5900, which triggers an overflow in Log::ReallyPrint; and (2) allow remote attackers to cause a denial of service (server crash) via a long HTTP GET request to TCP port 5800, which triggers an overflow in VNCLog::ReallyPrint. |
14707 |
CVE-2006-1629 |
|
|
Exec Code |
2006-04-06 |
2017-07-19 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable. |
14708 |
CVE-2006-1615 |
134 |
|
Exec Code |
2006-04-06 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. |
14709 |
CVE-2006-1604 |
|
|
|
2006-04-04 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted." |
14710 |
CVE-2006-1545 |
|
|
Exec Code |
2006-03-30 |
2018-10-18 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Direct static code injection vulnerability in admin/config.php in vscripts (aka Kuba Kunkiewicz) VNews 1.2 allows remote authenticated administrators to execute code by inserting the code into variables that are stored in admin/config.php. |
14711 |
CVE-2006-1540 |
94 |
|
DoS Exec Code Overflow |
2006-03-30 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
MSO.DLL in Microsoft Office 2000, Office XP (2002), and Office 2003 allows user-assisted attackers to cause a denial of service and execute arbitrary code via multiple attack vectors, as originally demonstrated using a crafted document record with a malformed string, as demonstrated by replacing a certain "01 00 00 00" byte sequence with an "FF FF FF FF" byte sequence, possibly causing an invalid array index, in (1) an Excel .xls document, which triggers an access violation in ole32.dll; (2) an Excel .xlw document, which triggers an access violation in excel.exe; (3) a Word document, which triggers an access violation in mso.dll in winword.exe; and (4) a PowerPoint document, which triggers an access violation in powerpnt.txt. NOTE: after the initial disclosure, this issue was demonstrated by triggering an integer overflow using an inconsistent size for a Unicode "Sheet Name" string. |
14712 |
CVE-2006-1523 |
|
|
|
2006-04-12 |
2016-10-17 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
The __group_complete_signal function in the RCU signal handling (signal.c) in Linux kernel 2.6.16, and possibly other versions, has unknown impact and attack vectors related to improper use of BUG_ON. |
14713 |
CVE-2006-1381 |
|
|
+Priv |
2006-03-24 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Trend Micro OfficeScan 5.5, and probably other versions before 6.5, uses insecure DACLs for critical files, which allows local users to gain SYSTEM privileges by modifying tmlisten.exe. |
14714 |
CVE-2006-1371 |
94 |
|
|
2006-03-23 |
2017-10-10 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Laurentiu Matei eXpandable Home Page (XHP) CMS 0.5 and earlier allows remote authenticated users to use the HTMLArea FileManager plugin to upload and execute arbitrary PHP files using (1) manager.php, (2) standalonemanager.php, and (3) images.php. |
14715 |
CVE-2006-1370 |
|
|
Overflow |
2006-03-23 |
2017-07-19 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in RealNetworks RealPlayer 10.5 6.0.12.1040 through 6.0.12.1348, RealPlayer 10, RealOne Player v2, RealOne Player v1, RealPlayer 8, and RealPlayer Enterprise before 20060322 allows remote attackers to have an unknown impact via a malicious Mimio boardCast (mbc) file. |
14716 |
CVE-2006-1368 |
119 |
|
DoS Overflow Mem. Corr. |
2006-03-23 |
2018-10-03 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the USB Gadget RNDIS implementation in the Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (kmalloc'd memory corruption) via a remote NDIS response to OID_GEN_SUPPORTED_LIST, which causes memory to be allocated for the reply data but not the reply structure. |
14717 |
CVE-2006-1359 |
94 |
|
DoS Exec Code |
2006-03-22 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer. |
14718 |
CVE-2006-1318 |
94 |
|
Exec Code |
2014-09-19 |
2018-10-12 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, Office 2004 for Mac, and Office X for Mac do not properly parse record lengths, which allows remote attackers to execute arbitrary code via a malformed control in an Office document, aka "Microsoft Office Control Vulnerability." |
14719 |
CVE-2006-1316 |
94 |
|
Exec Code Mem. Corr. |
2006-07-11 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Office 2003 SP1 and SP2, Office XP SP3, Office 2000 SP3, and other products, allows user-assisted attackers to execute arbitrary code via an Office file with malformed string that triggers memory corruption related to record lengths, aka "Microsoft Office Parsing Vulnerability," a different vulnerability than CVE-2006-2389. |
14720 |
CVE-2006-1311 |
|
|
Exec Code Mem. Corr. |
2007-02-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The RichEdit component in Microsoft Windows 2000 SP4, XP SP2, and 2003 SP1; Office 2000 SP3, XP SP3, 2003 SP2, and Office 2004 for Mac; and Learning Essentials for Microsoft Office 1.0, 1.1, and 1.5 allows user-assisted remote attackers to execute arbitrary code via a malformed OLE object in an RTF file, which triggers memory corruption. |
14721 |
CVE-2006-1309 |
94 |
|
Exec Code Mem. Corr. |
2006-07-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted LABEL record that triggers memory corruption. |
14722 |
CVE-2006-1308 |
94 |
|
Exec Code |
2006-07-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted FNGROUPCOUNT value. |
14723 |
CVE-2006-1306 |
94 |
|
Exec Code |
2006-07-13 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted BIFF record with an attacker-controlled array index that is used for a function pointer, aka "Malformed OBJECT record Vulnerability." |
14724 |
CVE-2006-1304 |
94 |
|
Exec Code Overflow |
2006-07-13 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted COLINFO record, which triggers the overflow during a "data filling operation." |
14725 |
CVE-2006-1303 |
94 |
|
Exec Code Mem. Corr. |
2006-06-13 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in Microsoft Internet Explorer 5.01 SP4 and 6 SP1 and earlier allow remote attackers to execute arbitrary code by instantiating certain COM objects from Wmm2fxa.dll as ActiveX controls including (1) DXImageTransform.Microsoft.MMSpecialEffect1Input, (2) DXImageTransform.Microsoft.MMSpecialEffect1Input.1, (3) DXImageTransform.Microsoft.MMSpecialEffect2Inputs, (4) DXImageTransform.Microsoft.MMSpecialEffect2Inputs.1, (5) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input, and (6) DXImageTransform.Microsoft.MMSpecialEffectInplace1Input.1, which causes memory corruption during garbage collection. |
14726 |
CVE-2006-1302 |
119 |
|
Exec Code Overflow Mem. Corr. |
2006-07-13 |
2018-10-18 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in Microsoft Excel 2000 through 2003 allows user-assisted attackers to execute arbitrary code via a .xls file with certain crafted fields in a SELECTION record, which triggers memory corruption, aka "Malformed SELECTION record Vulnerability." |
14727 |
CVE-2006-1301 |
94 |
|
Exec Code Mem. Corr. |
2006-07-13 |
2018-10-12 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Microsoft Excel 2000 through 2004 allows user-assisted attackers to execute arbitrary code via a .xls file with a crafted SELECTION record that triggers memory corruption, a different vulnerability than CVE-2006-1302. |
14728 |
CVE-2006-1276 |
|
|
Bypass |
2006-03-19 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
admin.php in Himpfen Consulting Company PHP SimpleNEWS 1.0.0 allows remote attackers to bypass authentication by setting the admin parameter in a cookie. |
14729 |
CVE-2006-1255 |
|
|
DoS Exec Code Overflow |
2006-03-18 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177. |
14730 |
CVE-2006-1254 |
|
|
|
2006-03-18 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in BorderWare MXtreme 5.0 and 6.0 allows remote attackers to have an unknown impact via unknown attack vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
14731 |
CVE-2006-1250 |
|
|
|
2006-03-18 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the Webmail module in Winmail before 4.3 has unknown impact and unknown remote attack vectors. |
14732 |
CVE-2006-1190 |
|
|
Exec Code |
2006-04-11 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the object in the wrong security context or zone, and allow remote attackers to execute arbitrary code. |
14733 |
CVE-2006-1189 |
119 |
|
Exec Code Overflow Mem. Corr. |
2006-04-11 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-byte character sets (DBCS), aka the "Double Byte Character Parsing Memory Corruption Vulnerability." |
14734 |
CVE-2006-1186 |
|
|
Exec Code Mem. Corr. |
2006-04-11 |
2018-10-12 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX controls, which leads to memory corruption. |
14735 |
CVE-2006-1123 |
|
|
Exec Code Sql |
2006-03-09 |
2018-10-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
SQL injection vulnerability in D2KBlog 1.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the memName parameter in a cookie. |
14736 |
CVE-2006-1085 |
|
|
Exec Code +Priv Bypass |
2006-03-08 |
2018-10-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
admin.php in PHP-Stats 0.1.9.1 and earlier allows remote attackers to bypass authentication, gain administrator privileges, and execute arbitrary PHP code by modifying the option[admin_pass] parameter and setting the pass_cookie to the MD5 hash of the specified password. |
14737 |
CVE-2006-1069 |
|
|
+Priv |
2006-03-07 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the session handling for Geeklog 1.4.x before 1.4.0sr2, 1.3.11 before 1.3.11sr5, 1.3.9 before 1.3.9sr5, and possibly earlier versions allows attackers to gain privileges as arbitrary users via unknown vectors. |
14738 |
CVE-2006-1047 |
|
|
|
2006-03-07 |
2008-09-05 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the "Remember Me login functionality" in Joomla! 1.0.7 and earlier has unknown impact and attack vectors. |
14739 |
CVE-2006-1038 |
|
|
Overflow |
2006-03-07 |
2017-07-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in SecureCRT 5.0.4 and earlier and SecureFX 3.0.4 and earlier allows remote attackers to have an unknown impact when a Unicode string is converted to a "narrow" string. |
14740 |
CVE-2006-1017 |
|
|
|
2006-03-06 |
2018-10-30 |
9.3 |
Admin |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open function, allow remote attackers to obtain access to an IMAP stream data structure and conduct unauthorized IMAP actions. |
14741 |
CVE-2006-1002 |
255 |
|
|
2006-03-06 |
2018-10-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
NETGEAR WGT624 Wireless DSL router has a default account of super_username "Gearguy" and super_passwd "Geardog", which allows remote attackers to modify the configuration. NOTE: followup posts have suggested that this might not occur with all WGT624 routers. |
14742 |
CVE-2006-1000 |
|
|
Exec Code Sql Bypass |
2006-03-06 |
2018-10-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple SQL injection vulnerabilities in Pentacle In-Out Board 3.0 and earlier allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) newsid parameter to newsdetailsview.asp and (2) password parameter to login.asp. |
14743 |
CVE-2006-0992 |
|
|
Exec Code Overflow |
2006-04-14 |
2018-10-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NOTE: due to a typo, the original ZDI advisory accidentally referenced CVE-2006-0092. This is the correct identifier. |
14744 |
CVE-2006-0990 |
|
|
Exec Code Overflow |
2006-03-27 |
2018-10-18 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the NetBackup Catalog daemon (bpdbm) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. |
14745 |
CVE-2006-0989 |
|
|
Exec Code Overflow |
2006-03-27 |
2018-10-18 |
9.0 |
Admin |
Remote |
Low |
Single system |
Complete |
Complete |
Complete |
Stack-based buffer overflow in the volume manager daemon (vmd) in Veritas NetBackup Enterprise Server 5.0 through 6.0 and DataCenter and BusinesServer 4.5FP and 4.5MP allows attackers to execute arbitrary code via unknown vectors. |
14746 |
CVE-2006-0979 |
|
|
|
2006-03-03 |
2017-07-19 |
10.0 |
None |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in the local weblog publisher in Nidelven IT Issue Dealer before 0.9.96 has unknown impact and attack vectors. |
14747 |
CVE-2006-0884 |
20 |
|
Bypass +Info |
2006-02-24 |
2018-10-18 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
The WYSIWYG rendering engine ("rich mail" editor) in Mozilla Thunderbird 1.0.7 and earlier allows user-assisted attackers to bypass javascript security settings and obtain sensitive information or cause a crash via an e-mail containing a javascript URI in the SRC attribute of an IFRAME tag, which is executed when the user edits the e-mail. |
14748 |
CVE-2006-0874 |
|
|
|
2006-02-24 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in Intensive Point iUser Ecommerce before 2.2 have unspecified vectors and impact, as addressed by "Urgent secure fixes". NOTE: this might be a duplicate of CVE-2006-0854, but the vendor announcement for this issue (from January 8, 2005) is too vague to be sure, and CVE-2006-0854 does not provide version information. |
14749 |
CVE-2006-0864 |
|
|
+Priv |
2006-02-23 |
2018-10-18 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
filescan in Global Hauri ViRobot 2.0 20050817 does not verify the Cookie HTTP header, which allows remote attackers to gain administrative privileges via an arbitrary cookie value. |
14750 |
CVE-2006-0789 |
|
|
|
2006-02-19 |
2017-07-19 |
10.0 |
Admin |
Remote |
Low |
Not required |
Complete |
Complete |
Complete |
Certain unspecified Kyocera printers have a default "admin" account with a blank password, which allows remote attackers to access an administrative menu via a telnet session. |