# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
21251 |
CVE-2006-5824 |
|
|
DoS Overflow |
2006-11-09 |
2017-07-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Integer overflow in the ffs_rdextattr function in FreeBSD 6.1 allows local users to cause a denial of service (kernel panic) and trigger a heap-based buffer overflow via a crafted UFS filesystem, a different vulnerability than CVE-2006-5679. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
21252 |
CVE-2006-5823 |
|
|
DoS Mem. Corr. |
2006-11-09 |
2018-10-30 |
4.0 |
None |
Local |
High |
Not required |
None |
None |
Complete |
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs. |
21253 |
CVE-2006-5808 |
|
|
+Priv |
2006-11-08 |
2017-07-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". |
21254 |
CVE-2006-5807 |
|
|
|
2006-11-08 |
2017-07-19 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Cisco Secure Desktop (CSD) before 3.1.1.45 allows local users to escape out of the secure desktop environment by using certain applications that switch to the default desktop, aka "System Policy Evasion". |
21255 |
CVE-2006-5789 |
399 |
|
DoS |
2006-11-07 |
2018-10-17 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
War FTP Daemon (WarFTPd) 1.82.00-RC11 allows remote authenticated users to cause a denial of service via a large number of "%s" format strings in (1) CWD, (2) CDUP, (3) DELE, (4) NLST, (5) LIST, (6) SIZE, and possibly other commands. NOTE: it is possible that vector 1 is an off-by-one variant or incomplete fix of CVE-2005-0312. |
21256 |
CVE-2006-5784 |
|
|
|
2006-11-07 |
2018-10-17 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in enserver.exe in SAP Web Application Server 6.40 before patch 136 and 7.00 before patch 66 allows remote attackers to read arbitrary files via crafted data on a "3200+SYSNR" TCP port, as demonstrated by port 3201. NOTE: this issue can be leveraged by local users to access a named pipe as the SAPServiceJ2E user. |
21257 |
CVE-2006-5778 |
|
|
Bypass |
2006-11-07 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory. |
21258 |
CVE-2006-5774 |
|
|
XSS |
2006-11-06 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Hyper NIKKI System before 2.19.9 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. |
21259 |
CVE-2006-5771 |
|
|
XSS |
2006-11-06 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Arkoon SSL360 1.0 and 2.0 before 2.0/2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
21260 |
CVE-2006-5769 |
|
|
XSS |
2006-11-06 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in admin.tool CMS 3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) fSid or (2) fSrcBegriffe parameters in unspecified vectors. |
21261 |
CVE-2006-5761 |
|
|
XSS |
2006-11-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php in Rhadrix If-CMS 1.01 and 2.07 allows remote attackers to inject arbitrary web script or HTML via the rns parameter. |
21262 |
CVE-2006-5755 |
|
|
DoS |
2006-12-31 |
2017-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Linux kernel before 2.6.18, when running on x86_64 systems, does not properly save or restore EFLAGS during a context switch, which allows local users to cause a denial of service (crash) by causing SYSENTER to set an NT flag, which can trigger a crash on the IRET of the next task. |
21263 |
CVE-2006-5754 |
|
|
DoS |
2007-01-30 |
2017-10-10 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The aio_setup_ring function in Linux kernel does not properly initialize a variable, which allows local users to cause a denial of service (crash) via an unspecified error path that causes an incorrect free operation. |
21264 |
CVE-2006-5752 |
|
|
XSS |
2007-06-27 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. |
21265 |
CVE-2006-5743 |
|
|
XSS |
2006-11-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Highwall Enterprise and Highwall Endpoint 4.0.2.11045 management interface allow remote attackers to inject arbitrary web script or HTML via (1) an Access Point with a crafted SSID, (2) the name of the sensor WIDS, (3) the name of the Highwall EndPoint workstation, or other unspecified vectors. |
21266 |
CVE-2006-5741 |
|
|
XSS |
2006-11-06 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in AirMagnet Enterprise before 7.5 build 6307 allow remote attackers to inject arbitrary web script or HTML via (1) the 404 error page of the Smart Sensor Edge Sensor; (2) the user name for a failed logon, when displayed in the audit journals reviewing interface (/AirMagnetSensor/AMSensor.dll/XH) by the Smart Sensor Edge Sensor log viewer; and (3) an SSID of an AP, when displayed on an ACL page (/Amom/Amom.dll/BD) of the Enterprise Server Status Overview in the Enterprise Server Web interface. |
21267 |
CVE-2006-5728 |
399 |
|
DoS |
2006-11-06 |
2017-10-18 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
XM Easy Personal FTP Server 5.2.1 and earlier allows remote authenticated users to cause a denial of service via a long argument to the NLST command, possibly involving the -al flags. |
21268 |
CVE-2006-5726 |
|
|
DoS Mem. Corr. |
2006-11-06 |
2008-09-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
alloccgblk in the UFS filesystem in Solaris 10 allows local users to cause a denial of service (memory corruption) by mounting crafted UFS filesystems with malformed data structures. |
21269 |
CVE-2006-5721 |
|
|
DoS |
2006-11-03 |
2018-10-17 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The \Device\SandBox driver in Outpost Firewall PRO 4.0 (964.582.059) allows local users to cause a denial of service (system crash) via an invalid argument to the DeviceIoControl function that triggers an invalid memory operation. |
21270 |
CVE-2006-5718 |
|
|
XSS |
2006-11-03 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in error.php in phpMyAdmin 2.6.4 through 2.9.0.2 allows remote attackers to inject arbitrary web script or HTML via UTF-7 or US-ASCII encoded characters, which are injected into an error message, as demonstrated by a request with a utf7 charset parameter accompanied by UTF-7 data. |
21271 |
CVE-2006-5717 |
|
|
XSS |
2006-11-03 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Zend Google Data Client Library (ZendGData) Preview 0.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters in (1) basedemo.php and (2) calenderdemo.php in samples/, and other unspecified files. |
21272 |
CVE-2006-5713 |
|
|
XSS |
2006-11-03 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Easy File Sharing (EFS) Web Server 4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) author, (2) content, or (3) title parameters when posting a forum thread. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. |
21273 |
CVE-2006-5712 |
|
|
XSS |
2006-11-03 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Mirapoint WebMail allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated using the width style for an IMG element. |
21274 |
CVE-2006-5703 |
79 |
|
XSS |
2006-11-03 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in tiki-featured_link.php in Tikiwiki 1.9.5 allows remote attackers to inject arbitrary web script or HTML via a url parameter that evades filtering, as demonstrated by a parameter value containing malformed, nested SCRIPT elements. |
21275 |
CVE-2006-5701 |
|
|
DoS |
2006-11-03 |
2017-07-19 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem. |
21276 |
CVE-2006-5679 |
189 |
|
DoS Exec Code Overflow |
2006-11-03 |
2011-10-11 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the ffs_mountfs function in FreeBSD 6.1 allows local users to cause a denial of service (panic) and possibly execute arbitrary code via a crafted UFS filesystem that causes invalid or large size parameters to be provided to the kmem_alloc function. NOTE: a third party states that this issue does not cross privilege boundaries in FreeBSD because only root may mount a filesystem. |
21277 |
CVE-2006-5664 |
|
|
|
2006-11-02 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The installation script in IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 allows local users to "compromise security" via a symlink attack on temporary files. |
21278 |
CVE-2006-5663 |
|
|
+Priv |
2006-11-02 |
2008-09-05 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. |
21279 |
CVE-2006-5654 |
|
|
DoS |
2006-11-02 |
2017-07-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Unspecified vulnerability in the Network Security Services (NSS) in Sun Java System Web Server 6.0 before SP 10 and ONE Application Server 7 before Update 3, when SSLv2 is enabled, allows remote authenticated users to cause a denial of service (application crash) via unspecified vectors. NOTE: due to lack of details from the vendor, it is unclear whether this is related to vector 1 in CVE-2006-5201 or CVE-2006-3127. |
21280 |
CVE-2006-5653 |
|
|
XSS |
2006-11-02 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in the errorHTML function in the index script in Sun Java System Messenger Express 6 allows remote attackers to inject arbitrary web script or HTML via the error parameter. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers a new CVE was assigned. |
21281 |
CVE-2006-5652 |
|
|
XSS |
2006-11-02 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Sun iPlanet Messaging Server Messenger Express allows remote attackers to inject arbitrary web script via the expression Cascading Style Sheets (CSS) function, as demonstrated by setting the width style for an IMG element. NOTE: this issue might be related to CVE-2006-5486, however due to the vagueness of the initial advisory and different researchers, it has been assigned a new CVE. |
21282 |
CVE-2006-5649 |
|
|
DoS |
2006-12-13 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors. |
21283 |
CVE-2006-5648 |
|
|
DoS |
2006-12-13 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Single system |
None |
None |
Complete |
Ubuntu Linux 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (resource consumption) by using the (1) sys_get_robust_list and (2) sys_set_robust_list functions to create processes that cannot be killed. |
21284 |
CVE-2006-5626 |
|
|
XSS |
2006-10-31 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in cms_images/js/htmlarea/htmlarea.php in phpFaber Content Management System (CMS) before 1.3.36 on 20061026 allows remote attackers to inject arbitrary web script or HTML, probably via arbitrary parameters in the query string, as demonstrated with a vigilon parameter. NOTE: earlier downloads of 1.3.36 have the vulnerability; the software was updated without changing the version number. |
21285 |
CVE-2006-5602 |
|
|
DoS |
2006-10-27 |
2017-07-19 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors. |
21286 |
CVE-2006-5599 |
|
|
XSS |
2006-10-27 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in Oracle Application Express (formerly HTML DB) before 2.2.1 allows remote attackers to inject arbitrary HTML or web script via the WWV_FLOW_ITEM_HELP package. NOTE: it is likely that this issue overlaps one of the Oracle VulnIDs covered by CVE-2006-5351. Oracle has not publicly disputed claims by a reliable researcher that this has been fixed by the October 2006 CPU. |
21287 |
CVE-2006-5598 |
|
|
XSS |
2006-10-27 |
2017-07-19 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in index.php for GOOP Gallery 2.0, and possibly other versions before 2.0.3, allows remote attackers to inject arbitrary HTML or web script via the image parameter. |
21288 |
CVE-2006-5577 |
|
|
+Info |
2006-12-12 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
Partial |
None |
None |
Microsoft Internet Explorer 6 and earlier allows remote attackers to obtain sensitive information via unspecified uses of the OBJECT HTML tag, which discloses the absolute path of the corresponding TIF folder, aka "TIF Folder Information Disclosure Vulnerability," and a different issue than CVE-2006-5578. |
21289 |
CVE-2006-5564 |
|
|
XSS |
2006-10-27 |
2008-09-05 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in user.php in MAXdev MD-Pro 1.0.76 allows remote attackers to inject arbitrary web script or HTML via the op parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |
21290 |
CVE-2006-5560 |
79 |
|
XSS |
2006-10-27 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Cross-site scripting (XSS) vulnerability in heading.php in Boesch ProgSys 0.151 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php, and unspecified vectors related to certain other files. NOTE: some of these details are obtained from third party information. |
21291 |
CVE-2006-5557 |
|
|
Exec Code Overflow |
2006-10-27 |
2017-10-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Stack-based buffer overflow in the (1) swpackage and (2) swmodify commands in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long -S argument. NOTE: this might be a duplicate of CVE-2006-2574, but the details relating to CVE-2006-2574 are too vague to be certain. |
21292 |
CVE-2006-5556 |
|
|
Exec Code Overflow |
2006-10-27 |
2017-10-18 |
4.6 |
User |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable. |
21293 |
CVE-2006-5550 |
|
|
DoS |
2006-10-26 |
2008-09-05 |
4.9 |
None |
Local |
Low |
Not required |
None |
None |
Complete |
The kernel in FreeBSD 6.1 and OpenBSD 4.0 allows local users to cause a denial of service via unspecified vectors involving certain ioctl requests to /dev/crypto. |
21294 |
CVE-2006-5542 |
|
|
DoS |
2006-10-26 |
2017-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
backend/tcop/postgres.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) related to duration logging of V3-protocol Execute messages for (1) COMMIT and (2) ROLLBACK SQL statements. |
21295 |
CVE-2006-5541 |
|
|
DoS |
2006-10-26 |
2017-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
backend/parser/parse_coerce.c in PostgreSQL 7.4.1 through 7.4.14, 8.0.x before 8.0.9, and 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via a coercion of an unknown element to ANYARRAY. |
21296 |
CVE-2006-5540 |
|
|
DoS |
2006-10-26 |
2017-10-10 |
4.0 |
None |
Remote |
Low |
Single system |
None |
None |
Partial |
backend/parser/analyze.c in PostgreSQL 8.1.x before 8.1.5 allows remote authenticated users to cause a denial of service (daemon crash) via certain aggregate functions in an UPDATE statement, which are not properly handled during a "MIN/MAX index optimization." |
21297 |
CVE-2006-5537 |
|
|
XSS |
2006-10-26 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/webcm in D-Link DSL-G624T firmware 3.00B01T01.YA-C.20060616 allow remote attackers to inject arbitrary web script or HTML via the (1) upnp:settings/state or (2) upnp:settings/connection parameters. |
21298 |
CVE-2006-5535 |
|
|
XSS |
2006-10-26 |
2018-10-17 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in WebHostManager (WHM) 10.8.0 cPanel 10.9.0 R50 allow remote attackers to inject arbitrary web script or HTML via the (1) theme parameter to scripts/dosetmytheme and the (2) template parameter to scripts2/editzonetemplate. |
21299 |
CVE-2006-5534 |
79 |
|
XSS |
2006-10-26 |
2011-09-13 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in index.htm in Zwahlen Online Shop Freeware 5.2.2.50, and possibly earlier, allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) Kat, (3) id, or (4) no parameters. NOTE: some of these details are obtained from third party information. |
21300 |
CVE-2006-5530 |
79 |
|
XSS |
2006-10-26 |
2012-08-06 |
4.3 |
None |
Remote |
Medium |
Not required |
None |
Partial |
None |
Multiple cross-site scripting (XSS) vulnerabilities in Boesch SimpNews before 2.34.01 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters to (1) admin/index.php, (2) admin/pwlost.php, and unspecified other files. NOTE: the provenance of this information is unknown; the details are obtained from third party information. |