# |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
1 |
CVE-2006-6878 |
|
|
+Priv |
2006-12-31 |
2017-10-19 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
admin/uploads.php in PHP-Update 2.7 and earlier allows remote attackers to gain privileges by setting the rights[7] parameter to 1 during a login action. |
2 |
CVE-2006-6752 |
|
|
Overflow +Priv |
2006-12-27 |
2008-09-05 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in FTPRush 1.0.0.610 might allow attackers to gain privileges via a long Host field. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. Also, it is not clear whether this issue crosses security boundaries. |
3 |
CVE-2006-6745 |
|
|
+Priv |
2006-12-26 |
2018-10-30 |
9.3 |
None |
Remote |
Medium |
Not required |
Complete |
Complete |
Complete |
Multiple unspecified vulnerabilities in Sun Java Development Kit (JDK) and Java Runtime Environment (JRE) 5.0 Update 7 and earlier, and Java System Development Kit (SDK) and JRE 1.4.2_12 and earlier 1.4.x versions, allow attackers to develop Java applets or applications that are able to gain privileges, related to serialization in JRE. |
4 |
CVE-2006-6696 |
119 |
|
Overflow +Priv |
2006-12-22 |
2019-04-30 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. |
5 |
CVE-2006-6639 |
|
|
+Priv |
2006-12-19 |
2008-09-05 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. |
6 |
CVE-2006-6616 |
|
|
+Priv |
2006-12-18 |
2017-07-29 |
6.0 |
None |
Remote |
Medium |
??? |
Partial |
Partial |
Partial |
index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. |
7 |
CVE-2006-6528 |
|
|
+Priv |
2006-12-14 |
2011-03-08 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Chatroom Module before 4.7.x.-1.0 for Drupal broadcasts Chatroom visitors' session IDs to all participants, which allows remote attackers to hijack sessions and gain privileges. |
8 |
CVE-2006-6501 |
264 |
|
+Priv |
2006-12-20 |
2018-10-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. |
9 |
CVE-2006-6418 |
119 |
|
Overflow +Priv |
2006-12-10 |
2017-07-29 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Buffer overflow in the POSIX Threads library (libpthread) on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREAD_CONFIG environment variable. |
10 |
CVE-2006-6308 |
|
|
+Priv |
2006-12-06 |
2018-10-17 |
4.3 |
None |
Local |
Low |
??? |
Partial |
Partial |
Partial |
** DISPUTED ** Symantec LiveState 7.1 Agent for Windows allows local users to gain privileges by stopping the shstart.exe process and open "Web Self-Service" from the system tray icon, which will open a browser window running with elevated privileges. NOTE: several third-party researchers have noted that administrator privileges may be necessary to terminate shstart.exe. If this is the case, then no privilege escalation occurs, and this is not a vulnerability. |
11 |
CVE-2006-6165 |
|
|
+Priv Bypass |
2006-11-29 |
2018-10-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
** DISPUTED ** ld.so in FreeBSD, NetBSD, and possibly other BSD distributions does not remove certain harmful environment variables, which allows local users to gain privileges by passing certain environment variables to loading processes. NOTE: this issue has been disputed by a third party, stating that it is the responsibility of the application to properly sanitize the environment. |
12 |
CVE-2006-6164 |
|
|
+Priv |
2006-11-29 |
2018-10-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The _dl_unsetenv function in loader.c in the ELF ld.so in OpenBSD 3.9 and 4.0 does not properly remove duplicate environment variables, which allows local users to pass dangerous variables such as LD_PRELOAD to loading processes, which might be leveraged to gain privileges. |
13 |
CVE-2006-6131 |
|
|
+Priv |
2006-11-28 |
2018-10-17 |
6.2 |
None |
Local |
High |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in (1) WSAdminServer and (2) WSWebServer in Kerio WebSTAR (4D WebSTAR Server Suite) 5.4.2 and earlier allows local users with webstar privileges to gain root privileges via a malicious libucache.dylib helper library in the current working directory. |
14 |
CVE-2006-6008 |
|
|
+Priv |
2006-11-21 |
2008-09-05 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
ftpd in Linux Netkit (linux-ftpd) 0.17, and possibly other versions, does not check the return status of certain seteuid, setgid, and setuid calls, which might allow remote authenticated users to gain privileges if these calls fail in cases such as PAM failures or resource limits, a different vulnerability than CVE-2006-5778. |
15 |
CVE-2006-5965 |
|
|
+Priv |
2006-11-26 |
2018-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
PassGo SSO Plus 2.1.0.32, and probably earlier versions, uses insecure permissions (Everyone/Full Control) for the PassGo Technologies directory, which allows local users to gain privileges by modifying critical programs. |
16 |
CVE-2006-5852 |
|
|
+Priv |
2006-11-10 |
2017-10-19 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Untrusted search path vulnerability in openexec in OpenBase SQL before 10.0.1 allows local users to gain privileges via a modified PATH that references a malicious helper binary, as demonstrated by (1) cp, (2) rm, and (3) killall, different vectors than CVE-2006-5327. |
17 |
CVE-2006-5818 |
|
|
Exec Code Overflow +Priv |
2006-11-08 |
2017-07-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Multiple buffer overflows in tunekrnl in IBM Lotus Domino 6.x before 6.5.5 FP2 and 7.x before 7.0.2 allow local users to gain privileges and execute arbitrary code via unspecified vectors. |
18 |
CVE-2006-5808 |
|
|
+Priv |
2006-11-08 |
2017-07-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The installation of Cisco Secure Desktop (CSD) before 3.1.1.45 uses insecure default permissions (all users full control) for the CSD directory and its parent directory, which allow local users to gain privileges by replacing CSD executables, aka "Local Privilege Escalation". |
19 |
CVE-2006-5758 |
119 |
|
DoS Overflow +Priv Mem. Corr. |
2006-11-06 |
2018-10-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Graphics Rendering Engine in Microsoft Windows 2000 through 2000 SP4 and Windows XP through SP2 maps GDI Kernel structures on a global shared memory section that is mapped with read-only permissions, but can be remapped by other processes as read-write, which allows local users to cause a denial of service (memory corruption and crash) and gain privileges by modifying the kernel structures. |
20 |
CVE-2006-5663 |
|
|
+Priv |
2006-11-03 |
2011-03-08 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
IBM Informix Dynamic Server 10.00, Informix Client Software Development Kit (CSDK) 2.90, and Informix I-Connect 2.90 use insecure permissions for installation scripts, which allows local users to gain privileges by modifying the scripts. |
21 |
CVE-2006-5639 |
|
|
+Priv |
2006-11-01 |
2017-07-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication." |
22 |
CVE-2006-5600 |
|
|
+Priv |
2006-10-28 |
2018-10-17 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Axalto Protiva 1.1, possibly only non-commercial versions, stores passwords in plaintext in files with insecure permissions, which allows local users to gain privileges by reading the passwords from (1) KeyTool\keytool.config or (2) webapps\protiva\WEB-INF\classes\authserver.config. |
23 |
CVE-2006-5585 |
264 |
|
+Priv |
2006-12-13 |
2018-10-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Client-Server Run-time Subsystem in Microsoft Windows XP SP2 and Server 2003 allows local users to gain privileges via a crafted file manifest within an application, aka "File Manifest Corruption Vulnerability." |
24 |
CVE-2006-5584 |
|
|
+Priv |
2006-12-13 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
The Remote Installation Service (RIS) in Microsoft Windows 2000 SP4 uses a TFTP server that allows anonymous access, which allows remote attackers to upload and overwrite arbitrary files to gain privileges on systems that use RIS. |
25 |
CVE-2006-5300 |
|
|
+Priv |
2006-10-17 |
2018-10-17 |
6.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
Partial |
Unspecified vulnerability in HP Version Control Agent before 2.1.5 allows remote authenticated users to obtain "unauthorized access" to a remote Repository Manager account and potentially gain privileges via unspecified vectors. |
26 |
CVE-2006-5218 |
|
|
DoS Overflow +Priv |
2006-10-10 |
2017-07-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Integer overflow in the systrace_preprepl function (STRIOCREPLACE) in systrace in OpenBSD 3.9 and NetBSD 3 allows local users to cause a denial of service (crash), gain privileges, or read arbitrary kernel memory via large numeric arguments to the systrace ioctl. |
27 |
CVE-2006-5199 |
|
|
+Priv |
2006-10-10 |
2017-07-20 |
2.1 |
None |
Local |
Low |
Not required |
Partial |
None |
None |
Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server. |
28 |
CVE-2006-5091 |
|
|
+Priv |
2006-09-29 |
2018-10-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unspecified vulnerability in HP-UX B.11.11 and B.11.23 CIFS Server (Samba) allows local users to gain privileges or obtain "unauthorized access" via unspecified vectors. |
29 |
CVE-2006-5014 |
|
|
+Priv |
2006-09-27 |
2008-09-05 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Unspecified vulnerability in cPanel before 10.9.0 12 Tree allows remote authenticated users to gain privileges via unspecified vectors in (1) mysqladmin and (2) hooksadmin. |
30 |
CVE-2006-5007 |
|
|
+Priv |
2006-09-27 |
2017-07-20 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Untrusted search path vulnerability in uucp in IBM AIX 5.2.0 and 5.3.0 allows local users to local users to gain privileges via a Trojan horse program involving uux. |
31 |
CVE-2006-4994 |
|
|
+Priv |
2006-09-26 |
2020-05-06 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Multiple unquoted Windows search path vulnerabilities in Apache Friends XAMPP 1.5.2 might allow local users to gain privileges via a malicious program file in %SYSTEMDRIVE%, which is run when XAMPP attempts to execute (1) FileZillaServer.exe, (2) mysqld-nt.exe, (3) Perl.exe, or (4) xamppcontrol.exe with an unquoted "Program Files" pathname. |
32 |
CVE-2006-4927 |
|
|
+Priv |
2006-10-10 |
2018-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The (a) NAVENG (NAVENG.SYS) and (b) NAVEX15 (NAVEX15.SYS) device drivers 20061.3.0.12 and later, as used in Symantec AntiVirus and security products, allow local users to gain privileges by overwriting critical system addresses using a crafted Irp to the IOCTL functions (1) 0x222AD3, (2) 0x222AD7, and (3) 0x222ADB. |
33 |
CVE-2006-4887 |
|
|
+Priv Bypass |
2006-09-19 |
2018-10-30 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Apple Remote Desktop (ARD) for Mac OS X 10.2.8 and later does not drop privileges on the remote machine while installing certain applications, which allows local users to bypass authentication and gain privileges by selecting the icon during installation. NOTE: it could be argued that the issue is not in Remote Desktop itself, but in applications that are installed while using it. |
34 |
CVE-2006-4655 |
|
|
Overflow +Priv |
2006-09-09 |
2018-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8 through 10, allows local users to gain privileges via a long _XKB_CHARSET environment variable value. |
35 |
CVE-2006-4620 |
|
|
+Priv |
2006-09-07 |
2018-10-17 |
4.6 |
None |
Remote |
High |
??? |
Partial |
Partial |
Partial |
The useredit_account.wdm module in Alt-N WebAdmin 3.2.5 running with MDaemon 9.0.6, and possibly earlier versions, allows remote authenticated domain administrators to gain privileges and obtain access to the system mail queue by modifying the mailbox of the MDaemon user account to use the mailbox of another account. |
36 |
CVE-2006-4619 |
|
|
+Priv |
2006-09-07 |
2018-10-17 |
4.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
Partial |
The start update window in update.exe in Avira AntiVir PersonalEdition Classic 7.0 build 151 allows local users to gain system privileges via a "Shatter" style attack on the (1) IParam parameter, and the (2) PBM_GETRANGE and (3) PBM_SETRANGE messages in an unspecified progress bar. NOTE: some details are obtained from third party information. |
37 |
CVE-2006-4586 |
|
|
+Priv |
2006-09-06 |
2018-10-17 |
5.5 |
None |
Remote |
Low |
??? |
Partial |
Partial |
None |
The admin panel in Tr Forum 2.0 accepts a username and password hash for authentication, which allows remote authenticated users to perform unauthorized actions, as demonstrated by modifying user settings via the id parameter to /membres/modif_profil.php, and changing a password via /membres/change_mdp.php. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges. |
38 |
CVE-2006-4585 |
|
|
Exec Code +Priv Sql |
2006-09-06 |
2018-10-17 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
SQL injection vulnerability in admin/editer.php in Tr Forum 2.0 allows remote authenticated users to execute arbitrary SQL commands via the id2 parameter. NOTE: this can be leveraged with other Tr Forum vulnerabilities to allow unauthenticated attackers to gain privileges. |
39 |
CVE-2006-4447 |
|
|
+Priv |
2006-08-30 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those calls to fail, such as by exceeding a ulimit. |
40 |
CVE-2006-4427 |
|
|
+Priv Bypass |
2006-08-29 |
2017-10-19 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
index.php in eFiction before 2.0.7 allows remote attackers to bypass authentication and gain privileges by setting the (1) adminloggedin, (2) loggedin, and (3) level parameters to "1". |
41 |
CVE-2006-4416 |
|
|
+Priv |
2006-08-28 |
2017-07-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Untrusted search path vulnerability in the mkvg command in IBM AIX 5.2 and 5.3 allows local users to gain privileges by modifying the path to point to a malicious (1) chdev, (2) mkboot, (3) varyonvg, or (4) varyoffvg program. |
42 |
CVE-2006-4413 |
|
|
+Priv |
2006-11-18 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages. |
43 |
CVE-2006-4411 |
|
|
+Priv |
2006-11-30 |
2011-03-08 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors. |
44 |
CVE-2006-4392 |
|
|
+Priv |
2006-10-03 |
2018-10-17 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
The Mach kernel, as used in operating systems including (1) Mac OS X 10.4 through 10.4.7 and (2) OpenStep before 4.2, allows local users to gain privileges via a parent process that forces an exception in a setuid child and uses Mach exception ports to modify the child's thread context and task address space in a way that causes the child to call a parent-controlled function. |
45 |
CVE-2006-4370 |
|
|
+Priv |
2006-08-26 |
2018-10-17 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Alt-N WebAdmin 3.2.3 and 3.2.4 running with MDaemon 9.0.5, and possibly earlier, allow remote authenticated domain administrators to change a global administrator's password and gain privileges via the userlist.wdm file. |
46 |
CVE-2006-4316 |
|
|
+Priv |
2006-08-23 |
2017-07-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
SSH Tectia Management Agent 2.1.2 allows local users to gain root privileges by running a program called sshd, which is obtained from a process listing when the "Restart" action is selected from the Management server GUI, which causes the agent to locate the pathname of the user's program and restart it with root privileges. |
47 |
CVE-2006-4315 |
|
|
+Priv |
2006-08-23 |
2017-07-20 |
7.2 |
None |
Local |
Low |
Not required |
Complete |
Complete |
Complete |
Unquoted Windows search path vulnerability in multiple SSH Tectia products, including Client/Server/Connector 5.0.0 and 5.0.1 and Client/Server before 4.4.5, and Manager 2.12 and earlier, when running on Windows, might allow local users to gain privileges via a malicious program file under "Program Files" or its subdirectories. |
48 |
CVE-2006-4266 |
|
|
+Priv |
2006-08-21 |
2018-10-17 |
3.6 |
None |
Local |
Low |
Not required |
Partial |
Partial |
None |
Symantec Norton Personal Firewall 2006 9.1.0.33, and possibly earlier, does not properly protect Norton registry keys, which allows local users to provide Trojan horse libraries to Norton by using RegSaveKey and RegRestoreKey to modify HKLM\SOFTWARE\Symantec\CCPD\SuiteOwners, as demonstrated using NISProd.dll. NOTE: in most cases, this attack would not cross privilege boundaries, because modifying the SuiteOwners key requires administrative privileges. However, this issue is a vulnerability because the product's functionality is intended to protect against privileged actions such as this. |
49 |
CVE-2006-4254 |
|
|
+Priv |
2006-08-21 |
2017-07-20 |
7.5 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
Partial |
Unspecified vulnerability in setlocale in IBM AIX 5.1.0 through 5.3.0 allows local users to gain privileges via unspecified vectors. |
50 |
CVE-2006-4228 |
|
|
+Priv Bypass |
2006-08-18 |
2018-10-17 |
9.0 |
None |
Remote |
Low |
??? |
Complete |
Complete |
Complete |
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface. |