| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2006-6652 | 0.05 | — | 0.19 | Dec 20, 2006 | Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long… | |||
| CVE-2006-6653 | 0.00 | — | 0.00 | Dec 20, 2006 | The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never… | |||
| CVE-2006-6654 | 0.00 | — | 0.01 | Dec 20, 2006 | The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit… | |||
| CVE-2006-6655 | 0.00 | — | 0.00 | Dec 20, 2006 | The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was… | |||
| CVE-2006-6656 | 0.00 | — | 0.00 | Dec 20, 2006 | Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to… | |||
| CVE-2006-6657 | 0.00 | — | 0.00 | Dec 20, 2006 | The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | |||
| CVE-2006-6658 | 0.00 | — | 0.01 | Dec 20, 2006 | Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to… | |||
| CVE-2006-6659 | 0.04 | — | 0.16 | Dec 20, 2006 | The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | |||
| CVE-2006-6497 | 0.00 | — | 0.04 | Dec 20, 2006 | Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute… | |||
| CVE-2006-6498 | 0.00 | — | 0.04 | Dec 20, 2006 | Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service… | |||
| CVE-2006-6499 | 0.00 | — | 0.04 | Dec 20, 2006 | The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service… | |||
| CVE-2006-6500 | 0.01 | — | 0.08 | Dec 20, 2006 | Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain… | |||
| CVE-2006-6501 | 0.00 | — | 0.03 | Dec 20, 2006 | Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | |||
| CVE-2006-6502 | 0.00 | — | 0.02 | Dec 20, 2006 | Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. | |||
| CVE-2006-6503 | 0.00 | — | 0.04 | Dec 20, 2006 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | |||
| CVE-2006-6504 | 0.01 | — | 0.09 | Dec 20, 2006 | Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. | |||
| CVE-2006-6505 | 0.00 | — | 0.04 | Dec 20, 2006 | Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. | |||
| CVE-2006-6506 | 0.00 | — | 0.02 | Dec 20, 2006 | The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. | |||
| CVE-2006-6507 | 0.00 | — | 0.02 | Dec 20, 2006 | Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. | |||
| CVE-2006-6641 | 0.00 | — | 0.02 | Dec 20, 2006 | Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly… | |||
| CVE-2006-6636 | 0.00 | — | 0.03 | Dec 19, 2006 | Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | |||
| CVE-2006-6637 | 0.00 | — | 0.03 | Dec 19, 2006 | The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific… | |||
| CVE-2006-6638 | 0.00 | — | 0.02 | Dec 19, 2006 | IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | |||
| CVE-2006-6639 | 0.00 | — | 0.00 | Dec 19, 2006 | Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | |||
| CVE-2006-6640 | 0.03 | — | 0.02 | Dec 19, 2006 | Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were… | |||
| CVE-2006-3896 | 0.00 | — | 0.01 | Dec 19, 2006 | The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling… | |||
| CVE-2006-6106 | 0.00 | — | 0.06 | Dec 19, 2006 | Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute… | |||
| CVE-2006-6605 | 0.00 | — | 0.06 | Dec 19, 2006 | Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | |||
| CVE-2006-6617 | 0.02 | — | 0.20 | Dec 18, 2006 | projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | |||
| CVE-2006-6618 | 0.00 | — | 0.00 | Dec 18, 2006 | AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||
| CVE-2006-6619 | 0.03 | — | 0.01 | Dec 18, 2006 | AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||
| CVE-2006-6620 | 0.00 | — | 0.00 | Dec 18, 2006 | Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||
| CVE-2006-6621 | 0.00 | — | 0.00 | Dec 18, 2006 | Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||
| CVE-2006-6622 | 0.00 | — | 0.00 | Dec 18, 2006 | Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the… | |||
| CVE-2006-6623 | 0.00 | — | 0.00 | Dec 18, 2006 | Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | |||
| CVE-2006-6624 | 0.03 | — | 0.06 | Dec 18, 2006 | The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | |||
| CVE-2006-6625 | 0.00 | — | 0.02 | Dec 18, 2006 | Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party… | |||
| CVE-2006-6626 | 0.00 | — | 0.01 | Dec 18, 2006 | Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are… | |||
| CVE-2006-6627 | 0.01 | — | 0.07 | Dec 18, 2006 | Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5… | |||
| CVE-2006-6628 | 0.03 | — | 0.04 | Dec 18, 2006 | Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. | |||
| CVE-2006-6629 | 0.00 | — | 0.01 | Dec 18, 2006 | lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1)… | |||
| CVE-2006-6630 | 0.00 | — | 0.01 | Dec 18, 2006 | PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||
| CVE-2006-6631 | 0.03 | — | 0.02 | Dec 18, 2006 | PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | |||
| CVE-2006-6632 | 0.03 | — | 0.02 | Dec 18, 2006 | PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | |||
| CVE-2006-6633 | 0.03 | — | 0.02 | Dec 18, 2006 | PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. | |||
| CVE-2006-6634 | 0.03 | — | 0.03 | Dec 18, 2006 | Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the… | |||
| CVE-2006-6635 | 0.03 | — | 0.02 | Dec 18, 2006 | PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. | |||
| CVE-2006-6606 | 0.00 | — | 0.01 | Dec 18, 2006 | Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | |||
| CVE-2006-6607 | 0.00 | — | 0.00 | Dec 18, 2006 | The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other… | |||
| CVE-2006-6608 | 0.00 | — | 0.03 | Dec 18, 2006 | Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." |
- CVE-2006-6652Dec 20, 2006risk 0.05cvss —epss 0.19
Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long…
- CVE-2006-6653Dec 20, 2006risk 0.00cvss —epss 0.00
The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never…
- CVE-2006-6654Dec 20, 2006risk 0.00cvss —epss 0.01
The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit…
- CVE-2006-6655Dec 20, 2006risk 0.00cvss —epss 0.00
The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was…
- CVE-2006-6656Dec 20, 2006risk 0.00cvss —epss 0.00
Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to…
- CVE-2006-6657Dec 20, 2006risk 0.00cvss —epss 0.00
The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors.
- CVE-2006-6658Dec 20, 2006risk 0.00cvss —epss 0.01
Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to…
- CVE-2006-6659Dec 20, 2006risk 0.04cvss —epss 0.16
The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML.
- CVE-2006-6497Dec 20, 2006risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute…
- CVE-2006-6498Dec 20, 2006risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service…
- CVE-2006-6499Dec 20, 2006risk 0.00cvss —epss 0.04
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers to cause a denial of service…
- CVE-2006-6500Dec 20, 2006risk 0.01cvss —epss 0.08
Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain…
- CVE-2006-6501Dec 20, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
- CVE-2006-6502Dec 20, 2006risk 0.00cvss —epss 0.02
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors.
- CVE-2006-6503Dec 20, 2006risk 0.00cvss —epss 0.04
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI.
- CVE-2006-6504Dec 20, 2006risk 0.01cvss —epss 0.09
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption.
- CVE-2006-6505Dec 20, 2006risk 0.00cvss —epss 0.04
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers.
- CVE-2006-6506Dec 20, 2006risk 0.00cvss —epss 0.02
The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits.
- CVE-2006-6507Dec 20, 2006risk 0.00cvss —epss 0.02
Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error.
- CVE-2006-6641Dec 20, 2006risk 0.00cvss —epss 0.02
Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly…
- CVE-2006-6636Dec 19, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors.
- CVE-2006-6637Dec 19, 2006risk 0.00cvss —epss 0.03
The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific…
- CVE-2006-6638Dec 19, 2006risk 0.00cvss —epss 0.02
IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257.
- CVE-2006-6639Dec 19, 2006risk 0.00cvss —epss 0.00
Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line.
- CVE-2006-6640Dec 19, 2006risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. NOTE: some details were…
- CVE-2006-3896Dec 19, 2006risk 0.00cvss —epss 0.01
The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling…
- CVE-2006-6106Dec 19, 2006risk 0.00cvss —epss 0.06
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute…
- CVE-2006-6605Dec 19, 2006risk 0.00cvss —epss 0.06
Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command.
- CVE-2006-6617Dec 18, 2006risk 0.02cvss —epss 0.20
projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response.
- CVE-2006-6618Dec 18, 2006risk 0.00cvss —epss 0.00
AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
- CVE-2006-6619Dec 18, 2006risk 0.03cvss —epss 0.01
AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
- CVE-2006-6620Dec 18, 2006risk 0.00cvss —epss 0.00
Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
- CVE-2006-6621Dec 18, 2006risk 0.00cvss —epss 0.00
Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
- CVE-2006-6622Dec 18, 2006risk 0.00cvss —epss 0.00
Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the…
- CVE-2006-6623Dec 18, 2006risk 0.00cvss —epss 0.00
Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB.
- CVE-2006-6624Dec 18, 2006risk 0.03cvss —epss 0.06
The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command.
- CVE-2006-6625Dec 18, 2006risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party…
- CVE-2006-6626Dec 18, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are…
- CVE-2006-6627Dec 18, 2006risk 0.01cvss —epss 0.07
Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5…
- CVE-2006-6628Dec 18, 2006risk 0.03cvss —epss 0.04
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.
- CVE-2006-6629Dec 18, 2006risk 0.00cvss —epss 0.01
lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1)…
- CVE-2006-6630Dec 18, 2006risk 0.00cvss —epss 0.01
PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.
- CVE-2006-6631Dec 18, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter.
- CVE-2006-6632Dec 18, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter.
- CVE-2006-6633Dec 18, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter.
- CVE-2006-6634Dec 18, 2006risk 0.03cvss —epss 0.03
Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the…
- CVE-2006-6635Dec 18, 2006risk 0.03cvss —epss 0.02
PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter.
- CVE-2006-6606Dec 18, 2006risk 0.00cvss —epss 0.01
Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
- CVE-2006-6607Dec 18, 2006risk 0.00cvss —epss 0.00
The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other…
- CVE-2006-6608Dec 18, 2006risk 0.00cvss —epss 0.03
Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access."