Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2007-02-03 | CVE-2007-0681 | Insufficiently Protected Credentials vulnerability in Extcalendar Project Extcalendar 2 profile.php in ExtCalendar 2 and earlier allows remote attackers to change the passwords of arbitrary users without providing the original password, and possibly perform other unauthorized actions, via modified values to register.php. | 9.8 |
| 2007-01-16 | CVE-2006-6767 | Reachable Assertion vulnerability in Time-Travellers Oftpd oftpd before 0.3.7 allows remote attackers to cause a denial of service (daemon abort) via a (1) LPRT or (2) LPASV command with an unsupported address family, which triggers an assertion failure. | 7.5 |
| 2006-12-29 | CVE-2006-6811 | Reachable Assertion vulnerability in multiple products KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. | 6.5 |
| 2006-12-21 | CVE-2006-6679 | Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. | 7.5 |
| 2006-11-10 | CVE-2006-5847 | Cross-site Scripting vulnerability in Freewebshop Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter. | 6.1 |
| 2006-11-07 | CVE-2006-5779 | Reachable Assertion vulnerability in multiple products OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure. | 7.5 |
| 2006-10-28 | CVE-2006-4574 | Reachable Assertion vulnerability in Wireshark 0.10.1/0.99.2/0.99.3 Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values. | 7.5 |
| 2006-10-17 | CVE-2006-4342 | Improper Locking vulnerability in Redhat Enterprise Linux 3.0 The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked. | 5.5 |
| 2006-10-10 | CVE-2006-4997 | Use After Free vulnerability in multiple products The clip_mkip function in net/atm/clip.c of the ATM subsystem in Linux kernel allows remote attackers to cause a denial of service (panic) via unknown vectors that cause the ATM subsystem to access the memory of socket buffers after they are freed (freed pointer dereference). | 7.5 |
| 2006-10-05 | CVE-2006-5158 | Improper Locking vulnerability in multiple products The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference) and a deadlock. | 7.5 |