Weekly Vulnerabilities Reports > December 18 to 24, 2006
Overview
134 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 53 high severity vulnerabilities. This weekly summary report vulnerabilities in 131 products from 92 vendors including Mozilla, AVG, Comodo, Netbsd, and Filseclab. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Code Injection", "Resource Management Errors", "Permissions, Privileges, and Access Controls", and "Improper Input Validation".
- 111 reported vulnerabilities are remotely exploitables.
- 27 reported vulnerabilities have public exploit available.
- 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 121 reported vulnerabilities are exploitable by an anonymous user.
- Mozilla has the most reported vulnerabilities, with 10 reported vulnerabilities.
- Apple has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-23 | CVE-2006-6713 | Hitachi | Multiple vulnerability in Hitachi Directory Server LDAP Request Handling Buffer overflow in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allows remote attackers to execute arbitrary code via crafted LDAP requests. | 10.0 |
2006-12-20 | CVE-2006-6670 | Nortel | Unspecified vulnerability in Nortel Callpilot Server 4.X Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL. | 10.0 |
2006-12-19 | CVE-2006-6636 | IBM | Unspecified vulnerability in IBM WebSphere Utility Classes Unspecified vulnerability in the Utility Classes for IBM WebSphere Application Server (WAS) before 5.1.1.13 and 6.x before 6.0.2.17 has unknown impact and attack vectors. | 10.0 |
2006-12-19 | CVE-2006-6605 | Mailenable | Remote Buffer Overflow vulnerability in Mailenable products Stack-based buffer overflow in the POP service in MailEnable Standard 1.98 and earlier; Professional 1.84, and 2.35 and earlier; and Enterprise 1.41, and 2.35 and earlier before ME-10026 allows remote attackers to execute arbitrary code via a long argument to the PASS command. | 10.0 |
2006-12-18 | CVE-2006-6627 | Softwin | Integer Overflow vulnerability in Multiple BitDefender Products Parsing Engine Integer overflow in the packed PE file parsing implementation in BitDefender products before 20060829, including Antivirus, Antivirus Plus, Internet Security, Mail Protection for Enterprises, and Online Scanner; and BitDefender products for Microsoft ISA Server and Exchange 5.5 through 2003; allows remote attackers to execute arbitrary code via a crafted file, which triggers a heap-based buffer overflow, aka the "cevakrnl.xmd vulnerability." | 10.0 |
2006-12-21 | CVE-2006-6676 | Eset Software | Numeric Errors vulnerability in Eset Software Nod32 Antivirus 1.0.11/1.0.12/1.0.13 Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow. | 9.3 |
2006-12-20 | CVE-2006-6504 | Mozilla Canonical | Code Injection vulnerability in multiple products Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to execute arbitrary code by appending an SVG comment DOM node to another type of document, which triggers memory corruption. | 9.3 |
2006-12-20 | CVE-2006-6652 | Apple Netbsd | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Buffer overflow in the glob implementation (glob.c) in libc in NetBSD-current before 20050914, NetBSD 2.* and 3.* before 20061203, and Apple Mac OS X before 2007-004, as used by the FTP daemon and tnftpd, allows remote authenticated users to execute arbitrary code via a long pathname that results from path expansion. | 9.0 |
53 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-23 | CVE-2006-6714 | Hitachi | Multiple vulnerability in Hitachi Directory Server LDAP Request Handling Multiple memory leaks in Hitachi Directory Server 2 P-2444-A124 before 02-11-/K on Windows, and P-1B44-A121 before 02-10-/V on HP-UX, allow remote attackers to cause a denial of service (memory consumption) via invalid LDAP requests. | 7.8 |
2006-12-21 | CVE-2006-6683 | Pedro Lineu Orso | Permissions, Privileges, and Access Controls vulnerability in Pedro Lineu Orso Chetcpasswd Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM. | 7.8 |
2006-12-23 | CVE-2006-6722 | Jelle DE VOS | Unspecified vulnerability in Jelle DE VOS Bandwebsite 1.5 Bandwebsite (aka Bandsite portal system) 1.5 allows remote attackers to create administrative accounts via a direct request to admin.php with the Login parameter set to 1. | 7.5 |
2006-12-23 | CVE-2006-6720 | Azucar CMS | Code Injection vulnerability in Azucar CMS Azucar CMS 1.3 PHP remote file inclusion vulnerability in admin/index_sitios.php in Azucar CMS 1.3 allows remote attackers to execute arbitrary PHP code via a URL in the _VIEW parameter. | 7.5 |
2006-12-23 | CVE-2006-6718 | Alliedtelesyn | Cross-Site Request Forgery vulnerability in AT-9000/24 The Allied Telesis AT-9000/24 Ethernet switch has a default password for its admin account, "manager," which allows remote attackers to perform unauthorized actions. | 7.5 |
2006-12-23 | CVE-2006-6717 | Alliedtelesyn | Unspecified vulnerability in Alliedtelesyn At-9000 24 Ethernetswitch The Allied Telesis AT-9000/24 Ethernet switch accepts management packets from arbitrary VLANs, contrary to the documentation, which allows remote attackers to conduct attacks against the switch from unexpected locations. | 7.5 |
2006-12-23 | CVE-2006-6716 | Eric Guillaume | SQL Injection vulnerability in Eric Guillaume Upload Download DE Fichiers 3 SQL injection vulnerability in administration/administre2.php in Eric GUILLAUME uploader&downloader 3 allows remote attackers to execute arbitrary SQL commands via the id_user parameter. | 7.5 |
2006-12-23 | CVE-2006-6711 | Newxooper | Remote File Include vulnerability in Newxooper 0.9.1 PHP remote file inclusion vulnerability in compteur/mapage.php in Newxooper 0.9.1 allows remote attackers to execute arbitrary PHP code via a URL in the chemin parameter. | 7.5 |
2006-12-23 | CVE-2006-6710 | Matteolucarelli | Code Injection vulnerability in Matteolucarelli Pgmreloaded Multiple PHP remote file inclusion vulnerabilities in PgmReloaded 0.8.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the (1) lang parameter to (a) index.php, the (2) CFG[libdir] and (3) CFG[localedir] parameters to (b) common.inc.php, and the CFG[localelangdir] parameter to (c) form_header.php. | 7.5 |
2006-12-23 | CVE-2006-6709 | Mginternet | Input Validation vulnerability in MGInternet Property Site Manager Multiple SQL injection vulnerabilities in MGinternet Property Site Manager allow remote attackers to execute arbitrary SQL commands via the (1) p parameter to (a) detail.asp; the (2) l, (3) typ, or (4) loc parameter to (b) listings.asp; or the (5) Password or (6) Username parameter to (c) admin_login.asp. | 7.5 |
2006-12-23 | CVE-2006-6707 | Mcafee | Remote Buffer Overflow vulnerability in Mcafee Neotrace and Visual Trace Stack-based buffer overflow in the NeoTraceExplorer.NeoTraceLoader ActiveX control (NeoTraceExplorer.dll) in NeoTrace Express 3.25 and NeoTrace Pro (aka McAfee Visual Trace) 3.25 allows remote attackers to execute arbitrary code via a long argument string to the TraceTarget method. | 7.5 |
2006-12-23 | CVE-2006-6701 | Atmail | Cross-Site Request Forgery (CSRF) vulnerability in Atmail Webmail 3.0/4.0/4.51 Cross-site request forgery (CSRF) vulnerability in util.pl in @Mail WebMail 4.51, and util.php in 5.x before 5.03, allows remote attackers to modify arbitrary settings and perform unauthorized actions as an arbitrary user, as demonstrated using a settings action in the SRC attribute of an IMG element in an HTML e-mail. | 7.5 |
2006-12-22 | CVE-2006-6697 | Oracle | HTTP Response Splitting vulnerability in Oracle Application Server Portal 10G/9.0.2 CRLF injection vulnerability in webapp/jsp/calendar.jsp in Oracle Portal 10g and earlier, including 9.0.2, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter. | 7.5 |
2006-12-21 | CVE-2006-6694 | Scriptsfrenzy COM | Remote File Include vulnerability in Scriptsfrenzy.Com E-Uploader PRO 1.0 Directory traversal vulnerability in include/config.php in E-Uploader Pro 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a .. | 7.5 |
2006-12-21 | CVE-2006-6691 | Valdersoft | Remote File Include vulnerability in Valdersoft Shopping Cart 3.0 Multiple PHP remote file inclusion vulnerabilities in Valdersoft Shopping Cart 3.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the commonIncludePath parameter to (1) admin/include/common.php, (2) include/common.php, or (3) common_include/common.php. | 7.5 |
2006-12-21 | CVE-2006-6690 | Typo3 | Remote Command Execution vulnerability in Typo3 Class.TX_RTEHTMLArea_PI1.PHP rtehtmlarea/pi1/class.tx_rtehtmlarea_pi1.php in Typo3 4.0.0 through 4.0.3, 3.7 and 3.8 with the rtehtmlarea extension, and 4.1 beta allows remote authenticated users to execute arbitrary commands via shell metacharacters in the userUid parameter to rtehtmlarea/htmlarea/plugins/SpellChecker/spell-check-logic.php, and possibly another vector. | 7.5 |
2006-12-21 | CVE-2006-6689 | Paristemi | Code Injection vulnerability in Paristemi Multiple PHP remote file inclusion vulnerabilities in Paristemi 0.8.3 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the SERVER_DIRECTORY parameter to unspecified scripts, a different vector than CVE-2006-6739. | 7.5 |
2006-12-21 | CVE-2006-6688 | WEB APP NET | Input Validation vulnerability in Web-App.Org and Web-App.Net Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET) allows remote attackers to bypass filtering mechanisms via unknown vectors. | 7.5 |
2006-12-21 | CVE-2006-6684 | Pedro Lineu Orso | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Pedro Lineu Orso Chetcpasswd Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd before 2.4 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long X-Forwarded-For HTTP header. | 7.5 |
2006-12-21 | CVE-2006-6681 | Chetcpasswd | Resource Management Errors vulnerability in Chetcpasswd 2.3.3 Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack. | 7.5 |
2006-12-21 | CVE-2006-6679 | Chetcpasswd Project | Incorrect Authorization vulnerability in Chetcpasswd Project Chetcpasswd Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header. | 7.5 |
2006-12-21 | CVE-2006-6678 | Netrik | Remote Arbitrary Command Execution vulnerability in Netrik 1.15.2 The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename. | 7.5 |
2006-12-21 | CVE-2006-6672 | Maxiasp | SQL-Injection vulnerability in Maxiasp Burak Yilmaz Download Portal 0 Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. | 7.5 |
2006-12-21 | CVE-2006-6671 | Maxiasp | SQL Injection vulnerability in Maxiasp Burak Yilmaz Download Portal 0 SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-12-20 | CVE-2006-6667 | Verliadmin | SQL-Injection vulnerability in VerliAdmin Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. | 7.5 |
2006-12-20 | CVE-2006-6666 | Verliadmin | Remote File Include vulnerability in VerliAdmin PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter. | 7.5 |
2006-12-20 | CVE-2006-6661 | PHP Update | Remote Security vulnerability in Php-Update Variable overwrite vulnerability in blog.php in PHP-Update 2.7 and earlier allows remote attackers to overwrite arbitrary program variables and execute arbitrary PHP code via multiple vectors that use the extract function, as demonstrated by the (1) f, (2) newmessage, (3) newusername, (4) adminuser, and (5) permission parameters. | 7.5 |
2006-12-20 | CVE-2006-6648 | Planetluc COM | Remote File Include vulnerability in PanetLuc.Com RateMe Main.Inc.PHP PHP remote file inclusion vulnerability in main.inc.php in planetluc.com RateMe 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the pathtoscript parameter. | 7.5 |
2006-12-20 | CVE-2006-6645 | Mxbb | Remote File Include vulnerability in MXBB Web Links Module MX_Root_Path PHP remote file inclusion vulnerability in language/lang_english/lang_admin.php in the Web Links (mx_links) 2.05 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the mx_root_path parameter. | 7.5 |
2006-12-20 | CVE-2006-6642 | Contra Haber Sistemi | SQL Injection vulnerability in Contra Haber Sistemi Contra Haber Sistemi 1.0 SQL injection vulnerability in haber.asp in Contra Haber Sistemi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
2006-12-20 | CVE-2006-6641 | Arcserve Broadcom Cleverpath Etrust Unicenter | Unspecified vulnerability in CA CleverPath Portal before maintenance version 4.71.001_179_060830, as used in multiple products including BrightStor Portal r11.1, CleverPath Aion BPM r10 through r10.2, eTrust Security Command Center r1 and r8, and Unicenter, does not properly handle when multiple Portal servers are started at the same time and share the same data store, which might cause a Portal user to inherit the session and credentials of a user who is on another Portal server. | 7.5 |
2006-12-19 | CVE-2006-6106 | Linux | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Linux Kernel Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via CAPI messages with a large value for the length of the (1) manu (manufacturer) or (2) serial (serial number) field. | 7.5 |
2006-12-18 | CVE-2006-6635 | Jumbacms | Remote File Include vulnerability in Jumbacms Build2 PHP remote file inclusion vulnerability in includes/functions.php in JumbaCMS 0.0.1 allows remote attackers to execute arbitrary PHP code via a URL in the jcms_root_path parameter. | 7.5 |
2006-12-18 | CVE-2006-6634 | Mambo | Remote File Include vulnerability in ExtCalThai Mambo Component Multiple PHP remote file inclusion vulnerabilities in the ExtCalThai (com_extcalendar) 0.9.1 and earlier component for Mambo allow remote attackers to execute arbitrary PHP code via a URL in (1) the CONFIG_EXT[LANGUAGES_DIR] parameter to admin_events.php, (2) the mosConfig_absolute_path parameter to extcalendar.php, or (3) the CONFIG_EXT[LIB_DIR] parameter to lib/mail.inc.php. | 7.5 |
2006-12-18 | CVE-2006-6633 | Yapbb | Remote File Include vulnerability in Yapbb 1.1/1.2 PHP remote file inclusion vulnerability in include/yapbb_session.php in YapBB 1.2 Beta2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALS[include_Bit] parameter. | 7.5 |
2006-12-18 | CVE-2006-6630 | Ibiblio | Remote Security vulnerability in Ibiblio Osprey 1.0 PHP remote file inclusion vulnerability in ListRecords.php in osprey 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | 7.5 |
2006-12-18 | CVE-2006-6629 | Webwork | Unspecified vulnerability in Webwork Program Generation Language lib/WeBWorK/PG/Translator.pm in WeBWorK Program Generation (PG) Language before 2.3.1 uses an insufficiently restrictive regular expression to determine valid macro filenames, which allows attackers to load arbitrary macro files whose names contain the strings (1) dangerousMacros.pl, (2) PG.pl, or (3) IO.pl. | 7.5 |
2006-12-18 | CVE-2006-6615 | Mxbb | Remote File Include vulnerability in Mxbb Activity Games Module 0.92 PHP remote file inclusion vulnerability in includes/act_constants.php in the Activity Games (mx_act) 0.92 module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 7.5 |
2006-12-18 | CVE-2006-6612 | Phpmycms | Remote File Include vulnerability in PHPmycms 0.3 PHP remote file inclusion vulnerability in basic.inc.php in PhpMyCms 0.3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath_start parameter. | 7.5 |
2006-12-18 | CVE-2006-6611 | Barman | Remote File Include vulnerability in Barman 0.0.1Rc3 PHP remote file inclusion vulnerability in interface.php in Barman 0.0.1r3 allows remote attackers to execute arbitrary PHP code via a URL in the basepath parameter. | 7.5 |
2006-12-18 | CVE-2006-6610 | Alientrap | Remote Command Execution and Denial of Service vulnerability in Nexuiz clientcommands in Nexuiz before 2.2.1 has unknown impact and remote attack vectors related to "remote console command injection." | 7.5 |
2006-12-18 | CVE-2006-6608 | HP | Remote Unauthorized Access vulnerability in HP products Unspecified vulnerability in SSH key based authentication in HP Integrated Lights Out (iLO) 1.70 through 1.87, and iLO 2 1.00 through 1.11, on Proliant servers, allows remote attackers to "gain unauthorized access." | 7.5 |
2006-12-18 | CVE-2006-6606 | Clarens | SQL Injection vulnerability in Clarens Jclarens 0.6.1 Multiple SQL injection vulnerabilities in Clarens jclarens before 0.6.2 allow remote attackers to execute arbitrary SQL commands via unspecified vectors. | 7.5 |
2006-12-18 | CVE-2006-5872 | DWS Systems INC | Improper Input Validation vulnerability in DWS Systems Inc. Sql-Ledger 2.6.27 login.pl in SQL-Ledger before 2.6.21 and LedgerSMB before 1.1.5 allows remote attackers to execute arbitrary Perl code via the "-e" flag in the script parameter, which is used as an argument to the perl program. | 7.5 |
2006-12-21 | CVE-2006-6685 | Pedro Lineu Orso | Buffer Errors vulnerability in Pedro Lineu Orso Chetcpasswd 2.3.3 Heap-based buffer overflow in Pedro Lineu Orso chetcpasswd 2.3.3 allows local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long REMOTE_ADDR environment variable. | 7.2 |
2006-12-18 | CVE-2006-6623 | AVG Comodo Filseclab Infoprocess Soft4Ever Symantec | Sygate Personal Firewall 5.6.2808 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
2006-12-18 | CVE-2006-6622 | AVG Comodo Filseclab Infoprocess Soft4Ever Symantec | Soft4Ever Look 'n' Stop (LnS) 2.05p2 before 20061215 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
2006-12-18 | CVE-2006-6621 | AVG Comodo Filseclab Infoprocess Soft4Ever Symantec | Filseclab Personal Firewall 3.0.0.8686 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
2006-12-18 | CVE-2006-6620 | AVG Comodo Filseclab Infoprocess Soft4Ever Symantec | Comodo Personal Firewall 2.3.6.81 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
2006-12-18 | CVE-2006-6619 | AVG Comodo Filseclab Infoprocess Soft4Ever Symantec | AVG Anti-Virus plus Firewall 7.5.431 relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
2006-12-18 | CVE-2006-6618 | AVG Comodo Filseclab Infoprocess Soft4Ever Symantec | AntiHook 3.0.0.23 - Desktop relies on the Process Environment Block (PEB) to identify a process, which allows local users to bypass the product's controls on a process by spoofing the (1) ImagePathName, (2) CommandLine, and (3) WindowTitle fields in the PEB. | 7.2 |
2006-12-20 | CVE-2006-6475 | Mandiant | Denial of Service and Agent Hijacking vulnerability in Mandiant First Response FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode with SSL enabled, allows remote attackers to cause a denial of service (refused connections) via malformed requests, which results in a mishandled exception. | 7.1 |
2006-12-20 | CVE-2006-6502 | Mozilla | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown vectors. | 7.1 |
61 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-22 | CVE-2006-6696 | Microsoft | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft products Double free vulnerability in Microsoft Windows 2000, XP, 2003, and Vista allows local users to gain privileges by calling the MessageBox function with a MB_SERVICE_NOTIFICATION message with crafted data, which sends a HardError message to Client/Server Runtime Server Subsystem (CSRSS) process, which is not properly handled when invoking the UserHardError and GetHardErrorText functions in WINSRV.DLL. | 6.9 |
2006-12-23 | CVE-2006-6721 | Knusperleicht | HTML Injection vulnerability in Knusperleicht Shoutbox 2.6 Multiple cross-site scripting (XSS) vulnerabilities in shout.php in Knusperleicht ShoutBox 2.6 allow remote attackers to inject arbitrary web script or HTML via the (1) sbNick or (2) sbKommentar parameter. | 6.8 |
2006-12-23 | CVE-2006-6708 | Mginternet | Input Validation vulnerability in MGInternet Property Site Manager Cross-site scripting (XSS) vulnerability in listings.asp in MGinternet Property Site Manager allows remote attackers to inject arbitrary web script or HTML via the s parameter. | 6.8 |
2006-12-23 | CVE-2006-6704 | Atmail | Cross-Site Scripting vulnerability in Atmail Webadmin Cross-site scripting (XSS) vulnerability in the Webadmin in @Mail before 4.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving "unescaped data in the database." This vulnerability is addressed in the following product release: @Mail, @Mail Webadmin, 4.6 | 6.8 |
2006-12-23 | CVE-2006-6703 | Oracle | Cross-Site Scripting vulnerability in Oracle Portal Container_Tabs.JSP Multiple cross-site scripting (XSS) vulnerabilities in Oracle Portal 9i and 10g allow remote attackers to inject arbitrary JavaScript via the tc parameter in webapp/jsp/container_tabs.jsp, and other unspecified vectors. | 6.8 |
2006-12-23 | CVE-2006-6702 | Atmail | Cross-Site Scripting vulnerability in Atmail Webmail Cross-site scripting (XSS) vulnerability in Global.pm in @Mail before 4.61 allows remote attackers to inject arbitrary web script or HTML via crafted e-mail messages. | 6.8 |
2006-12-23 | CVE-2006-6700 | Calacode | Cross-Site Scripting vulnerability in Atmail Webmail System Cross-site scripting (XSS) vulnerability in @Mail WebMail allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-12-21 | CVE-2006-6695 | Carsen Klock | Cross-Site Scripting vulnerability in Carsen Klock Textsend 1.4 Multiple cross-site scripting (XSS) vulnerabilities in index.php in Carsen Klock TextSend 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) error or (2) success parameter. | 6.8 |
2006-12-21 | CVE-2006-6686 | Textsend | Remote File Include vulnerability in TextSend Sender.PHP PHP remote file inclusion vulnerability in sender.php in Carsen Klock TextSend 1.5 allows remote attackers to execute arbitrary PHP code via a URL in the ROOT_PATH parameter. | 6.8 |
2006-12-21 | CVE-2006-6675 | Novell | Cross-Site Scripting vulnerability in Novell Apache Http Server and Netware Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app. | 6.8 |
2006-12-20 | CVE-2006-6669 | Webcalendar | Unspecified vulnerability in Webcalendar 1.0.4 Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter. | 6.8 |
2006-12-20 | CVE-2006-6668 | Verliadmin | Cross-Site Scripting vulnerability in VerliAdmin Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 6.8 |
2006-12-20 | CVE-2006-6665 | Astonsoft | Buffer Overflow vulnerability in AstonSoft DeepBurner DBR Compilation Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file. | 6.8 |
2006-12-20 | CVE-2006-6651 | Intel | Remote Code execution vulnerability in Intel 2200Bg Proset Wireless 9.0.3.9 Race condition in W29N51.SYS in the Intel 2200BG wireless driver 9.0.3.9 allows remote attackers to cause memory corruption and execute arbitrary code via a series of crafted beacon frames. | 6.8 |
2006-12-20 | CVE-2006-6650 | Mxbb | Remote File Include vulnerability in MXBB Charts Module Module_Root_Path PHP remote file inclusion vulnerability in charts_constants.php in the Charts (mx_charts) 1.0.0 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 6.8 |
2006-12-20 | CVE-2006-6649 | Hypervm | Cross-Site Scripting vulnerability in Hypervm Cross-site scripting (XSS) vulnerability in display.php in HyperVM 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an encoded frm_action parameter. | 6.8 |
2006-12-20 | CVE-2006-6647 | Drupal | Cross-Site Scripting vulnerability in Drupal Mysite 4.7/5 Cross-site scripting (XSS) vulnerability in the MySite 4.7.x before 4.7.x-3.3 and 5.x before 5.x-1.3 module for Drupal allows remote attackers to inject arbitrary web script or HTML via the Title field when editing a page. | 6.8 |
2006-12-20 | CVE-2006-6646 | Drupal | HTML-Injection vulnerability in Drupal Project and Drupal Project Issue Tracking Multiple cross-site scripting (XSS) vulnerabilities in Drupal (1) Project Issue Tracking 4.7.x-1.0 and 4.7.x-2.0, and (2) Project 4.6.x-1.0, 4.7.x-1.0, and 4.7.x-2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, which do not use the check_plain function. | 6.8 |
2006-12-20 | CVE-2006-6644 | Mxbb | Remote File Include vulnerability in MXBB Meeting Module Module_Root_Path PHP remote file inclusion vulnerability in pages/meeting_constants.php in the Meeting (mx_meeting) 1.1.2 and earlier module for mxBB allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. | 6.8 |
2006-12-20 | CVE-2006-6505 | Mozilla | Remote vulnerability in Mozilla Seamonkey and Thunderbird Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME non-ASCII) headers. | 6.8 |
2006-12-20 | CVE-2006-6503 | Mozilla Debian Canonical | 7PK - Security Features vulnerability in multiple products Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript: URI. | 6.8 |
2006-12-20 | CVE-2006-6501 | Mozilla Debian Canonical | Permissions, Privileges, and Access Controls vulnerability in multiple products Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function. | 6.8 |
2006-12-20 | CVE-2006-6500 | Mozilla Debian Canonical | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products Heap-based buffer overflow in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by setting the CSS cursor to certain images that cause an incorrect size calculation when converting to a Windows bitmap. | 6.8 |
2006-12-20 | CVE-2006-6498 | Mozilla | Remote vulnerability in Mozilla Firefox/SeaMonkey/Thunderbird Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown impact and attack vectors. | 6.8 |
2006-12-20 | CVE-2006-6497 | Mozilla | Remote vulnerability in Mozilla Firefox, Seamonkey and Thunderbird Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and crash) and possibly execute arbitrary code via unknown attack vectors. | 6.8 |
2006-12-19 | CVE-2006-6640 | Omniture | Cross-Site Scripting vulnerability in Omniture Sitecatalyst 0 Multiple cross-site scripting (XSS) vulnerabilities in Omniture SiteCatalyst allow remote attackers to inject arbitrary web script or HTML via the (1) ss parameter in (a) search.asp and the (2) company and (3) username fields on (b) the web login page. | 6.8 |
2006-12-18 | CVE-2006-6632 | Genepi | Remote File Include vulnerability in Genepi Genepi.PHP PHP remote file inclusion vulnerability in genepi.php in Genepi 1.6 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the topdir parameter. | 6.8 |
2006-12-18 | CVE-2006-6631 | Ibiblio | Remote File Include vulnerability in Osprey GetRecord.PHP PHP remote file inclusion vulnerability in lib/xml/oai/GetRecord.php in osprey 1.0 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the lib_dir parameter. | 6.8 |
2006-12-18 | CVE-2006-6626 | Moodle | Input Validation vulnerability in Moodle Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. | 6.8 |
2006-12-18 | CVE-2006-6625 | Moodle | Input Validation vulnerability in Moodle 1.6.1 Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. | 6.8 |
2006-12-18 | CVE-2006-6613 | Phpalbum NET | Local File Include vulnerability in PhpAlbum Language.php Directory traversal vulnerability in language.php in phpAlbum 0.4.1 Beta 6 and earlier, when magic_quotes_gpc is disabled and register_globals is enabled, allows remote attackers to include and execute arbitrary local files or obtain sensitive information via a .. | 6.8 |
2006-12-23 | CVE-2006-6706 | Soumu | SQL Injection vulnerability in Soumu products SQL injection vulnerability in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors in certain web pages. | 6.5 |
2006-12-18 | CVE-2006-6617 | Microsoft | Information Disclosure vulnerability in Microsoft Project Server 2003 projectserver/logon/pdsrequest.asp in Microsoft Project Server 2003 allows remote authenticated users to obtain the MSProjectUser password for a SQL database via a GetInitializationData request, which includes the information in the UserName and Password tags of the response. | 6.5 |
2006-12-18 | CVE-2006-6616 | W00T Gallery | Remote Authentication Bypass vulnerability in W00T Gallery W00T Gallery 1.4.0 index.php in w00t Gallery 1.4.0 allows remote authenticated users with privileges for one installation to gain access to other installations on the same web server, aka "multi-gallery admin session spanning." NOTE: some of these details are obtained from third party information. | 6.0 |
2006-12-23 | CVE-2006-6715 | Powerscripts | Remote File Include vulnerability in PowerClan Footer.Inc.PHP PHP remote file inclusion vulnerability in footer.inc.php in PowerClan 1.14a and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the settings[footer] parameter. | 5.1 |
2006-12-23 | CVE-2006-6719 | GNU | Remote Denial of Service vulnerability in GNU Wget FTP_Syst Function The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command. | 5.0 |
2006-12-23 | CVE-2006-6705 | Soumu | Improper Authentication vulnerability in Soumu products Multiple unspecified vulnerabilities in the template files in Soumu Workflow for Groupmax 01-00 through 01-01, Soumu Workflow 02-00 through 03-03, and Koukyoumuke Soumu Workflow 01-00 through 01-01 allow remote attackers to bypass authentication mechanisms on web pages via unknown vectors. | 5.0 |
2006-12-23 | CVE-2006-6699 | Oracle | Remote Security vulnerability in Oracle Application Server Portal 9.0.2 Multiple CRLF injection vulnerabilities in Oracle Portal 9.0.2 and possibly other versions allow remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the enc parameter to (1) calendarDialog.jsp or (2) fred.jsp. | 5.0 |
2006-12-21 | CVE-2006-6682 | Chetcpasswd Project | 7PK - Errors vulnerability in Chetcpasswd Project Chetcpasswd 2.3.3 Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system. | 5.0 |
2006-12-21 | CVE-2006-6104 | Mono | Information Disclosure vulnerability in Mono XSP 1.1/1.2.1/2.0 The System.Web class in the XSP for ASP.NET server 1.1 through 2.0 in Mono does not properly verify local pathnames, which allows remote attackers to (1) read source code by appending a space (%20) to a URI, and (2) read credentials via a request for Web.Config%20. | 5.0 |
2006-12-21 | CVE-2006-6673 | Winftp Server | Denial-Of-Service vulnerability in Winftp Server Winftp Server 2.0.2 WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands. | 5.0 |
2006-12-20 | CVE-2006-6664 | Marathon Aleph ONE | Denial-Of-Service vulnerability in Marathon Aleph One Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. | 5.0 |
2006-12-20 | CVE-2006-6663 | Marathon Aleph ONE | Denial Of Service vulnerability in Marathon Aleph One The server component in Marathon Aleph One before 0.17.1 and 2006-12-17 allows remote attackers to cause a denial of service (application crash) via unspecified vectors related to "gathering net games." | 5.0 |
2006-12-20 | CVE-2006-6659 | Microsoft | Remote Internet Explorer Denial of Service vulnerability in Microsoft IE, Outlook and Windows XP The Microsoft Office Outlook Recipient ActiveX control (ole32.dll) in Windows XP SP2 allows remote attackers to cause a denial of service (Internet Explorer 7 hang) via crafted HTML. | 5.0 |
2006-12-20 | CVE-2006-6658 | Inktomi | Information Disclosure vulnerability in Inktomi Search 4.1.4 Inktomi Search 4.1.4 allows remote attackers to obtain sensitive information via direct requests with missing parameters to (1) help/header.html, (2) thesaurus.html, and (3) topics.html, which leak the installation path in the resulting error message, a related issue to CVE-2006-5970. | 5.0 |
2006-12-20 | CVE-2006-6643 | Fightersoft Multimedia | Remote Denial of Service vulnerability in Fightersoft Multimedia Star FTP Server 1.10 Fightersoft Multimedia Star FTP server 1.10 allows remote attackers to cause a denial of service (crash) via multiple RETR commands with long arguments. | 5.0 |
2006-12-19 | CVE-2006-6638 | IBM | Remote SQLJRA Packet Denial of Service vulnerability in IBM DB2 IBM DB2 8.1 before FixPak 14 allows remote attackers to cause a denial of service via a crafted SQLJRA packet, which causes a NULL pointer dereference in the sqle_db2ra_as_recvrequest function in DB2ENGN.DLL, a different issue than CVE-2006-4257. | 5.0 |
2006-12-19 | CVE-2006-6637 | IBM | Information Exposure vulnerability in IBM Websphere Application Server The Servlet Engine and Web Container in IBM WebSphere Application Server (WAS) before 6.0.2.17, when ibm-web-ext.xmi sets fileServingEnabled to true and servlet caching is enabled, allows remote attackers to obtain JSP source code and other sensitive information via "specific requests." | 5.0 |
2006-12-18 | CVE-2006-6609 | Alientrap | Remote Command Execution and Denial of Service vulnerability in Nexuiz Nexuiz before 2.2.1 allows remote attackers to cause a denial of service (resource exhaustion or crash) via unspecified vectors related to "fake players." NOTE: some of these details are obtained from third party information. | 5.0 |
2006-12-19 | CVE-2006-3896 | Neoscale Systems | Authentication Bypass vulnerability in NeoScale Systems CryptoStor Tape 700 Series Appliance SmartCard The NeoScale Systems CryptoStor 700 series appliance before 2.6 relies on client-side ActiveX code for smartcard authentication, which allows remote attackers to bypass smartcard authentication, and gain access if able to present a valid username and password, by disabling ActiveX. | 4.9 |
2006-12-21 | CVE-2006-6680 | Chetcpasswd | Information Disclosure vulnerability in Chetcpasswd 2.2.1 Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file. | 4.6 |
2006-12-20 | CVE-2006-4814 | Linux | Resource Management Errors vulnerability in Linux Kernel The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock. | 4.6 |
2006-12-19 | CVE-2006-6639 | Chetcpasswd | Local Privilege Escalation vulnerability in Chetcpasswd 2.4.1 Multiple unspecified vulnerabilities in chetcpasswd 2.4.1 allow local users to gain privileges via unspecified vectors related to executing (1) the cp program, (2) the mail program, or (3) the program specified in the post_change configuration line. | 4.6 |
2006-12-21 | CVE-2006-6687 | WEB APP NET | Cross-Site Scripting vulnerability in Web-App.Net Webapp 0.9.9.3.4/0.9.9.4 Cross-site scripting (XSS) vulnerability in Web Automated Perl Portal (WebAPP) 0.9.9.4, and 0.9.9.3.4 Network Edition (NE) (aka WebAPP.NET), allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
2006-12-20 | CVE-2006-6660 | KDE | Denial Of Service vulnerability in KDE LibkHTML NodeType Function The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag. | 4.3 |
2006-12-20 | CVE-2006-6654 | Netbsd | Denial-Of-Service vulnerability in NetBSD The sendmsg function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029, when run on a 64-bit architecture, allows attackers to cause a denial of service (kernel panic) via an invalid msg_controllen parameter to the sendit function. | 4.3 |
2006-12-20 | CVE-2006-6507 | Mozilla | Remote vulnerability in Mozilla Firefox 2.0 Mozilla Firefox 2.0 before 2.0.0.1 allows remote attackers to bypass Cross-Site Scripting (XSS) protection via vectors related to a Function.prototype regression error. | 4.3 |
2006-12-20 | CVE-2006-6506 | Mozilla | Remote vulnerability in Mozilla Firefox 2.0 The "Feed Preview" feature in Mozilla Firefox 2.0 before 2.0.0.1 sends the URL of the feed when requesting favicon.ico icons, which results in a privacy leak that might allow feed viewing services to determine browsing habits. | 4.3 |
2006-12-18 | CVE-2006-6628 | Openoffice | Remote Word File Integer Overflow vulnerability in Openoffice 2.1 Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase. | 4.3 |
2006-12-20 | CVE-2006-6662 | Suse | Local Security vulnerability in Suse products Unspecified vulnerability in Linux User Management (novell-lum) on SUSE Linux Enterprise Desktop 10 and Open Enterprise Server 9, under unspecified conditions, allows local users to log in to the console without a password. | 4.1 |
2006-12-18 | CVE-2006-6624 | Sambar | Remote Denial of Service vulnerability in Sambar Server 6.4 The FTP Server in Sambar Server 6.4 allows remote authenticated users to cause a denial of service (application crash) via a long series of "./" sequences in the SIZE command. | 4.0 |
12 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2006-12-18 | CVE-2006-6607 | IBM | Local Information Disclosure vulnerability in IBM Tivoli Identity Manager 4.6 The Java Key Store (JKS) for WebSphere Application Server (WAS) for IBM Tivoli Identity Manager (ITIM) 4.6 places the JKS password in a -Djavax.net.ssl.trustStorePassword command line argument, which allows local users to obtain the password by listing the process or using other methods. | 2.7 |
2006-12-21 | CVE-2006-6677 | Eset Software | File Parsing vulnerability in Eset Software Nod32 Antivirus 1.0.11/1.0.12/1.0.13 ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error. | 2.6 |
2006-12-20 | CVE-2006-5681 | Apple | Information Disclosure vulnerability in Apple Mac OS X Quicktime For Java QuickTime for Java on Mac OS X 10.4 through 10.4.8, when used with Quartz Composer, allows remote attackers to obtain sensitive information (screen images) via a Java applet that accesses images that are being rendered by other embedded QuickTime objects. | 2.6 |
2006-12-20 | CVE-2006-6477 | Mandiant | Denial of Service and Agent Hijacking vulnerability in Mandiant First Response FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and configured to use only HTTP, allows local users to modify requests and responses between a client and an agent by hijacking an HTTP FRAgent daemon and conducting a man-in-the-middle (MITM) attack. | 2.4 |
2006-12-20 | CVE-2006-6476 | Mandiant | Denial of Service and Agent Hijacking vulnerability in Mandiant First Response FRAgent.exe in Mandiant First Response (MFR) before 1.1.1, when run in daemon mode and when the agent is bound to 0.0.0.0 (all interfaces), opens sockets in non-exclusive mode, which allows local users to hijack the socket, and capture data or cause a denial of service (loss of daemon operation). | 2.4 |
2006-12-21 | CVE-2006-6674 | Ozeki | Cryptographic Issues vulnerability in Ozeki Http-Sms Gateway Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information. | 2.1 |
2006-12-20 | CVE-2006-6657 | Netbsd | Local Security vulnerability in NetBSD The if_clone_list function in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read potentially sensitive, uninitialized stack memory via unspecified vectors. | 2.1 |
2006-12-20 | CVE-2006-6656 | Netbsd | Information Disclosure vulnerability in NetBSD Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak. | 2.1 |
2006-12-22 | CVE-2006-6698 | Gnome | Denial of Service vulnerability in Gnome Gconf 2.14.0 The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome. | 1.9 |
2006-12-18 | CVE-2006-6614 | Thomas Lange Debian | Information Disclosure vulnerability in Fully Automated Installation Administrator Hashed Password The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash. | 1.9 |
2006-12-20 | CVE-2006-6655 | Netbsd | Denial-Of-Service vulnerability in NetBSD The procfs implementation in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (kernel panic) by attempting to access /emul/linux/proc/0/stat on a procfs filesystem that was mounted with mount_procfs -o linux, which results in a NULL pointer dereference. | 1.7 |
2006-12-20 | CVE-2006-6653 | Netbsd | Improper Input Validation vulnerability in Netbsd The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket"). | 1.7 |