CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2006(Gain Information)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2006-6119 +Info 2006-11-26 2018-10-17
5.0
None Remote Low Not required Partial None None
mmgallery 1.55 allows remote attackers to obtain sensitive information via a direct request for thumbs.php, which reveals the installation path in various error messages.
2 CVE-2006-6113 +Info 2006-11-28 2018-10-17
5.0
None Remote Low Not required Partial None None
Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.
3 CVE-2006-6085 +Info 2006-11-24 2017-07-20
5.0
None Remote Low Not required Partial None None
Kile before 1.9.3 does not assign a backup file the same permissions as the original file, which might allow local users to obtain sensitive information.
4 CVE-2006-6010 +Info 2006-11-21 2018-10-17
5.0
None Remote Low Not required Partial None None
SAP allows remote attackers to obtain potentially sensitive information such as operating system and SAP version via an RFC_SYSTEM_INFO RfcCallReceive request, a different vulnerability than CVE-2003-0747.
5 CVE-2006-6009 +Info 2006-11-21 2017-07-20
5.0
None Remote Low Not required Partial None None
Unspecified vulnerability in the Java Runtime Environment (JRE) Swing library in JDK and JRE 5.0 Update 7 and earlier allows attackers to obtain certain information via unknown attack vectors, related to an untrusted applet accessing data in other applets.
6 CVE-2006-5979 +Info 2006-11-20 2017-07-20
5.0
None Remote Low Not required Partial None None
Renasoft NetJetServer 2.5.3.939, and possibly earlier, uses insecure permissions for Global.asa, which allows remote attackers to obtain sensitive information. NOTE: the provenance of this information is unknown; details are obtained from third party sources.
7 CVE-2006-5970 +Info 2006-11-18 2018-10-17
5.0
None Remote Low Not required Partial None None
Verity Ultraseek before 5.7 allows remote attackers to obtain sensitive information via direct requests with (1) a null ("%00") terminated url parameter to help/urlstatusgo.html; or missing parameters to (2) help/header.html, (3) help/footer.html, (4) spell.html, (5) coreforma.html, (6) daterange.html, (7) hits.html, (8) hitsnavbottom.html, (9) indexform.html, (10) indexforma.html, (11) languages.html, (12) nohits.html, (13) onehit1.html, (14) onehit2.html, (15) query.html, (16) queryform0.html, (17) queryform0a.html, (18) queryform1.html, (19) queryform1a.html, (20) queryform2.html, (21) queryform2a.html, (22) quicklinks.html, (23) relatedtopics.html, (24) signin.html, (25) subtopics.html, (26) thesaurus.html, (27) topics.html, (28) hitspagebar.html, (29) highlight/highlight.html, (30) highlight/highlight_one.html, and (31) highlight/topnav.html, which leaks the installation path in the resulting error message.
8 CVE-2006-5956 +Info 2006-11-17 2008-09-05
2.1
None Local Low Not required Partial None None
XLineSoft PHPRunner 3.1 stores the (1) database server name, (2) database names, (3) usernames, and (4) passwords in plaintext in %WINDIR%\PHPRunner.ini, which allows local users to obtain sensitive information by reading the file.
9 CVE-2006-5922 +Info 2006-11-15 2018-10-17
5.0
None Remote Low Not required Partial None None
index.php in Wheatblog (wB) allows remote attackers to obtain sensitive information via certain values of the postPtr[] and next parameters, which reveals the path in an error message.
10 CVE-2006-5842 +Info 2006-11-10 2017-07-20
2.1
None Local Low Not required Partial None None
The keystore file in Unicore Client before 5.6 build 5, when running on Unix systems, has insecure default permissions, which allows local users to obtain sensitive information.
11 CVE-2006-5725 200 +Info 2006-11-04 2017-10-19
5.0
None Remote Low Not required Partial None None
The SSL server in AEP Smartgate 4.3b allows remote attackers to determine existence of directories via a direct request for a directory URI, which returns different HTTP status codes for existing and non-existing directories.
12 CVE-2006-5702 200 +Info 2006-11-04 2018-10-17
5.0
None Remote Low Not required Partial None None
Tikiwiki 1.9.5 allows remote attackers to obtain sensitive information (MySQL username and password) via an empty sort_mode parameter in (1) tiki-listpages.php, (2) tiki-lastchanges.php, (3) messu-archive.php, (4) messu-mailbox.php, (5) messu-sent.php, (6) tiki-directory_add_site.php, (7) tiki-directory_ranking.php, (8) tiki-directory_search.php, (9) tiki-forums.php, (10) tiki-view_forum.php, (11) tiki-friends.php, (12) tiki-list_blogs.php, (13) tiki-list_faqs.php, (14) tiki-list_trackers.php, (15) tiki-list_users.php, (16) tiki-my_tiki.php, (17) tiki-notepad_list.php, (18) tiki-orphan_pages.php, (19) tiki-shoutbox.php, (20) tiki-usermenu.php, and (21) tiki-webmail_contacts.php, which reveal the information in certain database error messages.
13 CVE-2006-5651 +Info 2006-11-07 2017-07-20
5.0
None Remote Low Not required Partial None None
list.php in DigiOz Guestbook before 1.7.1 allows remote attackers to obtain sensitive information via a non-numeric page parameter, which displays the installation path in the resulting error message.
Total number of vulnerabilities : 13   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.