CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In November 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
451 CVE-2006-5643 XSS 2006-11-01 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site scripting (XSS) vulnerability in search_de.html in foresite CMS allows remote attackers to inject arbitrary web script or HTML via the query parameter.
452 CVE-2006-5642 2006-11-01 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
Unspecified vulnerability in NmnLogger 1.0.0 and earlier has unknown impact and attack vectors related to configuration of mesasge drivers.
453 CVE-2006-5641 Exec Code Sql 2006-11-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in MainAnnounce2.asp in Techno Dreams Announcement allows remote attackers to execute arbitrary SQL commands via the key parameter.
454 CVE-2006-5640 Exec Code Sql 2006-11-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in guestbookview.asp in Techno Dreams Guest Book 1.0 earlier allows remote attackers to execute arbitrary SQL commands via the key parameter.
455 CVE-2006-5639 +Priv 2006-11-01 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in the random number generator in OpenWBEM (Web Based Enterprise Management) 3.2.0 allows attackers to gain privileges via vectors related to "local or HTTP Digest authentication."
456 CVE-2006-5638 Exec Code Sql 2006-11-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
Multiple SQL injection vulnerabilities in cherche.php in PHPMyRing 4.2.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) limite and (2) mots parameters.
457 CVE-2006-5637 Exec Code File Inclusion 2006-11-01 2017-10-19
7.5
None Remote Low Not required Partial Partial Partial
PHP remote file inclusion vulnerability in faq_reply.php in Faq Administrator 2.1b allows remote attackers to execute arbitrary PHP code via a URL in the email parameter.
458 CVE-2006-5636 Exec Code File Inclusion 2006-11-01 2018-10-17
5.1
None Remote High Not required Partial Partial Partial
PHP remote file inclusion vulnerability in common.php in Simple Website Software (SWS) 0.99 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the SWSDIR parameter.
459 CVE-2006-5635 Exec Code Sql 2006-11-01 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in forum/search.asp in Web Wiz Forums allows remote attackers to execute arbitrary SQL commands via the KW parameter.
460 CVE-2006-5634 94 Exec Code File Inclusion 2006-11-01 2017-10-19
6.8
None Remote Medium Not required Partial Partial Partial
Multiple PHP remote file inclusion vulnerabilities in phpProfiles 2.1 Beta allow remote attackers to execute arbitrary PHP code via a URL in the (1) reqpath parameter to (a) body.inc.php and (b) body_blog.inc.php in users/include/; or the (2) usrinc parameter in users/include/upload_ht.inc.php.
461 CVE-2006-5487 22 Dir. Trav. 2006-11-10 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Directory traversal vulnerability in Marshal MailMarshal SMTP 5.x, 6.x, and 2006, and MailMarshal for Exchange 5.x, allows remote attackers to write arbitrary files via ".." sequences in filenames in an ARJ compressed archive.
462 CVE-2006-5466 Exec Code Overflow 2006-11-06 2011-03-08
5.4
None Remote High Not required None None Complete
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
463 CVE-2006-5465 Exec Code Overflow 2006-11-04 2018-10-30
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
464 CVE-2006-5464 DoS 2006-11-08 2018-10-17
5.0
None Remote Low Not required None None Partial
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
465 CVE-2006-5463 Exec Code 2006-11-08 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object while it is executing.
466 CVE-2006-5462 2006-11-08 2017-10-11
6.4
None Remote Low Not required Partial Partial None
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature, which allows remote attackers to forge signatures for SSL/TLS and email certificates. NOTE: this identifier is for unpatched product versions that were originally intended to be addressed by CVE-2006-4340.
467 CVE-2006-5461 2006-11-14 2018-10-03
2.1
None Local Low Not required None Partial None
Avahi before 0.6.15 does not verify the sender identity of netlink messages to ensure that they come from the kernel instead of another process, which allows local users to spoof network changes to Avahi.
468 CVE-2006-5397 2006-11-03 2017-07-20
2.1
None Local Low Not required Partial None None
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor.
469 CVE-2006-5198 Exec Code 2006-11-14 2018-10-17
4.0
None Remote High Not required Partial Partial None
The WZFILEVIEW.FileViewCtrl.61 ActiveX control (aka Sky Software "FileView" ActiveX control) for WinZip 10.0 before build 7245 allows remote attackers to execute arbitrary code via unspecified "unsafe methods."
470 CVE-2006-4839 DoS 2006-11-01 2017-07-20
5.0
None Remote Low Not required None None Partial
Sophos Anti-Virus 5.1 allows remote attackers to cause a denial of service (memory consumption) via a file that is compressed with Petite and contains a large number of sections.
471 CVE-2006-4810 Exec Code Overflow 2006-11-08 2018-10-17
4.6
None Local Low Not required Partial Partial Partial
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
472 CVE-2006-4809 DoS Exec Code Overflow 2006-11-07 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
473 CVE-2006-4808 DoS Exec Code Overflow 2006-11-07 2017-07-20
2.6
None Remote High Not required None None Partial
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
474 CVE-2006-4807 DoS 2006-11-07 2017-07-20
2.6
None Remote High Not required None None Partial
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
475 CVE-2006-4806 DoS Exec Code Overflow 2006-11-07 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loader_jpeg.c), or (5) TIFF (loader_tiff.c) images.
476 CVE-2006-4704 1 Exec Code Bypass 2006-11-01 2018-10-17
6.8
None Remote Medium Not required Partial Partial Partial
Cross-zone scripting vulnerability in the WMI Object Broker (WMIScriptUtils.WMIObjectBroker2) ActiveX control (WmiScriptUtils.dll) in Microsoft Visual Studio 2005 allows remote attackers to bypass Internet zone restrictions and execute arbitrary code by instantiating dangerous objects, aka "WMI Object Broker Vulnerability."
477 CVE-2006-4691 Exec Code Overflow 2006-11-14 2018-10-17
10.0
None Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in the NetpManageIPCConnect function in the Workstation service (wkssvc.dll) in Microsoft Windows 2000 SP4 and XP SP2 allows remote attackers to execute arbitrary code via NetrJoinDomain2 RPC messages with a long hostname.
478 CVE-2006-4689 DoS 2006-11-14 2018-10-17
5.0
None Remote Low Not required None None Partial
Unspecified vulnerability in the driver for the Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to cause a denial of service (hang and reboot) via has unknown attack vectors, aka "NetWare Driver Denial of Service Vulnerability."
479 CVE-2006-4688 Exec Code Overflow Mem. Corr. 2006-11-14 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in Client Service for NetWare (CSNW) in Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via crafted messages, aka "Client Service for NetWare Memory Corruption Vulnerability."
480 CVE-2006-4687 119 Exec Code Overflow Mem. Corr. 2006-11-14 2021-07-23
5.1
None Remote High Not required Partial Partial Partial
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via crafted layout combinations involving DIV tags and HTML CSS float properties that trigger memory corruption, aka "HTML Rendering Memory Corruption Vulnerability."
481 CVE-2006-4572 264 Bypass 2006-11-07 2012-03-19
7.5
None Remote Low Not required Partial Partial Partial
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."
482 CVE-2006-4521 DoS 2006-11-04 2017-07-20
5.0
None Remote Low Not required None None Partial
The BerDecodeLoginDataRequest function in the libnmasldap.so NMAS module in Novell eDirectory 8.8 and 8.8.1 before the Security Services 2.0.3 patch does not properly increment a pointer when handling certain input, which allows remote attackers to cause a denial of service (invalid memory access) via a crafted login request.
483 CVE-2006-4518 DoS 2006-11-28 2017-07-20
5.0
None Remote Low Not required None None Partial
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
484 CVE-2006-4517 189 DoS 2006-11-01 2017-07-20
7.8
None Remote Low Not required None None Complete
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
485 CVE-2006-4514 119 Exec Code Overflow 2006-11-30 2018-10-17
7.5
None Remote Low Not required Partial Partial Partial
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
486 CVE-2006-4413 +Priv 2006-11-18 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
487 CVE-2006-4412 Exec Code 2006-11-30 2017-07-20
6.8
None Remote Medium Not required Partial Partial Partial
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
488 CVE-2006-4411 +Priv 2006-11-30 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
489 CVE-2006-4410 2006-11-30 2011-03-08
7.5
None Remote Low Not required Partial Partial Partial
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
490 CVE-2006-4409 2006-11-30 2011-03-08
5.0
None Remote Low Not required None Partial None
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
491 CVE-2006-4408 DoS 2006-11-30 2011-03-08
5.0
None Remote Low Not required None None Partial
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
492 CVE-2006-4407 2006-11-30 2011-03-08
5.0
None Remote Low Not required Partial None None
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
493 CVE-2006-4406 Exec Code Overflow 2006-11-30 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
494 CVE-2006-4404 2006-11-30 2011-03-08
10.0
None Remote Low Not required Complete Complete Complete
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
495 CVE-2006-4403 DoS 2006-11-30 2017-07-20
4.0
None Remote High Not required Partial None Partial
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
496 CVE-2006-4402 Exec Code Overflow 2006-11-30 2017-07-20
5.1
None Remote High Not required Partial Partial Partial
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
497 CVE-2006-4401 Exec Code 2006-11-30 2011-03-08
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
498 CVE-2006-4400 Exec Code Overflow 2006-11-30 2011-03-08
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
499 CVE-2006-4398 Exec Code Overflow 2006-11-30 2011-03-08
7.2
None Local Low Not required Complete Complete Complete
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
500 CVE-2006-4396 2006-11-30 2011-03-08
4.6
None Local Low Not required Partial Partial Partial
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.
Total number of vulnerabilities : 507   Page : 1 2 3 4 5 6 7 8 9 10 (This Page)11
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.