CVE-2006-1359

Public exploit
Microsoft Internet Explorer 6 and 7 Beta 2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a certain createTextRange call on a checkbox object, which results in a dereference of an invalid table pointer.
Max CVSS
9.3
EPSS Score
97.33%
Published
2006-03-23
Updated
2021-07-23

CVE-2006-1255

Public exploit
Stack-based buffer overflow in the IMAP service in Mercur Messaging 5.0 SP3 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long string to the (1) LOGIN or (2) SELECT command, a different set of attack vectors and possibly a different vulnerability than CVE-2003-1177.
Max CVSS
10.0
EPSS Score
89.53%
Published
2006-03-19
Updated
2017-07-20

CVE-2006-1148

Public exploit
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.
Max CVSS
7.5
EPSS Score
96.33%
Published
2006-03-10
Updated
2018-10-18

CVE-2006-1016

Public exploit
Buffer overflow in the IsComponentInstalled method in Internet Explorer 6.0, when used on Windows 2000 before SP4 or Windows XP before SP1, allows remote attackers to execute arbitrary code via JavaScript that calls IsComponentInstalled with a long first argument.
Max CVSS
7.5
EPSS Score
88.04%
Published
2006-03-07
Updated
2021-07-23

CVE-2006-0988

Public exploit
The default configuration of the DNS Server service on Windows Server 2003 and Windows 2000, and the Microsoft DNS Server service on Windows NT 4.0, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
Max CVSS
7.8
EPSS Score
1.48%
Published
2006-03-03
Updated
2018-10-18

CVE-2006-0987

Public exploit
The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service (traffic amplification) via DNS queries with spoofed source IP addresses.
Max CVSS
5.0
EPSS Score
1.57%
Published
2006-03-03
Updated
2018-10-18
Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-03-31
Updated
2017-07-20
Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-03-31
Updated
2017-07-20
Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-03-31
Updated
2017-07-20
Direct static code injection vulnerability in config.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote administrators to execute arbitrary PHP code into the config file, which is included other [V]Book scripts.
Max CVSS
7.6
EPSS Score
0.64%
Published
2006-03-31
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) autor, (2) www, (3) temat, and (4) tresc parameters.
Max CVSS
6.8
EPSS Score
2.68%
Published
2006-03-31
Updated
2018-10-18
SQL injection vulnerability in index.php in vscripts (aka Kuba Kunkiewicz) [V]Book (aka VBook) 2.0 allows remote attackers to execute arbitrary SQL commands via the x parameter.
Max CVSS
5.1
EPSS Score
0.92%
Published
2006-03-31
Updated
2018-10-18
Multiple SQL injection vulnerabilities in SkinTech phpNewsManager 1.48 allow remote attackers to execute arbitrary SQL commands via unspecified parameters, possibly (1) id and (2) topicid, in (a) browse.php, (b) category.php, (c) gallery.php, (d) poll.php, and (e) possibly other unspecified scripts. NOTE: portions of the description details are obtained from third party information.
Max CVSS
7.5
EPSS Score
0.73%
Published
2006-03-31
Updated
2018-10-18
SQL injection vulnerability in PHP Script Index allows remote attackers to execute arbitrary SQL commands via the search parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Max CVSS
7.5
EPSS Score
0.18%
Published
2006-03-31
Updated
2011-03-08
Cross-site scripting (XSS) vulnerability in search.php in PHP Script Index allows remote attackers to inject arbitrary web script or HTML via the search parameter.
Max CVSS
6.8
EPSS Score
3.08%
Published
2006-03-31
Updated
2011-03-08
Multiple SQL injection vulnerabilities in X-Changer 0.2 allow remote attackers to execute arbitrary SQL commands via the (1) from and (2) into parameters in a calculate action, and the (3) id parameter in an edit action to index.php.
Max CVSS
7.5
EPSS Score
0.79%
Published
2006-03-31
Updated
2018-10-18
Multiple cross-site scripting (XSS) vulnerabilities in view_caricatier.php in AL-Caricatier 2.5 allow remote attackers to inject arbitrary web script or HTML via the (1) CatName, (2) CaricatierID, or (3) CatID parameter.
Max CVSS
6.8
EPSS Score
0.71%
Published
2006-03-31
Updated
2018-10-18
VSNS Lemon 3.2.0 allows remote attackers to bypass authentication and access password-protected articles by setting the vsns[topic_id] cookie to the targeted topic.
Max CVSS
7.5
EPSS Score
5.01%
Published
2006-03-31
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in VSNS Lemon 3.2.0 allows remote attackers to inject arbitrary web script or HTML via the name parameter while adding a comment.
Max CVSS
2.6
EPSS Score
0.62%
Published
2006-03-31
Updated
2018-10-18
SQL injection vulnerability in functions/final_functions.php in VSNS Lemon 3.2.0, with magic_quotes_gpc disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.
Max CVSS
5.1
EPSS Score
1.11%
Published
2006-03-31
Updated
2018-10-18
Integer overflow in ImageIO in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to cause a denial of service (crash) via a crafted JPEG image with malformed JPEG metadata, as demonstrated using Safari, aka "Deja-Doom".
Max CVSS
5.0
EPSS Score
5.80%
Published
2006-03-31
Updated
2017-07-20
Multiple buffer overflows in the xfig import code (xfig-import.c) in Dia 0.87 and later before 0.95-pre6 allow user-assisted attackers to have an unknown impact via a crafted xfig file, possibly involving an invalid (1) color index, (2) number of points, or (3) depth.
Max CVSS
7.6
EPSS Score
1.28%
Published
2006-03-30
Updated
2018-10-18
Cross-site scripting (XSS) vulnerability in (1) LookupDispatchAction and possibly (2) DispatchAction and (3) ActionDispatcher in Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to inject arbitrary web script or HTML via the parameter name, which is not filtered in the resulting error message.
Max CVSS
4.3
EPSS Score
1.46%
Published
2006-03-30
Updated
2017-07-20

CVE-2006-1547

Known exploited
ActionForm in Apache Software Foundation (ASF) Struts before 1.2.9 with BeanUtils 1.7 allows remote attackers to cause a denial of service via a multipart/form-data encoded form with a parameter name that references the public getMultipartRequestHandler method, which provides further access to elements in the CommonsMultipartRequestHandler implementation and BeanUtils.
Max CVSS
7.8
EPSS Score
1.42%
Published
2006-03-30
Updated
2017-07-20
CISA KEV Added
2022-01-21
Apache Software Foundation (ASF) Struts before 1.2.9 allows remote attackers to bypass validation via a request with a 'org.apache.struts.taglib.html.Constants.CANCEL' parameter, which causes the action to be canceled but would not be detected from applications that do not use the isCancelled check.
Max CVSS
7.5
EPSS Score
1.55%
Published
2006-03-30
Updated
2023-02-13
543 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!