The stripos function in PHP before 5.1.5 has unknown impact and attack vectors related to an out-of-bounds read.
Max CVSS
10.0
EPSS Score
4.17%
Published
2006-08-31
Updated
2018-10-30
The cURL extension files (1) ext/curl/interface.c and (2) ext/curl/streams.c in PHP before 5.1.5 permit the CURLOPT_FOLLOWLOCATION option when open_basedir or safe_mode is enabled, which allows attackers to perform unauthorized actions, possibly related to the realpath cache.
Max CVSS
9.3
EPSS Score
2.24%
Published
2006-08-31
Updated
2022-07-19
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
Max CVSS
9.3
EPSS Score
1.05%
Published
2006-08-31
Updated
2022-07-19
Microsoft Terminal Server, when running an application session with the "Start program at logon" and "Override settings from user profile and Client Connection Manager wizard" options, allows local users to execute arbitrary code by forcing an Explorer error. NOTE: a third-party researcher has stated that the options are "a convenience to users" and were not intended to restrict execution of arbitrary code
Max CVSS
10.0
EPSS Score
2.01%
Published
2006-08-31
Updated
2024-03-21
Paessler IPCheck Server Monitor before 5.3.3.639/640 does not properly implement a "list of acceptable host IP addresses in the probe settings," which has unknown impact and attack vectors.
Max CVSS
10.0
EPSS Score
0.19%
Published
2006-08-31
Updated
2008-09-05
VNC server on the AK-Systems Windows Terminal 1.2.5 ExVLP is not password protected, which allows remote attackers to login and view RDP or Citrix sessions.
Max CVSS
10.0
EPSS Score
1.17%
Published
2006-08-23
Updated
2018-10-17

CVE-2006-4305

Public exploit
Buffer overflow in SAP DB and MaxDB before 7.6.00.30 allows remote attackers to execute arbitrary code via a long database name when connecting via a WebDBM client.
Max CVSS
10.0
EPSS Score
96.65%
Published
2006-08-30
Updated
2018-10-17
Buffer overflow in the sppp driver in FreeBSD 4.11 through 6.1, NetBSD 2.0 through 4.0 beta before 20060823, and OpenBSD 3.8 and 3.9 before 20060902 allows remote attackers to cause a denial of service (panic), obtain sensitive information, and possibly execute arbitrary code via crafted Link Control Protocol (LCP) packets with an option length that exceeds the overall length, which triggers the overflow in (1) pppoe and (2) ippp. NOTE: this issue was originally incorrectly reported for the ppp driver.
Max CVSS
10.0
EPSS Score
6.64%
Published
2006-08-24
Updated
2017-07-20
Buffer overflow in Sony VAIO Media Server 2.x, 3.x, 4.x, and 5.x before 20060626 allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
10.0
EPSS Score
14.31%
Published
2006-08-22
Updated
2017-07-20
Symantec Veritas NetBackup PureDisk Remote Office Edition 6.0 before MP1 20060816 allows remote attackers to bypass authentication and gain privileges via unknown attack vectors in the management interface.
Max CVSS
9.0
EPSS Score
5.62%
Published
2006-08-18
Updated
2018-10-17
Stack-based buffer overflow in the IBM Access Support eGatherer ActiveX control before 3.20.0284.0 allows remote attackers to execute arbitrary code via a long filename parameter to the RunEgatherer method.
Max CVSS
9.3
EPSS Score
89.08%
Published
2006-08-18
Updated
2018-10-17
Unspecified vulnerability in phpAutoMembersArea (phpAMA) before 3.2.4 has unknown impact and attack vectors, related to "a potential security exploit which is critical."
Max CVSS
10.0
EPSS Score
0.19%
Published
2006-08-11
Updated
2008-09-05
Unspecified vulnerability in Fenestrae Faxination Server allows remote attackers to execute arbitrary code via a crafted packet.
Max CVSS
10.0
EPSS Score
2.90%
Published
2006-08-09
Updated
2011-03-08
Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).
Max CVSS
10.0
EPSS Score
1.65%
Published
2006-08-09
Updated
2011-09-01
Stack-based buffer overflow in DZIPS32.DLL 6.0.0.4 in ConeXware PowerArchiver 9.62.03 allows user-assisted attackers to execute arbitrary code by adding a new file to a crafted ZIP archive that already contains a file with a long name.
Max CVSS
9.3
EPSS Score
0.45%
Published
2006-08-05
Updated
2018-10-17
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 has unknown impact and remote attackers related to "improper processing of outdated WebScan components."
Max CVSS
9.3
EPSS Score
2.26%
Published
2006-08-04
Updated
2021-04-09
Unspecified vulnerability in CA eTrust Antivirus WebScan before 1.1.0.1048 allows remote attackers to install arbitrary files.
Max CVSS
9.3
EPSS Score
2.26%
Published
2006-08-04
Updated
2021-04-09
Stack-based buffer overflow in bootpd in the DHCP component for Apple Mac OS X 10.3.9 and 10.4.7 allows remote attackers to execute arbitrary code via a crafted BOOTP request.
Max CVSS
10.0
EPSS Score
5.33%
Published
2006-08-02
Updated
2017-07-20
Buffer overflow in the DNS Client service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a crafted record response. NOTE: while MS06-041 implies that there is a single issue, there are multiple vectors, and likely multiple vulnerabilities, related to (1) a heap-based buffer overflow in a DNS server response to the client, (2) a DNS server response with malformed ATMA records, and (3) a length miscalculation in TXT, HINFO, X25, and ISDN records.
Max CVSS
10.0
EPSS Score
93.67%
Published
2006-08-09
Updated
2018-10-12
Buffer overflow in the Winsock API in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via unknown vectors, aka "Winsock Hostname Vulnerability."
Max CVSS
10.0
EPSS Score
90.63%
Published
2006-08-09
Updated
2018-10-12

CVE-2006-3439

Public exploit
Buffer overflow in the Server Service in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers, including anonymous users, to execute arbitrary code via a crafted RPC message, a different vulnerability than CVE-2006-1314.
Max CVSS
10.0
EPSS Score
96.55%
Published
2006-08-09
Updated
2018-10-12
Unspecified vulnerability in Microsoft Hyperlink Object Library (hlink.dll), possibly a buffer overflow, allows user-assisted attackers to execute arbitrary code via crafted hyperlinks that are not properly handled when hlink.dll "uses a file containing a malformed function," aka "Hyperlink Object Function Vulnerability."
Max CVSS
9.3
EPSS Score
2.57%
Published
2006-08-09
Updated
2018-10-12
22 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!