Security Vulnerabilities, CVEs, Published In October 2006
CVE-2006-5614
Public exploit
Microsoft Windows NAT Helper Components (ipnathlp.dll) on Windows XP SP2, when Internet Connection Sharing is enabled, allows remote attackers to cause a denial of service (svchost.exe crash) via a malformed DNS query, which results in a null pointer dereference.
Max CVSS
2.6
EPSS Score
97.07%
Published
2006-10-31
Updated
2017-10-19
CVE-2006-5478
Public exploit
Multiple stack-based buffer overflows in Novell eDirectory 8.8.x before 8.8.1 FTF1, and 8.x up to 8.7.3.8, and Novell NetMail before 3.52e FTF2, allow remote attackers to execute arbitrary code via (1) a long HTTP Host header, which triggers an overflow in the BuildRedirectURL function; or vectors related to a username containing a . (dot) character in the (2) SMTP, (3) POP, (4) IMAP, (5) HTTP, or (6) Networked Messaging Application Protocol (NMAP) Netmail services.
Max CVSS
7.5
EPSS Score
95.58%
Published
2006-10-24
Updated
2018-10-17
CVE-2006-5229
Public exploit
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames than invalid ones, as demonstrated by sshtime. NOTE: as of 20061014, it appears that this issue is dependent on the use of manually-set passwords that causes delays when processing /etc/shadow due to an increased number of rounds.
Max CVSS
2.6
EPSS Score
1.05%
Published
2006-10-10
Updated
2018-10-17
CVE-2006-5216
Public exploit
Stack-based buffer overflow in Sergey Lyubka Simple HTTPD (shttpd) 1.34 allows remote attackers to execute arbitrary code via a long URI.
Max CVSS
7.5
EPSS Score
94.70%
Published
2006-10-10
Updated
2017-10-19
CVE-2006-5156
Public exploit
Buffer overflow in McAfee ePolicy Orchestrator before 3.5.0.720 and ProtectionPilot before 1.1.1.126 allows remote attackers to execute arbitrary code via a request to /spipe/pkg/ with a long source header.
Max CVSS
10.0
EPSS Score
97.34%
Published
2006-10-05
Updated
2017-07-20
CVE-2006-5143
Public exploit
Multiple buffer overflows in CA BrightStor ARCserve Backup r11.5 SP1 and earlier, r11.1, and 9.01; BrightStor ARCserve Backup for Windows r11; BrightStor Enterprise Backup 10.5; Server Protection Suite r2; and Business Protection Suite r2 allow remote attackers to execute arbitrary code via crafted data on TCP port 6071 to the Backup Agent RPC Server (DBASVR.exe) using the RPC routines with opcode (1) 0x01, (2) 0x02, or (3) 0x18; invalid stub data on TCP port 6503 to the RPC routines with opcode (4) 0x2b or (5) 0x2d in ASCORE.dll in the Message Engine RPC Server (msgeng.exe); (6) a long hostname on TCP port 41523 to ASBRDCST.DLL in the Discovery Service (casdscsvc.exe); or unspecified vectors related to the (7) Job Engine Service.
Max CVSS
7.5
EPSS Score
96.72%
Published
2006-10-10
Updated
2021-04-09
CVE-2006-5112
Public exploit
Buffer overflow in InterVations NaviCOPA Web Server 2.01 allows remote attackers to execute arbitrary code via a long HTTP GET request.
Max CVSS
7.5
EPSS Score
82.35%
Published
2006-10-03
Updated
2017-10-19
CVE-2006-4842
Public exploit
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files.
Max CVSS
3.6
EPSS Score
0.06%
Published
2006-10-12
Updated
2018-10-17
8 vulnerabilities found