Логотип exploitDog
source:"nvd"
Консоль
Логотип exploitDog

exploitDog

source:"nvd"

Количество 331 614

Количество 331 614

nvd логотип

CVE-2006-6683

около 19 лет назад

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.

CVSS2: 7.8
EPSS: Низкий
nvd логотип

CVE-2006-6682

около 19 лет назад

Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6681

около 19 лет назад

Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6680

около 19 лет назад

Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.

CVSS2: 4.6
EPSS: Низкий
nvd логотип

CVE-2006-6679

около 19 лет назад

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.

CVSS3: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6678

около 19 лет назад

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6677

около 19 лет назад

ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2006-6676

около 19 лет назад

Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.

CVSS2: 9.3
EPSS: Низкий
nvd логотип

CVE-2006-6675

около 19 лет назад

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6674

около 19 лет назад

Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.

CVSS2: 2.1
EPSS: Низкий
nvd логотип

CVE-2006-6673

около 19 лет назад

WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands.

CVSS2: 5
EPSS: Низкий
nvd логотип

CVE-2006-6672

около 19 лет назад

Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6671

около 19 лет назад

SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6670

около 19 лет назад

Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.

CVSS2: 10
EPSS: Низкий
nvd логотип

CVE-2006-6669

около 19 лет назад

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6668

около 19 лет назад

Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
EPSS: Низкий
nvd логотип

CVE-2006-6667

около 19 лет назад

Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6666

около 19 лет назад

PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.

CVSS2: 7.5
EPSS: Низкий
nvd логотип

CVE-2006-6665

около 19 лет назад

Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.

CVSS2: 6.8
EPSS: Высокий
nvd логотип

CVE-2006-6664

около 19 лет назад

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information.

CVSS2: 5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
nvd логотип
CVE-2006-6683

Pedro Lineu Orso chetcpasswd 2.4.1 and earlier verifies and updates user accounts via custom code that processes /etc/shadow and does not follow the PAM configuration, which might allow remote attackers to bypass intended restrictions implemented through PAM.

CVSS2: 7.8
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6682

Pedro Lineu Orso chetcpasswd 2.3.3 provides a different error message when a request with a valid username fails, compared to a request with an invalid username, which allows remote attackers to determine valid usernames on the system.

CVSS2: 5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6681

Pedro Lineu Orso chetcpasswd 2.3.3 does not have a rate limit for client requests, which might allow remote attackers to determine passwords via a dictionary attack.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6680

Pedro Lineu Orso chetcpasswd before 2.3.1 does not document the need for 0400 permissions on /etc/chetcpasswd.allow, which might allow local users to gain sensitive information by reading this file.

CVSS2: 4.6
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6679

Pedro Lineu Orso chetcpasswd before 2.4 relies on the X-Forwarded-For HTTP header when verifying a client's status on an IP address ACL, which allows remote attackers to gain unauthorized access by spoofing this header.

CVSS3: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6678

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6677

ESET NOD32 Antivirus before 1.1743 allows remote attackers to cause a denial of service (crash) via a crafted .CHM file that triggers a divide-by-zero error.

CVSS2: 2.6
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6676

Integer overflow in the (a) OLE2 and (b) CHM parsers for ESET NOD32 Antivirus before 1.1743 allows remote attackers to execute arbitrary code via a crafted (1) .DOC or (2) .CAB file that triggers a heap-based buffer overflow.

CVSS2: 9.3
8%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6675

Cross-site scripting (XSS) vulnerability in Novell NetWare 6.5 Support Pack 5 and 6 and Novell Apache on NetWare 2.0.48 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters in Welcome web-app.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6674

Ozeki HTTP-SMS Gateway 1.0, and possibly earlier, stores usernames and passwords in plaintext in the HKLM\Software\Ozeki\SMSServer\CurrentVersion\Plugins\httpsmsgate registry key, which allows local users to obtain sensitive information.

CVSS2: 2.1
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6673

WinFtp Server 2.0.2 allows remote attackers to cause a denial of service (crash) via long (1) PASV, (2) LIST, (3) USER, (4) PORT, and possibly other commands.

CVSS2: 5
5%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6672

Multiple SQL injection vulnerabilities in Burak Yylmaz Download Portal allow remote attackers to execute arbitrary SQL commands via the (1) kid or possibly (2) id parameter to (a) HABERLER.ASP and (b) ASPKAT.ASP. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6671

SQL injection vulnerability in down.asp in Burak Yylmaz Download Portal allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS2: 7.5
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6670

Unspecified vulnerability in Nortel CallPilot 4.x Server has unknown impact and attack vectors, aka P-2006-0011-GLOBAL.

CVSS2: 10
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6669

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6668

Cross-site scripting (XSS) vulnerability in VerliAdmin 0.3 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6667

Multiple SQL injection vulnerabilities in VerliAdmin 0.3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) nick_mod or (2) nick parameter to (a) repass.php or (b) verify.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 7.5
0%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6666

PHP remote file inclusion vulnerability in index.php in VerliAdmin 0.3 and earlier allows remote authenticated users to execute arbitrary PHP code via a URL in the q parameter.

CVSS2: 7.5
5%
Низкий
около 19 лет назад
nvd логотип
CVE-2006-6665

Buffer overflow in Astonsoft DeepBurner Pro and Free 1.8.0 and earlier allows user-assisted remote attackers to execute arbitrary code via a long file name tag in a dbr file.

CVSS2: 6.8
76%
Высокий
около 19 лет назад
nvd логотип
CVE-2006-6664

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service (application crash) or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details were obtained from third party information.

CVSS2: 5
2%
Низкий
около 19 лет назад

Уязвимостей на страницу