Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 796

Количество 63 796

ubuntu логотип

CVE-2006-6719

около 19 лет назад

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2006-6712

около 19 лет назад

Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2006-6698

около 19 лет назад

The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.

CVSS2: 1.9
EPSS: Низкий
ubuntu логотип

CVE-2006-6693

около 19 лет назад

Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6692

около 19 лет назад

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6678

около 19 лет назад

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6669

около 19 лет назад

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2006-6660

около 19 лет назад

The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2006-6628

около 19 лет назад

Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2006-6626

около 19 лет назад

Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2006-6625

около 19 лет назад

Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2006-6604

около 19 лет назад

Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.

CVSS2: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6600

около 19 лет назад

Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.

CVSS2: 6
EPSS: Низкий
ubuntu логотип

CVE-2006-6599

около 19 лет назад

maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.

CVSS2: 6
EPSS: Низкий
ubuntu логотип

CVE-2006-6598

около 19 лет назад

Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.

CVSS2: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2006-6585

около 19 лет назад

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.

CVSS2: 6.4
EPSS: Низкий
ubuntu логотип

CVE-2006-6574

около 19 лет назад

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2006-6563

около 19 лет назад

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

CVSS2: 6.6
EPSS: Низкий
ubuntu логотип

CVE-2006-6535

около 19 лет назад

The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.

CVSS2: 9.4
EPSS: Низкий
ubuntu логотип

CVE-2006-6508

около 19 лет назад

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2006-6719

The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.

CVSS2: 5
5%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6712

Cross-site scripting (XSS) vulnerability in SugarCRM Open Source 4.5.0f and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in crafted email messages.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6698

The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of time, which prevents other users from using Gnome.

CVSS2: 1.9
0%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6693

Multiple buffer overflows in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via long strings to the (1) zabbix_log and (2) zabbix_syslog functions.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6692

Multiple format string vulnerabilities in zabbix before 20061006 allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in information that would be recorded in the system log using (1) zabbix_log or (2) zabbix_syslog.

CVSS2: 7.5
6%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6678

The edit_textarea function in form-file.c in Netrik 1.15.4 and earlier does not properly verify temporary filenames when editing textarea fields, which allows attackers to execute arbitrary commands via shell metacharacters in the filename.

CVSS2: 7.5
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6669

Cross-site scripting (XSS) vulnerability in export_handler.php in WebCalendar 1.0.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the format parameter.

CVSS2: 6.8
2%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6660

The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.

CVSS2: 4.3
4%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6628

Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate codebase.

CVSS2: 4.3
11%
Средний
около 19 лет назад
ubuntu логотип
CVE-2006-6626

Cross-site scripting (XSS) vulnerability in an unspecified component of Moodle 1.5 allows remote attackers to inject arbitrary web script or HTML via a javascript URI in the SRC attribute of an IMG element. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information. NOTE: It is unclear whether this candidate overlaps CVE-2006-4784 or CVE-2006-4941.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6625

Cross-site scripting (XSS) vulnerability in mod/forum/discuss.php in Moodle 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the navtail parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6.8
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6604

Directory traversal vulnerability in downloaddetails.php in TorrentFlux 2.2 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the alias parameter, a different vector than CVE-2006-6328.

CVSS2: 6.5
5%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6600

Cross-site scripting (XSS) vulnerability in dir.php in TorrentFlux 2.2, when allows remote attackers to inject arbitrary web script or HTML via double URL-encoded strings in the dir parameter, a related issue to CVE-2006-5609.

CVSS2: 6
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6599

maketorrent.php in TorrentFlux 2.2 allows remote authenticated users to execute arbitrary commands via shell metacharacters (";" semicolon) in the announce parameter.

CVSS2: 6
3%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6598

Directory traversal vulnerability in viewnfo.php in (1) TorrentFlux before 2.2 and (2) torrentflux-b4rt before 2.1-b4rt-972 allows remote authenticated users to read arbitrary files via .. (dot dot) sequences in the path parameter, a different vector than CVE-2006-6328.

CVSS2: 6.5
6%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6585

The Extensions manager in Mozilla Firefox 2.0 does not properly populate the list of local extensions, which allows attackers to construct an extension that hides itself by finding its name in the list and then calling RemoveElement, as demonstrated by the FFsniFF extension. NOTE: it was later reported that 3.0 is also affected.

CVSS2: 6.4
0%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6574

Mantis before 1.1.0a2 does not implement per-item access control for Issue History (Bug History), which allows remote attackers to obtain sensitive information by reading the Change column, as demonstrated by the Change column of a custom field.

CVSS2: 5
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6563

Stack-based buffer overflow in the pr_ctrls_recv_request function in ctrls.c in the mod_ctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value.

CVSS2: 6.6
0%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6535

The dev_queue_xmit function in Linux kernel 2.6 can fail before calling the local_bh_disable function, which could lead to data corruption and "node lockups." NOTE: it is not clear whether this issue is exploitable.

CVSS2: 9.4
1%
Низкий
около 19 лет назад
ubuntu логотип
CVE-2006-6508

Cross-site request forgery (CSRF) vulnerability in phpBB 2.0.21 allows remote authenticated users to send unauthorized messages as an arbitrary user via unspecified vectors. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS2: 6
1%
Низкий
около 19 лет назад

Уязвимостей на страницу