Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 796

Количество 63 796

ubuntu логотип

CVE-2006-4734

больше 19 лет назад

Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-4712

больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2006-4711

больше 19 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2006-4684

больше 19 лет назад

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2006-4679

больше 19 лет назад

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2006-4675

больше 19 лет назад

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-4674

больше 19 лет назад

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-4640

больше 19 лет назад

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

CVSS2: 6.8
EPSS: Средний
ubuntu логотип

CVE-2006-4625

больше 19 лет назад

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

CVSS2: 3.6
EPSS: Низкий
ubuntu логотип

CVE-2006-4624

больше 19 лет назад

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-4623

больше 19 лет назад

The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.

CVSS2: 7.8
EPSS: Средний
ubuntu логотип

CVE-2006-4600

больше 19 лет назад

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

CVSS2: 2.3
EPSS: Низкий
ubuntu логотип

CVE-2006-4574

больше 19 лет назад

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-4573

больше 19 лет назад

Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-4572

больше 19 лет назад

ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-4571

больше 19 лет назад

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2006-4570

больше 19 лет назад

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-4569

больше 19 лет назад

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-4568

больше 19 лет назад

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2006-4567

больше 19 лет назад

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

CVSS2: 2.6
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2006-4734

Multiple SQL injection vulnerabilities in tiki-g-admin_processes.php in Tikiwiki 1.9.4 allow remote attackers to execute arbitrary SQL commands via the (1) pid and (2) where parameters.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4712

Multiple cross-site scripting (XSS) vulnerabilities in Sage 1.3.6 allow remote attackers to inject arbitrary web script or HTML via JavaScript in a content:encoded element within an item element in an RSS feed, as demonstrated by four example content:encoded elements that use XMLHttpRequest to read arbitrary local files, aka "Cross Context Scripting."

CVSS2: 6.8
5%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4711

Multiple cross-site scripting (XSS) vulnerabilities in Sage allow remote attackers to inject arbitrary web script or HTML via an Atom 1.0 feed, as demonstrated by certain test cases of the James M. Snell Atom 1.0 feed reader test suite.

CVSS2: 4.3
0%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4684

The docutils module in Zope (Zope2) 2.7.0 through 2.7.9 and 2.8.0 through 2.8.8 does not properly handle web pages with reStructuredText (reST) markup, which allows remote attackers to read arbitrary files via a csv_table directive, a different vulnerability than CVE-2006-3458.

CVSS2: 5
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4679

DokuWiki before 2006-03-09c enables the debug feature by default, which allows remote attackers to obtain sensitive information by calling doku.php with the X-DOKUWIKI-DO HTTP header set to "debug".

CVSS2: 5
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4675

Unrestricted file upload vulnerability in lib/exe/media.php in DokuWiki before 2006-03-09c allows remote attackers to upload executable files into the data/media folder via unspecified vectors.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4674

Direct static code injection vulnerability in doku.php in DokuWiki before 2006-030-09c allows remote attackers to execute arbitrary PHP code via the X-FORWARDED-FOR HTTP header, which is stored in config.php.

CVSS2: 7.5
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4640

Unspecified vulnerability in Adobe Flash Player before 9.0.16.0 allows user-assisted remote attackers to bypass the allowScriptAccess protection via unspecified vectors.

CVSS2: 6.8
34%
Средний
больше 19 лет назад
ubuntu логотип
CVE-2006-4625

PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.

CVSS2: 3.6
0%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4624

CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.

CVSS2: 2.6
3%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4623

The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet.

CVSS2: 7.8
14%
Средний
больше 19 лет назад
ubuntu логотип
CVE-2006-4600

slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).

CVSS2: 2.3
0%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4574

Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length values.

CVSS3: 7.5
7%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4573

Multiple unspecified vulnerabilities in the "utf8 combining characters handling" (utf8_handle_comb function in encoding.c) in screen before 4.0.3 allows user-assisted attackers to cause a denial of service (crash or hang) via certain UTF8 sequences.

CVSS2: 2.6
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4572

ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol bypass bug;" and (2) bypass a rule that looks for a certain extension header, via a packet with an extension header outside the first fragment, aka "ip6_tables extension header bypass bug."

CVSS2: 7.5
2%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4571

Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified vectors, some of which involve JavaScript, and possibly large images or plugin data.

CVSS2: 10
10%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4570

Mozilla Thunderbird before 1.5.0.7 and SeaMonkey before 1.0.5, with "Load Images" enabled, allows remote user-assisted attackers to bypass settings that disable JavaScript via a remote XBL file in a message that is loaded when the user views, forwards, or replies to the original message.

CVSS2: 2.6
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4569

The popup blocker in Mozilla Firefox before 1.5.0.7 opens the "blocked popups" display in the context of the Location bar instead of the subframe from which the popup originated, which might make it easier for remote user-assisted attackers to conduct cross-site scripting (XSS) attacks.

CVSS2: 2.6
3%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4568

Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other attacks.

CVSS2: 4.3
1%
Низкий
больше 19 лет назад
ubuntu логотип
CVE-2006-4567

Mozilla Firefox before 1.5.0.7 and Thunderbird before 1.5.0.7 makes it easy for users to accept self-signed certificates for the auto-update mechanism, which might allow remote user-assisted attackers to use DNS spoofing to trick users into visiting a malicious site and accepting a malicious certificate for the Mozilla update site, which can then be used to install arbitrary code on the next update.

CVSS2: 2.6
2%
Низкий
больше 19 лет назад

Уязвимостей на страницу