The Common Vulnerabilities and Exposures (CVE) project, maintained by the MITRE Corporation, is a list of all standardized names for vulnerabilities and security exposures.
| ID | Description | Priority | Modified date | Fixed Release |
|---|---|---|---|---|
| CVE-2007-0032 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2007. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2007-0012 | Sun JRE 5.0 before update 14 allows remote attackers to cause a denial of service (Internet Explorer crash) via an object tag with an encoded applet and an undefined name attribute, which triggers a NULL pointer dereference in jpiexp32.dll when the applet is decoded and passed to the JVM. | Medium | Sep 5, 2008 | n/a |
| CVE-2007-0011 | The web portal interface in Citrix Access Gateway (aka Citrix Advanced Access Control) before Advanced Edition 4.5 HF1 places a session ID in the URL, which allows context-dependent attackers to hijack sessions by reading "residual information", including the a referer log, browser history, or browser cache. | Medium | Nov 6, 2007 | n/a |
| CVE-2007-0009 | Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System server products before 20070611, allows remote attackers to execute arbitrary code via invalid \"Client Master Key\" length values. | MEDIUM | Oct 9, 2019 | n/a |
| CVE-2006-20001 | A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash. This issue affects Apache HTTP Server 2.4.54 and earlier. | -- | Jan 25, 2023 | 10.18.44.29 (Wind River Linux LTS 18) |
| CVE-2006-10001 | A vulnerability, which was classified as problematic, was found in Subscribe to Comments Plugin up to 2.0.7 on WordPress. This affects an unknown part of the file subscribe-to-comments.php. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. Upgrading to version 2.0.8 is able to address this issue. The identifier of the patch is 9683bdf462fcac2f32b33be98f0b96497fbd1bb6. It is recommended to upgrade the affected component. The identifier VDB-222321 was assigned to this vulnerability. | -- | Mar 5, 2023 | n/a |
| CVE-2006-7254 | The nscd daemon in the GNU C Library (glibc) before version 2.5 does not close incoming client sockets if they cannot be handled by the daemon, allowing local users to carry out a denial of service attack on the daemon. | Low | Apr 10, 2019 | n/a |
| CVE-2006-7253 | GE Healthcare Infinia II has a default password of (1) infinia for the infinia user, (2) #bigguy1 for the acqservice user, (3) dont4get2 for the Administrator user, (4) #bigguy1 for the emergency user, and (5) 2Bfamous for the InfiniaAdmin user, which has unspecified impact and attack vectors. | High | Aug 11, 2015 | n/a |
| CVE-2006-7252 | Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte. | Medium | Jul 26, 2012 | n/a |
| CVE-2006-7251 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Notes: none | -- | Nov 7, 2023 | n/a |
| CVE-2006-7250 | The mime_hdr_cmp function in crypto/asn1/asn_mime.c in OpenSSL 0.9.8t and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted S/MIME message.Per: http://cwe.mitre.org/data/definitions/476.html \'CWE-476: NULL Pointer Dereference\' | Medium | Feb 29, 2012 | n/a |
| CVE-2006-7249 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2006-7248 | Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7250, CVE-2012-1410. Reason: this candidate was intended for one issue, but CVE users may have associated it with multiple unrelated issues. Notes: All CVE users should consult CVE-2006-7250 for the OpenSSL candidate or CVE-2012-1410 for the Kadu candidate. All references and descriptions in this candidate have been removed to prevent accidental usage | -- | Nov 7, 2023 | n/a |
| CVE-2006-7247 | SQL injection vulnerability in the Weblinks (com_weblinks) component for Joomla! and Mambo 1.0.9 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter. | High | Sep 13, 2012 | n/a |
| CVE-2006-7246 | NetworkManager 0.9.x does not pin a certificate\'s subject to an ESSID when 802.11X authentication is used. | LOW | Jan 31, 2020 | n/a |
| CVE-2006-7245 | Monkey\'s Audio before 4.01b2 allows remote attackers to cause a denial of service (application crash) via an APX file that lacks NULL termination. | Medium | May 25, 2011 | n/a |
| CVE-2006-7244 | Memory leak in pngwutil.c in libpng 1.2.13beta1, and other versions before 1.2.15beta3, allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. | Medium | Sep 1, 2011 | n/a |
| CVE-2006-7243 | PHP before 5.3.4 accepts the \\0 character in a pathname, which might allow context-dependent attackers to bypass intended access restrictions by placing a safe file extension after this character, as demonstrated by .php\\0.jpg at the end of the argument to the file_exists function. | Medium | Jan 27, 2011 | n/a |
| CVE-2006-7242 | The Workplace (aka WP) component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-001 does not ensure that the AE Administrator role is present for Site Preferences modifications, which allows remote authenticated users to bypass intended access restrictions via unspecified vectors. | Medium | Sep 21, 2010 | n/a |
| CVE-2006-7241 | The Image Viewer component in IBM FileNet P8 Application Engine (P8AE) 3.5.1 before 3.5.1-002 removes a user from an ACL when the user is denied all permissions for an annotation, which might allow remote authenticated users to bypass intended access restrictions in opportunistic circumstances. | Medium | Sep 21, 2010 | n/a |
| CVE-2006-7240 | gnome-power-manager 2.14.0 does not properly implement the lock_on_suspend and lock_on_hibernate settings for locking the screen when the suspend or hibernate button is pressed, which might make it easier for physically proximate attackers to access an unattended laptop via a resume action, a related issue to CVE-2010-2532. | High | Sep 8, 2010 | n/a |
| CVE-2006-7239 | The _gnutls_x509_oid2mac_algorithm function in lib/gnutls_algorithms.c in GnuTLS before 1.4.2 allows remote attackers to cause a denial of service (crash) via a crafted X.509 certificate that uses a hash algorithm that is not supported by GnuTLS, which triggers a NULL pointer dereference. | Medium | May 25, 2010 | n/a |
| CVE-2006-7238 | Cross-site scripting (XSS) vulnerability in MyShoutPro before 1.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | Medium | Apr 22, 2009 | n/a |
| CVE-2006-7237 | PHP remote file inclusion vulnerability in mod/nc_phpmyadmin/core/libraries/Theme_Manager.class.php in Ixprim 2.0 allows remote attackers to execute arbitrary PHP code via a URL in an unspecified parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Mar 31, 2009 | n/a |
| CVE-2006-7236 | The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. | High | Jan 9, 2009 | n/a |
| CVE-2006-7235 | Teamtek Universal FTP Server 1.0.50 allows remote attackers to cause a denial of service (daemon crash or hang) via (1) multiple STOR (aka PUT) commands, or an MKD command followed by (2) a \'*\' argument, (3) a \'|\' argument, (4) spaces, or (5) a long string. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | Medium | Dec 12, 2008 | n/a |
| CVE-2006-7234 | Untrusted search path vulnerability in Lynx before 2.8.6rel.4 allows local users to execute arbitrary code via malicious (1) .mailcap and (2) mime.types files in the current working directory. | Medium | Jan 31, 2009 | n/a |
| CVE-2006-7230 | Perl-Compatible Regular Expression (PCRE) library before 7.0 does not properly calculate the amount of memory needed for a compiled regular expression pattern when the (1) -x or (2) -i UTF-8 options change within the pattern, which allows context-dependent attackers to cause a denial of service (PCRE or glibc crash) via crafted regular expressions. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7229 | The skge driver 1.5 in Linux kernel 2.6.15 on Ubuntu does not properly use the spin_lock and spin_unlock functions, which allows remote attackers to cause a denial of service (machine crash) via a flood of network traffic. | High | Sep 5, 2008 | n/a |
| CVE-2006-7228 | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 might allow context-dependent attackers to execute arbitrary code via a regular expression that involves large (1) min, (2) max, or (3) duplength values that cause an incorrect length calculation and trigger a buffer overflow, a different vulnerability than CVE-2006-7227. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7227 | Integer overflow in Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to execute arbitrary code via a regular expression containing a large number of named subpatterns (name_count) or long subpattern names (max_name_size), which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7226 | Perl-Compatible Regular Expression (PCRE) library before 6.7 does not properly calculate the compiled memory allocation for regular expressions that involve a quantified subpattern containing a named recursion or subroutine reference, which allows context-dependent attackers to cause a denial of service (error or crash). | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7225 | Perl-Compatible Regular Expression (PCRE) library before 6.7 allows context-dependent attackers to cause a denial of service (error or crash) via a regular expression that involves a malformed POSIX character class, as demonstrated via an invalid character after a [[ sequence. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7224 | ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All CVE users should consult CVE-2006-7227, CVE-2005-4872, and CVE-2006-7228 to determine which ID is appropriate. All references and descriptions in this candidate have been removed to prevent accidental usage. | REJECT | Sep 10, 2008 | n/a |
| CVE-2006-7223 | PreviewAction in XWiki 0.9.543 through 0.9.1252 does not set the Author field to the identity of the user who last modified a document, which allows remote authenticated users without programming rights to execute arbitrary code by selecting a document whose author has programming rights, modifying this document to contain a script, and previewing without saving the document. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7222 | Buffer overflow in the CFLICStream::_deltachunk function in FLICSource.cpp in Media Player Classic (MPC) 6.4.9.0 allows user-assisted remote attackers to execute arbitrary code via a crafted FLI file. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7221 | Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7220 | Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | High | Sep 5, 2008 | n/a |
| CVE-2006-7219 | eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a Unchanged draft. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7218 | eZ publish before 3.8.1 does not properly enforce permissions for content edit Language when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7217 | Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7216 | Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7215 | The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90. | Low | Sep 5, 2008 | n/a |
| CVE-2006-7214 | Multiple unspecified vulnerabilities in Firebird 1.5 allow remote attackers to (1) cause a denial of service (application crash) by sending many remote protocol versions; and (2) cause a denial of service (connection drop) via certain network traffic, as demonstrated by Nessus vulnerability scanning. | High | Sep 5, 2008 | n/a |
| CVE-2006-7213 | Firebird 1.5 allows remote authenticated users without SYSDBA and owner permissions to overwrite a database by creating a database. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7212 | Multiple buffer overflows in Firebird 1.5, one of which affects WNET, have unknown impact and attack vectors. NOTE: this issue might overlap CVE-2006-1240. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7211 | fb_lock_mgr in Firebird 1.5 uses weak permissions (0666) for the semaphore array, which allows local users to cause a denial of service (blocked query processing) by locking semaphores. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7210 | Microsoft Windows 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (cpu consumption) via a PNG image with crafted (1) Width and (2) Height values in the IHDR block. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7209 | Multiple cross-site scripting (XSS) vulnerabilities in phpTrafficA before 1.2beta2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to keywords results in the (1) main, (2) daily, (3) weekly, (4) monthly, (5) Unchanged trends, (6) individual page, and (7) search engine statistics. | Medium | Sep 5, 2008 | n/a |
| CVE-2006-7208 | PHP remote file inclusion vulnerability in download.php in the Adam van Dongen Forum (com_forum) component (aka phpBB component) 1.2.4RC3 and earlier for Mambo allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.requires that PHP\'s \'register_globals\' setting be enabled | Medium | Nov 15, 2008 | n/a |
