CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  Take a third party risk management course for FREE
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities Published In March 2006

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
501 CVE-2006-0820 XSS 2006-03-13 2018-10-18
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in Dwarf HTTP Server 1.3.2 allows remote attackers to inject arbitrary web script or HTML via unspecified error messages.
502 CVE-2006-0819 2006-03-13 2018-10-18
7.8
None Remote Low Not required Complete None None
Dwarf HTTP Server 1.3.2 allows remote attackers to obtain the source code of JSP files via (1) dot, (2) space, (3) slash, or (4) NULL characters in the filename extension of an HTTP request.
503 CVE-2006-0816 2006-03-24 2018-10-18
5.0
None Remote Low Not required Partial None None
Orion Application Server before 2.0.7, when running on Windows, allows remote attackers to obtain the source code of JSP files via (1) . (dot) and (2) space characters in the extension of a URL.
504 CVE-2006-0815 2006-03-06 2018-10-18
5.0
None Remote Low Not required Partial None None
NetworkActiv Web Server 3.5.15 allows remote attackers to read script source code via a crafted URL with a "/" (forward slash) after the file extension.
505 CVE-2006-0814 2006-03-06 2018-10-18
5.0
None Remote Low Not required Partial None None
response.c in Lighttpd 1.4.10 and possibly previous versions, when run on Windows, allows remote attackers to read arbitrary source code via requests that contain trailing (1) "." (dot) and (2) space characters, which are ignored by Windows, as demonstrated by PHP files.
506 CVE-2006-0746 2006-03-09 2018-10-19
7.5
None Remote Low Not required Partial Partial Partial
Certain patches for kpdf do not include all relevant patches from xpdf that were associated with CVE-2005-3627, which allows context-dependent attackers to exploit vulnerabilities that were present in CVE-2005-3627.
507 CVE-2006-0745 Exec Code Bypass 2006-03-21 2018-10-19
7.2
None Local Low Not required Complete Complete Complete
X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.
508 CVE-2006-0743 134 DoS Mem. Corr. 2006-03-09 2017-07-20
5.0
None Remote Low Not required None None Partial
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
509 CVE-2006-0742 DoS 2006-03-09 2018-10-03
4.6
None Local Low ??? None None Complete
The die_if_kernel function in arch/ia64/kernel/unaligned.c in Linux kernel 2.6.x before 2.6.15.6, possibly when compiled with certain versions of gcc, has the "noreturn" attribute set, which allows local users to cause a denial of service by causing user faults on Itanium systems.
510 CVE-2006-0741 DoS 2006-03-07 2018-10-03
1.2
None Local High Not required None None Partial
Linux kernel before 2.6.15.5, when running on Intel processors, allows local users to cause a denial of service ("endless recursive fault") via unknown attack vectors related to a "bad elf entry address."
511 CVE-2006-0667 2006-03-10 2011-03-08
4.6
None Local Low Not required Partial Partial Partial
lscfg in IBM AIX 5.2 and 5.3 allows local users to modify arbitrary files via a symlink attack.
512 CVE-2006-0557 2006-03-12 2018-10-03
4.9
None Local Low Not required None None Complete
sys_mbind in mempolicy.c in Linux kernel 2.6.16 and earlier does not sanity check the maxnod variable before making certain computations for the get_nodes function, which has unknown impact and attack vectors.
513 CVE-2006-0555 DoS 2006-03-07 2018-10-03
2.1
None Local Low Not required None None Partial
The Linux Kernel before 2.6.15.5 allows local users to cause a denial of service (NFS client panic) via unknown attack vectors related to the use of O_DIRECT (direct I/O).
514 CVE-2006-0554 +Info 2006-03-07 2018-10-03
1.7
None Local Low ??? None Partial None
Linux kernel 2.6 before 2.6.15.5 allows local users to obtain sensitive information via a crafted XFS ftruncate call, which may return stale data.
515 CVE-2006-0459 119 Exec Code Overflow 2006-03-29 2018-10-03
7.5
None Remote Low Not required Partial Partial Partial
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contains a buffer overflow that might allow context-dependent attackers to execute arbitrary code.
516 CVE-2006-0458 DoS 2006-03-06 2018-10-03
5.0
None Remote Low Not required None None Partial
The DCC ACCEPT command handler in irssi before 0.8.9+0.8.10rc5-0ubuntu4.1 in Ubuntu Linux, and possibly other distributions, allows remote attackers to cause a denial of service (application crash) via certain crafted arguments in a DCC command.
517 CVE-2006-0457 DoS 2006-03-14 2018-10-03
7.1
None Remote High Not required Complete None Complete
Race condition in the (1) add_key, (2) request_key, and (3) keyctl functions in Linux kernel 2.6.x allows local users to cause a denial of service (crash) or read sensitive kernel memory by modifying the length of a string argument between the time that the kernel calculates the length and when it copies the data into kernel memory.
518 CVE-2006-0400 Bypass 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows remote attackers to bypass the same-origin policy and execute Javascript in other domains via unknown vectors involving "crafted archives."
519 CVE-2006-0399 94 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
520 CVE-2006-0398 94 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
521 CVE-2006-0397 94 2006-03-14 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
Unspecified vulnerability in Safari, LaunchServices, and/or CoreTypes in Apple Mac OS X 10.4 up to 10.4.5 allows attackers to trick a user into opening an application that appears to be a safe file type. NOTE: due to the lack of specific information in the vendor advisory, it is not clear how CVE-2006-0397, CVE-2006-0398, and CVE-2006-0399 are different.
522 CVE-2006-0396 Exec Code Overflow 2006-03-14 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Mail in Apple Mac OS X 10.4 up to 10.4.5, when patched with Security Update 2006-001, allows remote attackers to execute arbitrary code via a long Real Name value in an e-mail attachment sent in AppleDouble format, which triggers the overflow when the user double-clicks on an attachment.
523 CVE-2006-0391 Dir. Trav. 2006-03-03 2017-07-20
1.7
None Local Low ??? None Partial None
Directory traversal vulnerability in the BOM framework in Mac OS X 10.x before 10.3.9 and 10.4 before 10.4.5 allows user-assisted attackers to overwrite or create arbitrary files via an archive that is handled by BOMArchiveHelper.
524 CVE-2006-0389 XSS 2006-03-03 2017-07-20
2.6
None Remote High Not required None Partial None
Cross-site scripting (XSS) vulnerability in Syndication (Safari RSS) in Mac OS X 10.4 through 10.4.5 allows remote attackers to execute arbitrary JavaScript via unspecified vectors involving RSS feeds.
525 CVE-2006-0388 94 2006-03-03 2017-07-20
2.6
None Local High Not required None Partial Partial
Safari in Mac OS X 10.3 before 10.3.9 and 10.4 before 10.4.5 allows remote attackers to redirect users to local files and execute arbitrary JavaScript via unspecified vectors involving HTTP redirection to local resources.
526 CVE-2006-0387 Exec Code Overflow 2006-03-06 2017-07-20
6.4
None Remote Low Not required None Partial Partial
Stack-based buffer overflow in Safari in Mac OS X 10.4.5 and earlier, and 10.3.9 and earlier, allows remote attackers to execute arbitrary code via unspecified vectors involving a web page with crafted JavaScript, a different vulnerability than CVE-2005-4504.
527 CVE-2006-0386 2006-03-03 2017-07-20
1.7
None Local Low ??? Partial None None
FileVault in Mac OS X 10.4.5 and earlier does not properly mount user directories when creating a FileVault image, which allows local users to access protected files when FileVault is enabled.
528 CVE-2006-0384 DoS Exec Code 2006-03-02 2017-07-20
7.5
None Remote Low Not required Partial Partial Partial
automount in Mac OS X 10.4.5 and earlier allows remote file servers to cause a denial of service (unresponsiveness) or execute arbitrary code via unspecified vectors that cause automount to "mount file systems with reserved names".
529 CVE-2006-0383 DoS 2006-03-02 2017-07-20
5.0
None Remote Low Not required None None Partial
IPSec when used with VPN networks in Mac OS X 10.4 through 10.4.5 allows remote attackers to cause a denial of service (application crash) via unspecified vectors involving the "incorrect handling of error conditions".
530 CVE-2006-0323 119 Exec Code Overflow 2006-03-23 2018-10-19
9.3
None Remote Medium Not required Complete Complete Complete
Buffer overflow in swfformat.dll in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, Rhapsody 3, and Helix Player allows remote attackers to execute arbitrary code via a crafted SWF (Flash) file with (1) a size value that is less than the actual size, or (2) other unspecified manipulations.
531 CVE-2006-0058 Exec Code 2006-03-22 2018-10-19
7.6
None Remote High Not required Complete Complete Complete
Signal handler race condition in Sendmail 8.13.x before 8.13.6 allows remote attackers to execute arbitrary code by triggering timeouts in a way that causes the setjmp and longjmp function calls to be interrupted and modify unexpected memory locations.
532 CVE-2006-0052 DoS 2006-03-31 2018-10-03
5.0
None Remote Low Not required None None Partial
The attachment scrubber (Scrubber.py) in Mailman 2.1.5 and earlier, when using Python's library email module 2.5, allows remote attackers to cause a denial of service (mailing list delivery failure) via a multipart MIME message with a single part that has two blank lines between the first boundary and the end boundary.
533 CVE-2006-0050 2006-03-23 2017-07-20
1.2
None Local High Not required None Partial None
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.
534 CVE-2006-0049 2006-03-13 2018-10-19
5.0
None Remote Low Not required None Partial None
gpg in GnuPG before 1.4.2.2 does not properly verify non-detached signatures, which allows attackers to inject unsigned data via a data packet that is not associated with a control packet, which causes the check for concatenated signatures to report that the signature is valid, a different vulnerability than CVE-2006-0455.
535 CVE-2006-0047 20 DoS 2006-03-07 2018-10-19
5.0
None Remote Low Not required None None Partial
packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service (server crash) via crafted packets with negative compressed size values.
536 CVE-2006-0040 DoS 2006-03-10 2018-10-19
5.0
None Remote Low Not required None None Partial
GNOME Evolution 2.4.2.1 and earlier allows remote attackers to cause a denial of service (CPU and memory consumption) via a text e-mail with a large number of URLs, possibly due to unknown problems in gtkhtml.
537 CVE-2006-0038 189 Overflow 2006-03-22 2017-10-11
6.9
None Local Medium Not required Complete Complete Complete
Integer overflow in the do_replace function in netfilter for Linux before 2.6.16-rc3, when using "virtualization solutions" such as OpenVZ, allows local users with CAP_NET_ADMIN rights to cause a buffer overflow in the copy_from_user function.
538 CVE-2006-0031 119 Exec Code Overflow Mem. Corr. 2006-03-14 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Stack-based buffer overflow in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed record with a modified length value, which leads to memory corruption.
539 CVE-2006-0030 Exec Code Mem. Corr. 2006-03-14 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed graphic, which leads to memory corruption.
540 CVE-2006-0029 Exec Code Mem. Corr. 2006-03-14 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via an Excel file with a malformed description, which leads to memory corruption.
541 CVE-2006-0028 Exec Code Mem. Corr. 2006-03-14 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Unspecified vulnerability in Microsoft Excel 2000, 2002, and 2003, in Microsoft Office 2000 SP3 and other packages, allows user-assisted attackers to execute arbitrary code via a BIFF parsing format file containing malformed BOOLERR records that lead to memory corruption, probably involving invalid pointers.
542 CVE-2006-0024 Exec Code 2006-03-15 2018-10-12
5.1
None Remote High Not required Partial Partial Partial
Multiple unspecified vulnerabilities in Adobe Flash Player 8.0.22.0 and earlier allow remote attackers to execute arbitrary code via a crafted SWF file.
543 CVE-2006-0009 Exec Code Overflow 2006-03-14 2018-10-19
5.1
None Remote High Not required Partial Partial Partial
Buffer overflow in Microsoft Office 2000 SP3, XP SP3, and other versions and packages, allows user-assisted attackers to execute arbitrary code via a routing slip that is longer than specified by the provided length field, as exploited by malware such as TROJ_MDROPPER.BH and Trojan.PPDropper.E in attacks against PowerPoint.
Total number of vulnerabilities : 543   Page : 1 2 3 4 5 6 7 8 9 10 11 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.