LiveActive security incident?Get immediate response
CVE archive

November 2006

Browse CVE records published in November 2006, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 518 matching CVEs · Page 2 of 11.

Unknown · CVSS Not scored

CVE-2006-6171: ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified...

ProFTPD 1.3.0a and earlier does not properly set the buffer size limit when CommandBufferSize is specified in the configuration file, which leads to an off-by-two buffer underflow. NOTE: in November 2006, the role of CommandBufferSize was originally associated with CVE-2006-5815, but this was an error stemming from a vague initial disclosure. NOTE: ProFTPD developers dispute this issue, saying that the relevant memory location is overwritten by assignment before further use within the affected function, so this is not a vulnerability

Published Nov 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6156: Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 a...

Cross-site scripting (XSS) vulnerability in auth/message.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the query string (PHP_SELF). NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6173: Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlie...

Buffer overflow in the shared_region_make_private_np function in vm/vm_unix.c in Mac OS X 10.4.6 and earlier allows local users to execute arbitrary code via (1) a small range count, which causes insufficient memory allocation, or (2) a large number of ranges in the shared_region_make_private_np_args parameter.

Published Nov 30, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6146: Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Lib...

Buffer overflow in the HPDF_Page_Circle function in hpdf_page_operator.c in Takeshi Kanno Haru Free PDF Library (libharu2, aka libharu) 2.0.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via certain arguments that yield a large amount of PDF data, as demonstrated by a filled circle.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6145: CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvaria...

CRYPTOCard CRYPTO-Server before 6.4.56 stores LDAP credentials in plaintext in UninstallerData\installvariables.properties, which has insecure permissions and allows local users to obtain the credentials. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6155: Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and ea...

Multiple SQL injection vulnerabilities in addrating.php in HIOX Star Rating System Script (HSRS) 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ipadd or (2) url parameter. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6140: PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execut...

PHP remote file inclusion vulnerability in Sisfo Kampus 2006 (Semarang 3) allows remote attackers to execute arbitrary PHP code via a URL in the slnt parameter to (1) index.php and (2) print.php. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6133: Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002...

Stack-based buffer overflow in Visual Studio Crystal Reports for Microsoft Visual Studio .NET 2002 and 2002 SP1, .NET 2003 and 2003 SP1, and 2005 and 2005 SP1 (formerly Business Objects Crystal Reports XI Professional) allows user-assisted remote attackers to execute arbitrary code via a crafted RPT file.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6123: Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypa...

Coppermine Photo Gallery (CPG) 1.4.8 stable, with register_globals enabled, allows remote attackers to bypass XSS protection and set arbitrary variables via a query string that causes the variable to be defined in global space, with separate _GET, _REQUEST, or other critical parameters, which are unset by the protection scheme and prevent the original variable from being detected.

Published Nov 26, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6097: GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary...

GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function in extract.c and extract_mangle function in mangle.c, a variant of CVE-2002-1216.

Published Nov 24, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6113: Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) incl...

Monkey Boards 0.3.5 allows remote attackers to obtain sensitive information via direct requests to (1) include/admin_auth.inc.php and (2) include/engine/class.compiler.php, which reveals the full path in an error message. NOTE: this issue is only an exposure if the administrator has changed the default script path.

Published Nov 28, 2006 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2006-6074: Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbi...

Multiple SQL injection vulnerabilities in Enthrallweb eShopping Cart allow remote attackers to execute arbitrary SQL commands via (1) the ProductID parameter in (a) reviews.asp, or the (2) cat_id or (3) sub_id parameter in (b) subProducts.asp. NOTE: the productdetail.asp vector is already covered by another identifier.

Published Nov 24, 2006 · Updated Aug 7, 2024