LiveActive security incident?Get immediate response
CVE archive

2006 CVE Archive

Browse CVE records published in 2006 CVE Archive, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 6995 matching CVEs · Page 2 of 140.

Unknown · CVSS Not scored

CVE-2006-6656: Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027...

Unspecified vulnerability in ptrace in NetBSD-current before 20061027, NetBSD 3.0 and 3.0.1 before 20061027, and NetBSD 2.x before 20061119 allows local users to read kernel memory and obtain sensitive information via certain manipulations of a PT_LWPINFO request, which leads to a memory leak and information leak.

Published Dec 20, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-5988: Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attack...

Unspecified vulnerability in Windows 2000 Advanced Server SP4 running Active Directory allows remote attackers to cause a denial of service via unknown vectors, as demonstrated by a certain VulnDisco Pack module. NOTE: the provenance of this information is unknown; the details are obtained from third party information. As of 20061116, this disclosure has no actionable information. However, since the VulnDisco Pack author is a reliable researcher, the disclosure is being assigned a CVE identifier for tracking purposes.

Published Nov 20, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-5248: Eazy Cart stores sensitive information under the web root with insufficient access control, which allows re...

Eazy Cart stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a customer database via a direct request for admin/config/customer.dat. NOTE: the provenance of this information is unknown; the details are obtained from third party information.

Published Oct 12, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-5931: Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2....

Multiple PHP remote file inclusion vulnerabilities in Aigaion Web based bibliography management system 1.2.1, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the DIR parameter to certain PHP scripts in (1) lib/actions/, (2) lib/displays/, (3) lib/editforms/, (4) lib/functions/, (5) scheme/, and (6) the root directory. NOTE: the provenance of this information is unknown; details are obtained from third party sources.

Published Nov 16, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-0218: Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and att...

Multiple unspecified vulnerabilities in MyBulletinBoard (MyBB) before 1.0.2 have unspecified impact and attack vectors, related to (1) admin/moderate.php, (2) admin/themes.php, (3) inc/functions.php, (4) inc/functions_upload.php, (5) printthread.php, and (6) usercp.php, and probably related to SQL injection. NOTE: it is likely that this issue subsumes CVE-2005-4602 and CVE-2005-4603. However, since the vendor advisory is vague and additional files are mentioned, is is likely that this contains at least one distinct vulnerability from CVE-2005-4602 and CVE-2005-4603.

Published Jan 16, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6997: Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Profession...

Unspecified vulnerability in a cryptographic feature in MailEnable Standard Edition before 1.93, Professional Edition before 1.73, and Enterprise Edition before 1.21 leads to "weakened authentication security" with unknown impact and attack vectors. NOTE: due to lack of details, it is not clear whether this is the same as CVE-2006-1792.

Published Feb 12, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6653: The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x...

The accept function in NetBSD-current before 20061023, NetBSD 3.0 and 3.0.1 before 20061024, and NetBSD 2.x before 20061029 allows local users to cause a denial of service (socket consumption) via an invalid (1) name or (2) namelen parameter, which may result in the socket never being closed (aka "a dangling socket").

Published Dec 20, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-6470: The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and...

The SNMP Agent in Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 returns no error for a non-writable object, which has unknown impact and attack vectors. NOTE: due to the vagueness of the advisory, it is not clear whether this is a vulnerability, or a bug in a security feature.

Published Dec 11, 2006 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-7009: Joomla!

Joomla! before 1.0.10 allows remote attackers to spoof the frontend submission forms, which has unknown impact and attack vectors.

Published Feb 12, 2007 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2006-1792: Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Editi...

Unspecified vulnerability in the POP service in MailEnable Standard Edition before 1.94, Professional Edition before 1.74, and Enterprise Edition before 1.22 has unknown attack vectors and impact related to "authentication exploits". NOTE: this is a different set of affected versions, and probably a different vulnerability than CVE-2006-1337.

Published Apr 15, 2006 · Updated Sep 17, 2024