Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2006-5393 5.5 MEDIUM EPSS 0.00

Cisco Secure Desktop - Out-of-Bounds Read

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

CWE-125 Oct 18, 2006

CVE-2006-4342 5.5 MEDIUM EPSS 0.00

Redhat Enterprise Linux - Improper Locking

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.

CWE-667 Oct 17, 2006

CVE-2006-3547 5.5 MEDIUM EPSS 0.00

EMC VMware Player - DoS

EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed

Jul 13, 2006

CVE-2006-2374 5.5 MEDIUM 2 PoCs Analysis EPSS 0.01

Microsoft Windows 2000 - Improper Locking

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."

CWE-667 Jun 13, 2006

CVE-2006-1058 5.5 MEDIUM EPSS 0.00

BusyBox 1.1.1 - Info Disclosure

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CWE-916 Apr 04, 2006

CVE-2006-0755 5.6 MEDIUM 10 PoCs Analysis EPSS 0.11

dotProject <2.0.1 - RCE

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product

Feb 18, 2006

CVE-2006-0054 5.3 MEDIUM EPSS 0.03

FreeBSD - DoS

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

CWE-824 Jan 11, 2006

CVE-2006-0149 6.1 MEDIUM EPSS 0.00

Simpbook - Basic XSS

Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.

CWE-80 Jan 09, 2006

CVE-2005-4650 5.3 MEDIUM EPSS 0.00

Joomla! 1.03 - DoS

Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.

CWE-770 Dec 31, 2005

CVE-2005-4349 6.3 MEDIUM EPSS 0.02

phpMyAdmin 2.7.0 - SQL Injection

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450

CWE-89 Dec 19, 2005

CVE-2005-4206 6.1 MEDIUM 1 PoC Analysis EPSS 0.06

Blackboard Academic Suite < 6.0.0.0 - Open Redirect

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.

CWE-601 Dec 13, 2005

CVE-2005-3847 5.5 MEDIUM EPSS 0.00

Linux Kernel < 2.6.13 - Improper Locking

The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.

CWE-667 Nov 27, 2005

CVE-2005-3274 4.7 MEDIUM EPSS 0.00

Linux Kernel < 2.4.31 - NULL Pointer Dereference

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.

CWE-476 Oct 21, 2005

CVE-2005-3170 5.0 MEDIUM EPSS 0.01

Microsoft Windows 2000 <Update Rollup 1 for SP4 - Info Disclosure

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

CWE-295 Oct 06, 2005

CVE-2005-3106 4.7 MEDIUM EPSS 0.00

Linux 2.6 - DoS

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

CWE-667 Sep 30, 2005

CVE-2005-2456 5.5 MEDIUM EPSS 0.00

Linux Kernel - Improper Locking

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

CWE-667 Aug 04, 2005

CVE-2005-2293 5.5 MEDIUM EPSS 0.00

Oracle Formsbuilder 9.0.4 - Info Disclosure

Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a temporary file, which is not deleted after it is used, which allows local users to obtain sensitive information.

CWE-459 Jul 18, 2005

CVE-2005-2209 5.5 MEDIUM EPSS 0.00

Capturix Scanshare - Cleartext Storage

Capturix ScanShare 1.06 build 50 stores sensitive information such as the password in cleartext in capturixss_cfg.ini, which is readable by local users.

CWE-312 Jul 11, 2005

CVE-2005-1916 5.5 MEDIUM EPSS 0.00

Ekg < 2005-06-05 - Symlink Following

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files.

CWE-59 Jul 06, 2005

CVE-2005-2059 6.5 MEDIUM EPSS 0.00

Ubbcentral Ubb.threads < 6.5.1.1 - CSRF

Multiple cross-site request forgery (CSRF) vulnerabilities in (1) addaddress.php, (2) toggleignore.php, (3) removeignore.php, and (4) removeaddress.php in Infopop UBB.Threads before 6.5.2 Beta allow remote attackers to modify settings as another user via a link or IMG tag.

CWE-352 Jun 29, 2005

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps