Exploit Intelligence Platform – 370K+ CVEs, Ranked Exploits & EPSS Scores

CVE-2006-5649 5.5 MEDIUM EPSS 0.00

Ubuntu Linux - Denial of Service

Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.

CWE-400 Dec 14, 2006

CVE-2006-6016 6.5 MEDIUM EPSS 0.01

Wordpress < 2.0.4 - Out-of-Bounds Read

wp-admin/user-edit.php in WordPress before 2.0.5 allows remote authenticated users to read the metadata of an arbitrary user via a modified user_id parameter.

CWE-125 Nov 21, 2006

CVE-2006-6017 6.5 MEDIUM EPSS 0.03

Wordpress < 2.0.5 - Denial of Service

WordPress before 2.0.5 does not properly store a profile containing a string representation of a serialized object, which allows remote authenticated users to cause a denial of service (application crash) via a string that represents a (1) malformed or (2) large serialized object, because the object triggers automatic unserialization for display.

CWE-400 Nov 21, 2006

CVE-2006-5847 6.1 MEDIUM 1 PoC Analysis EPSS 0.04

Freewebshop < 2.2.2 - XSS

Cross-site scripting (XSS) vulnerability in index.php in FreeWebshop 2.2.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the cat parameter.

CWE-79 Nov 10, 2006

CVE-2006-5632 6.1 MEDIUM EPSS 0.00

IG Shop - XSS

Cross-site scripting (XSS) vulnerability in change_pass.php in iG Shop 1.4 allows remote attackers to inject arbitrary web script or HTML via the id parameter, a different vulnerability than CVE-2006-5631. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CWE-79 Oct 31, 2006

CVE-2006-5393 5.5 MEDIUM EPSS 0.00

Cisco Secure Desktop - Out-of-Bounds Read

Cisco Secure Desktop (CSD) does not require that the ClearPageFileAtShutdown (aka CCE-Winv2.0-407) registry value equals 1, which might allow local users to read certain memory pages that were written during another user's SSL VPN session.

CWE-125 Oct 18, 2006

CVE-2006-4342 5.5 MEDIUM EPSS 0.00

Redhat Enterprise Linux - Improper Locking

The kernel in Red Hat Enterprise Linux 3, when running on SMP systems, allows local users to cause a denial of service (deadlock) by running the shmat function on an shm at the same time that shmctl is removing that shm (IPC_RMID), which prevents a spinlock from being unlocked.

CWE-667 Oct 17, 2006

CVE-2006-3547 5.5 MEDIUM EPSS 0.00

EMC VMware Player - DoS

EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed

Jul 13, 2006

CVE-2006-2374 5.5 MEDIUM 2 PoCs Analysis EPSS 0.01

Microsoft Windows 2000 - Improper Locking

The Server Message Block (SMB) driver (MRXSMB.SYS) in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to cause a denial of service (hang) by calling the MrxSmbCscIoctlCloseForCopyChunk with the file handle of the shadow device, which results in a deadlock, aka the "SMB Invalid Handle Vulnerability."

CWE-667 Jun 13, 2006

CVE-2006-1058 5.5 MEDIUM EPSS 0.00

BusyBox 1.1.1 - Info Disclosure

BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.

CWE-916 Apr 04, 2006

CVE-2006-0755 5.6 MEDIUM 10 PoCs Analysis EPSS 0.11

dotProject <2.0.1 - RCE

Multiple PHP remote file include vulnerabilities in dotProject 2.0.1 and earlier, when register_globals is enabled, allow remote attackers to execute arbitrary commands via the baseDir parameter in (1) db_adodb.php, (2) db_connect.php, (3) session.php, (4) vw_usr_roles.php, (5) calendar.php, (6) date_format.php, and (7) tasks/gantt.php; and the dPconfig[root_dir] parameter in (8) projects/gantt.php, (9) gantt2.php, and (10) vw_files.php. NOTE: the vendor disputes this issue, stating that the product documentation clearly recommends that the system administrator disable register_globals, and that the check.php script warns against this setting. Also, the vendor says that the protection.php/siteurl vector is incorrect because protection.php does not exist in the product

Feb 18, 2006

CVE-2006-0054 5.3 MEDIUM EPSS 0.03

FreeBSD - DoS

The ipfw firewall in FreeBSD 6.0-RELEASE allows remote attackers to cause a denial of service (firewall crash) via ICMP IP fragments that match a reset, reject or unreach action, which leads to an access of an uninitialized pointer.

CWE-824 Jan 11, 2006

CVE-2006-0149 6.1 MEDIUM EPSS 0.00

Simpbook - Basic XSS

Cross-site scripting (XSS) vulnerability in SimpBook 1.0, with html_enable on (the default), allows remote attackers to inject arbitrary web script or HTML via the message field.

CWE-80 Jan 09, 2006

CVE-2005-4650 5.3 MEDIUM EPSS 0.00

Joomla! 1.03 - DoS

Joomla! 1.03 does not restrict the number of "Search" Mambots, which allows remote attackers to cause a denial of service (resource consumption) via a large number of Search Mambots.

CWE-770 Dec 31, 2005

CVE-2005-4349 6.3 MEDIUM EPSS 0.02

phpMyAdmin 2.7.0 - SQL Injection

SQL injection vulnerability in server_privileges.php in phpMyAdmin 2.7.0 allows remote authenticated users to execute arbitrary SQL commands via the (1) dbname and (2) checkprivs parameters. NOTE: the vendor and a third party have disputed this issue, saying that the main task of the program is to support query execution by authenticated users, and no external attack scenario exists without an auto-login configuration. Thus it is likely that this issue will be REJECTED. However, a closely related CSRF issue has been assigned CVE-2005-4450

CWE-89 Dec 19, 2005

CVE-2005-4206 6.1 MEDIUM 1 PoC Analysis EPSS 0.06

Blackboard Academic Suite < 6.0.0.0 - Open Redirect

Blackboard Learning and Community Portal System in Academic Suite 6.3.1.424, 6.2.3.23, and other versions before 6 allows remote attackers to redirect users to other URLs and conduct phishing attacks via a modified url parameter to frameset.jsp, which loads the URL into a frame and causes it to appear to be part of a valid page.

CWE-601 Dec 13, 2005

CVE-2005-3847 5.5 MEDIUM EPSS 0.00

Linux Kernel < 2.6.13 - Improper Locking

The handle_stop_signal function in signal.c in Linux kernel 2.6.11 up to other versions before 2.6.13 and 2.6.12.6 allows local users to cause a denial of service (deadlock) by sending a SIGKILL to a real-time threaded process while it is performing a core dump.

CWE-667 Nov 27, 2005

CVE-2005-3274 4.7 MEDIUM EPSS 0.00

Linux Kernel < 2.4.31 - NULL Pointer Dereference

Race condition in ip_vs_conn_flush in Linux 2.6 before 2.6.13 and 2.4 before 2.4.32-pre2, when running on SMP systems, allows local users to cause a denial of service (null dereference) by causing a connection timer to expire while the connection table is being flushed before the appropriate lock is acquired.

CWE-476 Oct 21, 2005

CVE-2005-3170 5.0 MEDIUM EPSS 0.01

Microsoft Windows 2000 <Update Rollup 1 for SP4 - Info Disclosure

The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for SP4 accepts certificates using LDAP Secure Sockets Layer (LDAPS) even when the Certificate Authority (CA) is not trusted, which could allow attackers to trick users into believing that they are accessing a trusted site.

CWE-295 Oct 06, 2005

CVE-2005-3106 4.7 MEDIUM EPSS 0.00

Linux 2.6 - DoS

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

CWE-667 Sep 30, 2005

CVE & Exploit Intelligence Database

Investigate

Ecosystems

Reference Indexes

Recent Blog Posts

CVEForge Labs

KEV Gaps