CyberSecurityBoard
Sponsor Register Login

CVE-2006-1731

Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are called without any arguments, which allows remote attackers to conduct cross-site scripting (XSS) attacks. Fixed in: Firefox 1.5 Firefox 1.0.8 Thunderbird 1.5 Thunderbird 1.0.8 SeaMonkey 1.0 Mozilla Suite 1.7.13

Publication date: Thu, 18 Oct 2018 21:34:00 +0000


Cyber News related to CVE-2006-1731

CVE-2014-3223 - Huawei S9300 with software before V100R006SPH013 and S2300,S3300,S5300,S6300 with software before V100R006SPH010 support Y.1731 and therefore have the Y.1731 vulnerability in processing special packets. The vulnerability causes the restart of ...
7 years ago
CVE-2006-1731 - Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 returns the Object class prototype instead of the global window object when (1) .valueOf.call or (2) .valueOf.apply are ...
11 months ago
CVE-2015-1731 - Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2015-1755 - Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2015-1737 - Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2015-1736 - Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability," a different ...
6 years ago
CVE-2009-2585 - SQL injection vulnerability in index.php in Mlffat 2.2 allows remote attackers to execute arbitrary SQL commands via a member cookie in an account editprofile action, a different vector than CVE-2009-1731. ...
7 years ago
CVE-2020-1731 - A flaw was found in all versions of the Keycloak operator, before version 8.0.2,(community only) where the operator generates a random admin password when installing Keycloak, however the password remains the same when deployed to the same OpenShift ...
2 years ago
CVE-2010-1731 - Google Chrome on the HTC Hero allows remote attackers to cause a denial of service (application crash) via JavaScript that writes <marquee> sequences in an infinite loop. ...
2 years ago
CVE-2013-1731 - Untrusted search path vulnerability in the GL tracing functionality in Mozilla Firefox before 24.0 on Android allows attackers to execute arbitrary code via a Trojan horse .so file in a world-writable directory. ...
11 years ago
CVE-2016-1731 - Apple Software Update before 2.2 on Windows does not use HTTPS, which makes it easier for man-in-the-middle attackers to spoof updates by modifying the client-server data stream. ...
7 years ago
CVE-2002-1731 - The System Request menu in IBM AS/400 allows local users to list valid user accounts by viewing the object names that are type USRPRF. ...
7 years ago
CVE-2004-1731 - signup_page.php in Mantis bugtracker allows remote attackers to send e-mail bombs by creating multiple users and providing the same e-mail address. ...
7 years ago
CVE-2007-1731 - Multiple stack-based buffer overflows in High Performance Anonymous FTP Server (hpaftpd) 1.01 allow remote attackers to execute arbitrary code via long arguments to the (1) USER, (2) PASS, (3) CWD, (4) MKD, (5) RMD, (6) DELE, (7) RNFR, or (8) RNTO ...
7 years ago
CVE-2008-1731 - The Simple Access module for Drupal 5.x through 5.x-1.2-2 does not properly handle the privacy information for nodes, which might allow remote attackers to bypass intended access restrictions, and read or modify nodes, in opportunistic circumstances ...
7 years ago
CVE-2009-1731 - SQL injection vulnerability in panel/index.php in MLFFAT 2.1 allows remote attackers to execute arbitrary SQL commands via a base64-encoded supervisor cookie. ...
7 years ago
CVE-2012-1731 - Unspecified vulnerability in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors related to Web UI. ...
7 years ago
CVE-2011-1731 - Stack-based buffer overflow in OmniInet.exe in the Backup Client Service in HP OpenView Storage Data Protector 6.00, 6.10, and 6.11 allows remote attackers to execute arbitrary code via a malformed EXEC_INTEGUTIL message. ...
6 years ago
CVE-2018-1731 - IBM DOORS Next Generation (DNG/RRC) 5.0 through 5.0.3 and 6.0 through 6.0.6 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially ...
5 years ago
CVE-2017-1731 - IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could provide weaker than expected security when using the Administrative Console. An authenticated remote attacker could exploit this vulnerability to possibly gain elevated privileges. ...
5 years ago
CVE-2019-1731 - A vulnerability in the SSH CLI key management functionality of Cisco NX-OS Software could allow an authenticated, local attacker to expose a user's private SSH key to all authenticated users on the targeted device. The attacker must authenticate ...
4 years ago
CVE-2022-1731 - Metasonic Doc WebClient 7.0.14.0 / 7.0.12.0 / 7.0.3.0 is vulnerable to a SQL injection attack in the username field. SSO or System authentication are required to be enabled for vulnerable conditions to exist. ...
2 years ago
CVE-2021-1731 - PFX Encryption Security Feature Bypass Vulnerability ...
10 months ago
CVE-2014-1731 - core/html/HTMLSelectElement.cpp in the DOM implementation in Blink, as used in Google Chrome before 34.0.1847.131 on Windows and OS X and before 34.0.1847.132 on Linux, does not properly check renderer state upon a focus event, which allows remote ...
2 years ago
CVE-2023-1731 - In Meinbergs LTOS versions prior to V7.06.013, the configuration file upload function would not correctly validate the input, which would allow an remote authenticated attacker with high privileges to execute arbitrary commands. ...
1 year ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)