CyberSecurityBoard
Sponsor Register Login

CVE-2006-2221

A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the bitrock_installer.log temporary file. NOTE: it is possible that this vulnerability is present in other products that use this installer. This vulnerability is addressed in the following product releases: Process-one, ejabberd, 1.1.1_2 BitRock, Install Builder, 3.7.0

Publication date: Sat, 06 May 2006 00:02:00 +0000


Cyber News related to CVE-2006-2221

CVE-2002-2221 - Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639. ...
16 years ago
CVE-2006-2221 - A third-party installer generation tool, possibly BitRock InstallBuilder, as used in products including Process-one ejabberd 1.1.1_1 and earlier, generates an installer that allows local users to cause a denial of service via a symlink attack on the ...
6 years ago
CVE-2005-2221 - ** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly Commerce allows remote attackers to modify SQL statements and possibly execute arbitrary SQL commands via the (1) key parameter to dc_Categoriesview.asp, (2) ...
8 years ago Dragonfly
CVE-2019-2221 - In hasActivityInVisibleTask of WindowProcessController.java there’s a possible bypass of user interaction requirements due to incorrect handling of top activities in INITIALIZING state. This could lead to local escalation of privilege with no ...
3 years ago
CVE-2021-2221 - Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Client). The supported version that is affected is 5.6. Easily exploitable vulnerability allows unauthenticated attacker with network access via multiple ...
3 years ago
CVE-2009-2221 - Cross-site scripting (XSS) vulnerability in PHP-I-BOARD 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
15 years ago
CVE-2011-2221 - The Mobility Pack before 1.2 in Novell Data Synchronizer 1.x through 1.1.2 build 428 allows remote attackers to bypass WebAdmin authentication and obtain sensitive GroupWise information via unspecified vectors. ...
9 years ago
CVE-2015-2221 - ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. ...
8 years ago
CVE-2004-2221 - Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows remote attackers to execute arbitrary code via a long parameter in an HTTP GET request. ...
7 years ago
CVE-2004-2549 - Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allow remote attackers to cause a denial of service (service crash) via a TCP request with a large string, followed by 8 newline characters, to (1) the Telnet service on TCP port 23 ...
7 years ago
CVE-2008-2221 - Unspecified vulnerability in the Java plugin in IBM WebSphere Application Server 5.0.2 allows untrusted applets to gain privileges via unknown attack vectors. ...
7 years ago
CVE-2017-2221 - Untrusted search path vulnerability in Installer of Baidu IME Ver3.6.1.6 and earlier allows an attacker to gain privileges via a Trojan horse DLL in an unspecified directory. ...
7 years ago
CVE-2016-2221 - Open redirect vulnerability in the wp_validate_redirect function in wp-includes/pluggable.php in WordPress before 4.4.2 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a malformed URL that triggers ...
7 years ago
CVE-2013-2221 - Heap-based buffer overflow in the ZRtp::storeMsgTemp function in GNU ZRTPCPP before 3.2.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large packet. ...
7 years ago
CVE-2007-2221 - Unspecified vulnerability in the mdsauth.dll COM object in Microsoft Windows Media Server in the Microsoft Internet Explorer 5.01 SP4 on Windows 2000 SP4; 6 SP1 on Windows 2000 SP4; 6 and 7 on Windows XP SP2, or Windows Server 2003 SP1 or SP2; or 7 ...
3 years ago
CVE-2022-2221 - Information Exposure vulnerability in My Account Settings of Devolutions Remote Desktop Manager before 2022.1.8 allows authenticated users to access credentials of other users. This issue affects: Devolutions Remote Desktop Manager versions prior to ...
2 years ago
CVE-2010-2221 - Multiple buffer overflows in the iSNS implementation in isns.c in (1) Linux SCSI target framework (aka tgt or scsi-target-utils) before 1.0.6, (2) iSCSI Enterprise Target (aka iscsitarget or IET) 1.4.20.1 and earlier, and (3) Generic SCSI Target ...
2 years ago
CVE-2023-2221 - The WP Custom Cursors WordPress plugin before 3.2 does not properly sanitise and escape a parameter before using it in a SQL statement, leading to a SQL injection exploitable by users with a role as low as Admin. ...
1 year ago
CVE-2020-2221 - Jenkins 2.244 and earlier, LTS 2.235.1 and earlier does not escape the upstream job's display name shown as part of a build cause, resulting in a stored cross-site scripting vulnerability. ...
1 year ago
CVE-2018-2221 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2018. Notes: none ...
55 years ago Tenable.com
CVE-2024-2221 - qdrant/qdrant is vulnerable to a path traversal and arbitrary file upload vulnerability via the `/collections/{COLLECTION}/snapshots/upload` endpoint, specifically through the `snapshot` parameter. This vulnerability allows attackers to upload and ...
11 months ago Tenable.com
CVE-2025-2221 - The WPCOM Member plugin for WordPress is vulnerable to time-based SQL Injection via the ‘user_phone’ parameter in all versions up to, and including, 1.7.6 due to insufficient escaping on the user supplied parameter and lack of sufficient ...
12 hours ago
CVE-2023-52796 - In the Linux kernel, the following vulnerability has been resolved: ipvlan: add ipvlan_route_v6_outbound() helper Inspired by syzbot reports using a stack of multiple ipvlan devices. Reduce stack size needed in ipvlan_process_v6_outbound() by moving ...
9 months ago Tenable.com
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)