CVE-2006-3448

Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, cbl, or .cbm), a different issue than CVE-2005-1212.

Publication date: Wed, 14 Feb 2007 02:28:00 +0000

Cyber News related to CVE-2006-3448

CVE-2023-22400 - An Uncontrolled Resource Consumption vulnerability in the PFE management daemon (evo-pfemand) of Juniper Networks Junos OS Evolved allows an unauthenticated, network-based attacker to cause an FPC crash leading to a Denial of Service (DoS). When a ...
2 years ago

CVE-2006-3448 - Buffer overflow in the Step-by-Step Interactive Training in Microsoft Windows 2000 SP4, XP SP2 and Professional, and Server 2003 SP1 allows remote attackers to execute arbitrary code via a long Syllabus string in crafted bookmark link files (cbo, ...
6 years ago

CVE-2023-3448 - Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. ...
2 days ago Tenable.com

CVE-2024-3448 - Users with low privileges can perform certain AJAX actions. In this vulnerability instance, improper access to ajax?action=plugin:focus:checkIframeAvailability leads to a Server-Side Request Forgery by analyzing the error messages returned from the ...
10 months ago Tenable.com

CVE-2011-3448 - Heap-based buffer overflow in CoreMedia in Apple Mac OS X before 10.7.3 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted movie file with H.264 encoding. ...
13 years ago

CVE-2005-3448 - Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01. ...
12 years ago

CVE-2013-3448 - Cisco WebEx Meetings Server does not check whether a user account is active, which allows remote authenticated users to bypass intended access restrictions by performing meeting operations after account deactivation, aka Bug ID CSCuh33315. ...
8 years ago

CVE-2015-3448 - REST client for Ruby (aka rest-client) before 1.7.3 logs usernames and passwords, which allows local users to obtain sensitive information by reading the log. ...
8 years ago

CVE-2009-3448 - npvmgr.exe in BakBone NetVault Backup 8.22 Build 29 allows remote attackers to cause a denial of service (daemon crash) via a packet to (1) TCP or (2) UDP port 20031 with a large value in an unspecified size field, which is not properly handled in a ...
1 year ago

CVE-2016-3448 - Unspecified vulnerability in the Application Express component in Oracle Database Server before 5.0.4 allows remote attackers to affect confidentiality and integrity via unknown vectors. ...
7 years ago

CVE-2007-3448 - Cross-site scripting (XSS) vulnerability in index.php in BugMall Shopping Cart 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the msgs parameter. NOTE: 4.0.2 and other versions might also be affected. ...
7 years ago

CVE-2012-3448 - Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors. ...
6 years ago

CVE-2008-3448 - Cross-site scripting (XSS) vulnerability in index.php in common solutions csphonebook 1.02 allows remote attackers to inject arbitrary web script or HTML via the letter parameter. ...
6 years ago

CVE-2014-3448 - BSS Continuity CMS 4.2.22640.0 has a Remote Code Execution vulnerability due to unauthenticated file upload ...
5 years ago

CVE-2020-3448 - A vulnerability in an access control mechanism of Cisco Cyber Vision Center Software could allow an unauthenticated, remote attacker to bypass authentication and access internal services that are running on an affected device. The vulnerability is ...
4 years ago

CVE-2021-3448 - A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by ...
2 years ago

CVE-2010-3448 - drivers/platform/x86/thinkpad_acpi.c in the Linux kernel before 2.6.34 on ThinkPad devices, when the X.Org X server is used, does not properly restrict access to the video output control state, which allows local users to cause a denial of service ...
1 year ago

CVE-2022-3448 - Use after free in Permissions API in Google Chrome prior to 106.0.5249.119 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: ...
1 year ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com

CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago

CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago

Latest Cyber News

Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 13 minutes ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 20 minutes ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 3 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 3 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 3 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 4 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 5 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 6 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 6 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 7 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 7 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 8 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 9 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 9 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 9 hours ago
CVE-2025-1207 - 10 hours ago
CVE-2025-0556 - 10 hours ago
CVE-2025-1206 - 11 hours ago
CVE-2025-1212 - 11 hours ago
CVE-2025-1244 - 11 hours ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

Chrome use-after-free Vulnerability Let Attackers Execute Code Remotely - 13 minutes ago
Japan Goes on Offense With New 'Active Cyber Defense' Bill - 20 minutes ago
zkLend loses $9.5M in crypto heist, asks hacker to return 90% - 3 hours ago
Surge in attacks exploiting old ThinkPHP and ownCloud flaws - 3 hours ago
Trump to Nominate Ex-RNC Official as National Cyber Director - 3 hours ago
Cybercrime evolving into national security threat: Google | The Record from Recorded Future News - 4 hours ago
Ransomware attack disrupting Michigan's Sault Tribe operations | The Record from Recorded Future News - 5 hours ago
US reportedly releases Russian cybercrime figure Alexander Vinnik in prisoner swap | The Record from Recorded Future News - 7 hours ago
BadPilot network hacking campaign fuels Russian SandWorm attacks - 9 hours ago
Ivanti fixes three critical flaws in Connect Secure & Policy Secure - 8 hours ago
DPRK hackers dupe targets into typing PowerShell commands as admin - 7 hours ago
Sarcoma ransomware claims breach at giant PCB maker Unimicron - 6 hours ago
How to Track Advanced Persistent Threats (APT) Using Threat Intelligence Lookup Tool - 9 hours ago
Microsoft: Russia's Sandworm APT Exploits Edge Bugs Globally - 9 hours ago
Feds Sanction Russian Hosting Provider Over LockBit Attacks - 6 hours ago
CVE-2023-40721 - 1 day ago
CVE-2024-12755 - 1 day ago
CVE-2024-12756 - 1 day ago
CVE-2024-27780 - 1 day ago
CVE-2024-27781 - 1 day ago