CyberSecurityBoard
Sponsor Register Login

CVE-2006-5179

Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates that require extra time to process when using RSA signature verification, a related issue to CVE-2006-2940. It is reported that a patch may be obtained by contacting Intoto at the following email address: support@intoto.com

Publication date: Tue, 08 Mar 2011 08:42:00 +0000


Cyber News related to CVE-2006-5179

CVE-2006-5179 - Intoto iGateway VPN and iGateway SSL-VPN allow context-dependent attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates ...
1 year ago
CVE-2007-5179 - Multiple cross-site scripting (XSS) vulnerabilities in iletisim.asp in Y&K Iletisim Formu allow remote attackers to inject arbitrary web script or HTML via the (1) ad, (2) sehir, (3) yas, (4) cins, (5) tel, (6) mail, and (7) mesaj parameters. ...
16 years ago
CVE-2007-3959 - The IM Server (aka IMserve or IMserver) 2.0.5.30 and probably earlier in Ipswitch Instant Messaging before 2.07 in Ipswitch Collaboration Suite (ICS) allows remote attackers to cause a denial of service (daemon crash) via certain data to TCP port ...
14 years ago
CVE-2010-5179 - ** DISPUTED ** Race condition in Trend Micro Internet Security Pro 2010 17.50.1647.0000 on Windows XP allows local users to bypass kernel-mode hook handlers, and execute dangerous code that would otherwise be blocked by a handler but not blocked by ...
12 years ago
CVE-2013-5179 - App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments. ...
11 years ago
CVE-2008-5179 - Unspecified vulnerability in Microsoft Office Communications Server (OCS), Office Communicator, and Windows Live Messenger allows remote attackers to cause a denial of service (crash) via a crafted Real-time Transport Control Protocol (RTCP) receiver ...
7 years ago
CVE-2014-5179 - The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain sensitive information via a crafted link. ...
7 years ago
CVE-2015-5179 - FreeIPA might display user data improperly via vectors involving non-printable characters. ...
7 years ago
CVE-2016-5179 - Chrome OS before 53.0.2785.144 allows remote attackers to execute arbitrary commands at boot. ...
7 years ago
CVE-2011-5179 - Cross-site scripting (XSS) vulnerability in skysa-official/skysa.php in Skysa App Bar Integration plugin, possibly before 1.04, for WordPress allows remote attackers to inject arbitrary web script or HTML via the submit parameter. ...
6 years ago
CVE-2017-5179 - Cross-site scripting (XSS) vulnerability in Tenable Nessus before 6.9.3 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ...
6 years ago
CVE-2018-5179 - A service worker can send the activate event on itself periodically which allows it to run perpetually, allowing it to monitor activity by users. Affects all versions prior to Firefox 60. ...
5 years ago
CVE-2020-5179 - Comtech Stampede FX-1010 7.4.3 devices allow remote authenticated administrators to execute arbitrary OS commands by navigating to the Diagnostics Ping page and entering shell metacharacters in the Target IP address field. (In some cases, ...
5 years ago
CVE-2012-5179 - The Boat Browser application before 4.2 and Boat Browser Mini application before 3.9 for Android do not properly implement the WebView class, which allows attackers to obtain sensitive information via a crafted application. ...
5 years ago
CVE-2019-5179 - An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.02(14). An attacker can send a specially crafted packet to trigger the parsing of ...
5 years ago
CVE-2024-5179 - The Cowidgets – Elementor Addons plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.1.1 via the 'item_style' and 'style' parameters. This makes it possible for authenticated attackers, ...
6 months ago
CVE-2023-5179 - An issue was discovered in Open Design Alliance Drawings SDK before 2024.10. A corrupted value for the start of MiniFat sector in a crafted DGN file leads to an out-of-bounds read. This can allow attackers to cause a crash, potentially enabling a ...
7 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com
CVE-2006-7224 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-7227, CVE-2005-4872, CVE-2006-7228. Reason: this candidate was SPLIT into other identifiers in order to reflect different affected versions and distinct vendor fixes. Notes: All ...
55 years ago Tenable.com
CVE-2006-5296 - PowerPoint in Microsoft Office 2003 does not properly handle a container object whose position value exceeds the record length, which allows user-assisted attackers to cause a denial of service (NULL dereference and application crash) via a crafted ...
1 year ago
CVE-2006-1530 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1529 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1723 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-1531 - Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due ...
6 years ago
CVE-2006-5424 - Unspecified vulnerability in Justsystem Ichitaro 2006, 2006 trial version, and Government 2006 allows remote attackers to execute arbitrary code via a modified document, possibly because of a buffer overflow, a different vulnerability than ...
7 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)