Lucene search

K

MitreCVELIST:CVE-2006-0097

HistoryJan 06, 2006 - 11:00 a.m.

CVE-2006-0097

2006-01-0611:00:00

mitre

www.cve.org

5

AI Score

8

Confidence

High

EPSS

0.019

Percentile

88.6%

Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long named pipe variable in the host argument to the mysql_connect function.

References

archives.neohapsis.com/archives/fulldisclosure/2006-01/0274.html

lists.grok.org.uk/pipermail/full-disclosure/2006-January/041013.html

secunia.com/advisories/18275

www.osvdb.org/22232

www.php.net/ChangeLog-4.php#4.4.3

www.securityfocus.com/archive/1/420986/100/0/threaded

www.securityfocus.com/bid/16145

www.vupen.com/english/advisories/2006/0046

AI Score

8

Confidence

High

EPSS

0.019

Percentile

88.6%

Related for CVELIST:CVE-2006-0097

nvd1 prion1 exploitdb1 redhatcve1 cve1