Lucene search
K

8517 matches found

NVD
NVD
added 2006/09/14 10:7 p.m.22 views

CVE-2006-4802

Format string vulnerability in the Real Time Virus Scan service in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, a different vector than...

4.6CVSS7.1AI score0.0045EPSS
Exploits0References6
CVE
CVE
added 2006/09/14 10:0 p.m.45 views

CVE-2006-4802

CVE-2006-4802 describes a format string vulnerability in the Real Time Virus Scan service of Symantec AntiVirus Corporate Edition (8.1–10.0) and Client Security (1.x–3.0). The flaw allows local users to execute arbitrary code via an unspecified vector related to alert notification messages, noted...

4.6CVSS7.1AI score0.0045EPSS
Exploits0References6Affected Software2
NVD
NVD
added 2006/09/14 12:7 a.m.23 views

CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in 1 Tamper Protection and 2 Virus Alert Notification messages...

7.2CVSS7.3AI score0.00459EPSS
Exploits0References9
Exploit DB
Exploit DB
added 2006/09/14 12:0 a.m.24 views

Apple Mac OSX 10.x - KExtLoad Format String

source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not installed as a setuid-superuser application...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2006/09/14 12:0 a.m.15 views

Apple Mac OSX 10.x - KExtLoad Format String

Apple Mac OSX 10.x - KExtLoad Format String source: https://www.securityfocus.com/bid/20031/info Apple Mac OS X 'kextload' is prone to a format-string vulnerability because it fails to sufficiently sanitize user-supplied input data. This issue is not exploitable by itself, because kextload is not...

Exploits0
CVE
CVE
added 2006/09/14 12:0 a.m.52 views

CVE-2006-3454

CVE-2006-4802 details a second format string vulnerability in the Real Time Virus Scan service and alert notification path of Symantec Antivirus Corporate Edition 8.1–10.0 and Symantec Client Security 1.x–3.0 (a vector distinct from CVE-2006-3454). Local users can potentially execute arbitrary co...

7.2CVSS7.3AI score0.00459EPSS
Exploits0References9Affected Software2
Cvelist
Cvelist
added 2006/09/14 12:0 a.m.28 views

CVE-2006-3454

Multiple format string vulnerabilities in Symantec AntiVirus Corporate Edition 8.1 up to 10.0, and Client Security 1.x up to 3.0, allow local users to execute arbitrary code via format strings in 1 Tamper Protection and 2 Virus Alert Notification messages...

7.3AI score0.00459EPSS
Exploits0References9
securityvulns
securityvulns
added 2006/09/14 12:0 a.m.47 views

[Full-disclosure] Layered Defense Advisory: Symantec AV Corporate Edition Format String Vulnerability

================================================== Layered Defense Advisory 13 September 2006 ================================================== 1 Affected Software Symantec AntiVirus Corporate Edition 10.0 Symantec AntiVirus Corporate Edition 9.0 Symantec AntiVirus Corporate Edition 8.1...

7.2CVSS6.8AI score0.00459EPSS
Exploits0
Symantec
Symantec
added 2006/09/13 8:0 a.m.27 views

Symantec AntiVirus Corporate Edition Elevation of Privilege

SUMMARY An elevation of privilege vulnerability in Symantec Client Security and Symantec AntiVirus Corporate Edition could potentially allow a local attacker to execute code with elevated privileges on the target machine. Risk Impact Medium Remote Access | No ---|--- Local Access | Yes...

7.2CVSS0.5AI score0.00459EPSS
Exploits0Affected Software1
NVD
NVD
added 2006/09/09 12:4 a.m.9 views

CVE-2006-4654

Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service crash or "compromise the server" via encoded format string specifiers in the query string...

5.1CVSS6.6AI score0.02066EPSS
Exploits0References5
Cvelist
Cvelist
added 2006/09/09 12:0 a.m.12 views

CVE-2006-4654

Format string vulnerability in Easy Address Book Web Server 1.2 allows remote attackers to cause a denial of service crash or "compromise the server" via encoded format string specifiers in the query string...

6.6AI score0.02066EPSS
Exploits0References5
CVE
CVE
added 2006/09/09 12:0 a.m.47 views

CVE-2006-4654

CVE-2006-4654 affects Easy Address Book Web Server 1.2. The issue is a remote format-string vulnerability in the query string, allowing an attacker to cause a crash (DoS) or potentially compromise the server. The vulnerability is documented in multiple sources (NVD/NVD listing, CVE listing); expl...

5.1CVSS6.7AI score0.02066EPSS
Exploits0References5Affected Software1
Packet Storm
Packet Storm
added 2006/09/07 12:0 a.m.20 views

eabweb.txt

Easy Address Book Web Server Format String Vulnerability Software: Easy Address Book Web Server Version: 1.2 Website: http://www.efssoft.com/ Description: Easy Address Book Web Server is a Web Address Book software that allows users to view, search, add, edit, or administer address books easily...

7.4AI score
Exploits0
securityvulns
securityvulns
added 2006/09/06 12:0 a.m.45 views

Easy Address Book Web Server format string vulnerability

Format string vulnerability on URI request parsing...

2.9AI score
Exploits0References1Affected Software1
Tenable Nessus
Tenable Nessus
added 2006/09/05 12:0 a.m.15 views

Easy Address Book Web Server Query Remote Format String

It appears that the remote web server is affected by a remote format string issue. Using a specially crafted URL containing a format string specifier, an unauthenticated, remote attacker can crash the affected application and possibly execute arbitrary code on the remote host. %NASLMINLEVEL 70300...

5.1CVSS6.2AI score0.02066EPSS
Exploits0References2
Exploit DB
Exploit DB
added 2006/09/04 12:0 a.m.32 views

Easy Address Book Web Server 1.2 - Remote Format String

source: https://www.securityfocus.com/bid/19842/info Easy Address Book Web Server is prone to a remote format-string vulnerability because the application fails to properly sanitize user-supplied data before including it in the format-specifier argument to a formatted-printing function. This issu...

7.4AI score
Exploits0
NVD
NVD
added 2006/08/24 8:4 p.m.13 views

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...

7.5CVSS7AI score0.06349EPSS
Exploits0References10
Debian CVE
Debian CVE
added 2006/08/24 8:0 p.m.29 views

CVE-2006-4346

Asterisk 1.2.10 supports the use of client-controlled variables to determine filenames in the Record function, which allows remote attackers to 1 execute code via format string specifiers or 2 overwrite files via directory traversals involving unspecified vectors, as demonstrated by the...

7.5CVSS6.9AI score0.06349EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2006/08/21 12:0 a.m.34 views

CentOS 3 / 4 : wireshark (CESA-2006:0602)

New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network traffic. In May 2006, Ethereal changed its name to...

10CVSS6.2AI score0.0733EPSS
Exploits0References10
Cent OS
Cent OS
added 2006/08/16 11:38 p.m.65 views

wireshark security update

CentOS Errata and Security Advisory CESA-2006:0602-01 New Wireshark packages that fix various security vulnerabilities in Ethereal are now available. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Ethereal is a program for monitoring network...

10CVSS6AI score0.0733EPSS
Exploits0References8
Rows per page
Query Builder