Buffer overflow

The iaxnetread function in the iaxclient open source library, as used in multiple products including a LoudHush 1.3.6, b IDE FISK 1.35 and earlier, c Kiax 0.8.5 and earlier, d DIAX, e Ziaxphone, f IAX Phone, g X-lite, h MediaX, i Extreme Networks ePhone, and j iaxComm before 1.2.0, allows remote...

DSA-1078-1 tiff - out-of-bounds read

Bulletin has no description...

DEBIAN-CVE-2006-0747

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service crash via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in 1 the query string to help/help,...

Sql injection

E-Business Designer eBD 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in 1 the id parameter to formgrupo.html, or requests to the 2 archivos/ and 3 files/ directories. NOTE: this issue might be resultant...

Out-of-bounds

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service crash via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read...

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

CVE-2006-1900

Multiple buffer overflows in World Wide Web Consortium W3C Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in 1 the COMPACT attribute of the COLGROUP element, 2 the ROWS attribute of the TEXTAREA element, and 3 t...

Design/Logic Flaw

xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the 1 action parameter to membersonly/index.cgi and 2 page parameter customerarea/index.cgi, probably due to invalid values...

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

CVE-2006-0014

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...

Buffer overflow

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...

CVE-2006-0014

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

Design/Logic Flaw

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

CVE-2006-1564

The CVE-2006-1564 entry concerns libapache2-svn 1.3.0-4 for Subversion on Debian GNU/Linux. The vulnerability stems from untrusted search paths due to RPATH values under /tmp/svn for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, potentially allowing local users to gain privileges by pl...

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

pcre heap overflow

Integer overflow in pcrecompile.c in Perl Compatible Regular Expressions PCRE before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow...

CVE-2006-0047

packets.c in Freeciv 2.0 before 2.0.8 allows remote attackers to cause a denial of service server crash via crafted packets with negative compressed size values...

CVE-2006-0897

SQL injection vulnerability in VCS Virtual Program Management Intranet VPMi Enterprise 3.3 allows remote attackers to execute arbitrary SQL commands via the UpdateID0 parameter to ServiceRequests.asp. NOTE: the provenance of this information is unknown; the details are obtained solely from third...