Format string

Format string vulnerability in OmniGroup OmniWeb 5.5.1 allows remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the Javascript alert function...

CVE-2007-0134

Multiple eval injection vulnerabilities in iGeneric iG Shop 1.0 allow remote attackers to execute arbitrary code via the action parameter, which is supplied to an eval function call in 1 cart.php and 2 page.php. NOTE: a later report and CVE analysis indicate that the vulnerability is present in 1...

CVE-2006-6488

Stack-based buffer overflow in the DoModal function in the Dialog Wrapper Module ActiveX control DlgWrapper.dll before 8.4.166.0, as used by ICONICS OPC Enabled Gauge, Switch, and Vessel ActiveX, allows remote attackers to execute arbitrary code via a long 1 FileName or 2 Filter argument...

Microsoft Windows SNMP Service GetBulk Memory Corruption (MS06-074; CVE-2006-5583)

A buffer overflow vulnerability has been reported in Microsoft Windows SNMP Service.The service fails to properly handle malformed 'GetBulkRequest' SNMP messages.An attacker could exploit this vulnerability via a specially crafted SNMP message.Successful exploitation may allow an attacker to crea...

CVE-2007-0015

Buffer overflow in Apple QuickTime 7.1.3 allows remote attackers to execute arbitrary code via a long rtsp:// URI...

CVE-2005-4816

The CVE-2005-4816 issue affects ProFTPD: a buffer/ programming error in the Radius addon module (mod_radius) can be triggered by a long password, leading to remote denial of service and potential arbitrary code execution. Public sources enumerate affected behavior and versions: vulnerable before ...

CVE-2006-6664

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details wer...

CVE-2006-6664

Format string vulnerability in Marathon Aleph One before 0.17.1 and 2006-12-17 might allow remote attackers to cause a denial of service application crash or execute arbitrary code via format string specifiers in the TopLevelLogger::logMessageV function in Misc/Logging.cpp. NOTE: some details wer...

CVE-2006-6498

Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to cause a denial of service memory corruption an...

GLSA-200612-17 : GNU Radius: Format string vulnerability

The remote host is affected by the vulnerability described in GLSA-200612-17 GNU Radius: Format string vulnerability A format string vulnerability was found in the sqllog function from the SQL accounting code for radiusd. That function is only used if one or more of the 'postgresql', 'mysql' or...

CVE-2006-6552

CVE-2006-6552 affects BLOG:CMS 4.1.3 and earlier. The vulnerability is a PHP remote file inclusion in admin/plugins/NP_UserSharing.php, allowing an attacker to execute arbitrary PHP code by supplying a URL in the DIR_ADMIN parameter. The NVD records indicate a high base score (7.5) with network a...

CVE-2006-5581

CVE-2006-5581 concerns Microsoft Internet Explorer 6, where parsing certain DHTML script function calls leads to memory corruption via incorrectly created elements. Exploitation requires the user to view a malicious page, enabling remote code execution on vulnerable IE 6 clients. The vulnerabilit...

CVE-2006-6416

Multiple PHP remote file inclusion vulnerabilities in PhpLeague - Univert PhpLeague 0.81 allow remote attackers to execute arbitrary PHP code via a URL in the cheminmini parameter to 1 consult/miniseul.php or 2 config.php. NOTE: The provenance of this information is unknown; the details are...

CVE-2006-6183

Multiple stack-based buffer overflows in 3Com 3CTftpSvc 2.0.1, and possibly earlier, allow remote attackers to cause a denial of service crash or execute arbitrary code via a long mode field aka transporting mode in a 1 GET or 2 PUT command...

CVE-2006-6184

Multiple stack-based buffer overflows in Allied Telesyn TFTP Server AT-TFTP 1.9, and possibly earlier, allow remote attackers to cause a denial of service crash or execute arbitrary code via a long filename in a 1 GET or 2 PUT command...

CVE-2006-6172

Buffer overflow in the asmrpeval function in the RealMedia RTSP stream handler asmrp.c for Real Media input plugin, as used in 1 xine/xine-lib, 2 MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a ruleboo...

CVE-2006-6150

PHP remote file inclusion vulnerability in memory/OWLMemoryProperty.php in OWLLib 1.0 allows remote attackers to execute arbitrary PHP code via a URL in the OWLLIBROOT parameter...

CVE-2006-6140

The CVE-2006-6140 entry describes a PHP remote file inclusion in Sisfo Kampus 2006 (Semarang 3). An attacker can cause arbitrary PHP code execution by supplying a URL in the slnt parameter to index.php or print.php. The vulnerability arises from insufficient validation of user-supplied input used...

CVE-2006-5750

Directory traversal vulnerability in the DeploymentFileRepository class in JBoss Application Server jbossas 3.2.4 through 4.0.5 allows remote authenticated users to read or modify arbitrary files, and possibly execute arbitrary code, via unspecified vectors related to the console manager...

CVE-2006-6026

CVE-2006-6026 : RealNetworks Helix Server/Helix Mobile Server (pre-11.1.3) and Helix DNA Server (11.0 and 11.1) suffer a heap-based buffer overflow via a DESCRIBE request containing an invalid LoadTestPassword field. An unauthenticated, remote attacker could crash the server or execute arbitrary ...