CVE-2006-3811

Multiple vulnerabilities in Mozilla Firefox before 1.5.0.5, Thunderbird before 1.5.0.5, and SeaMonkey before 1.0.3 allow remote attackers to cause a denial of service crash and possibly execute arbitrary code via Javascript that leads to memory corruption, including 1...

CVE-2006-3628

Multiple format string vulnerabilities in Wireshark aka Ethereal 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the 1 ANSI MAP, 2 Checkpoint FW-1, 3 MQ, 4 XML, and 5 NTP dissectors...

CVE-2006-3467

Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861...

CVE-2006-3685

CVE-2006-3685 describes a PHP remote file inclusion vulnerability in CzarNews versions 1.12 through 1.14. An attacker can cause arbitrary PHP code execution by supplying a URL in the tpath parameter to cn_config.php. This is a classic RFI flaw where user-controlled input is used to include files ...

CVE-2006-3628

Multiple format string vulnerabilities in Wireshark aka Ethereal 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the 1 ANSI MAP, 2 Checkpoint FW-1, 3 MQ, 4 XML, and 5 NTP dissectors...

CVE-2006-3628

Multiple format string vulnerabilities in Wireshark aka Ethereal 0.10.x to 0.99.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code via the 1 ANSI MAP, 2 Checkpoint FW-1, 3 MQ, 4 XML, and 5 NTP dissectors...

Buffer overflow

Buffer overflow in eBay Enhanced Picture Services aka EPUImageControl Class in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item SYI, Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary...

CVE-2006-3423

WebEx Downloader ActiveX Control and WebEx Downloader Java before 2.1.0.0 do not validate downloaded components, which allows remote attackers to execute arbitrary code via a website that activates the GpcUrlRoot and GpcIniFileName ActiveX controls to cause the client to download a DLL file...

eBay Enhanced Picture Services ActiveX control buffer overflow

Overview The eBay Enhanced Picture Services EPUImageControl Class ActiveX control contains a buffer overflow vulnerability. This may allow a remote, unauthenticated attacker to execute arbitrary code on a vulnerable system. Description ActiveXActiveX is a technology that allows programmers to...

CVE-2006-1467

Integer overflow in the AAC file parsing code in Apple iTunes before 6.0.5 on Mac OS X 10.2.8 or later, and Windows XP and 2000, allows remote user-assisted attackers to execute arbitrary code via an AAC M4P, M4A, or M4B file with a sample table size STSZ atom with a "malformed" samplesizetable...

CVE-2006-3316

The connected documents confirm multiple PHP remote file inclusion vulnerabilities in phpRaid 3.0.4–3.0.6 triggered by unsafely using the phpraid_dir URL parameter to include files. Specifically: CVE-2006-3116 (3.0.4/3.0.5) allows code execution via include paths in configuration.php, guilds.php,...

Stack overflow

Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket functions, and possibl...

CVE-2006-2200

Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket functions, and possibl...

Remote file inclusion

PHP remote file inclusion vulnerability in DeluxeBB 1.06 allows remote attackers to execute arbitrary code via a URL in the templatefolder parameter to 1 postreply.php, 2 posting.php, 3 and pm/newpm.php in the deluxe/ directory, and 4 postreply.php, 5 posting.php, and 6 pm/newpm.php in the defaul...

CVE-2006-3193

Multiple PHP remote file inclusion vulnerabilities in Grayscale BandSite CMS 1.1.1, when registerglobals is enabled, allow remote attackers to execute arbitrary PHP code via a URL in the rootpath parameter to 1 includes/content/contactcontent.php; multiple files in adminpanel/includes/addforms/...

aRts: Privilege escalation

Background aRts is a real time modular system for synthesizing audio used by KDE. artswrapper is a helper application used to start the aRts daemon. Description artswrapper fails to properly check whether it can drop privileges accordingly if setuid fails due to a user exceeding assigned resource...

CVE-2006-3128

choosefile.php in easy-CMS 0.1.2, when modmime is installed, does not restrict uploads of filenames with multiple extensions, which allows remote attackers to execute arbitrary PHP code by uploading a PHP file with a GIF file extension, then directly accessing that file in the Repositories...

GLSA-200606-12 : Mozilla Firefox: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200606-12 Mozilla Firefox: Multiple vulnerabilities A number of vulnerabilities were found and fixed in Mozilla Firefox. For details please consult the references below. Impact : By enticing the user to visit a malicious website, ...

bbrss PhpBB (phpbb_root_path) Remote File Inclusion

bbrss PhpBB phpbbrootpath Remote File Inclusion Credit : SpC-x | TheBeKiR Site : http://wWw.SaVSaK.CoM Greetz : | TheBeKiR | Nukedx | Ejder | Str0ke | joffer | Poizonb0x | Remote File Inclusion : http://www.target.com/path/bbrss.php?phpbbrootpath=CommandShell Bbrss.PHP : define'INPHPBB', true; //...

Privilege escalation

The Server Message Block SMB driver MRXSMB.SYS in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 and earlier allows local users to execute arbitrary code by calling the MrxSmbCscIoctlOpenForCopyChunk function with the METHODNEITHER method flag and an arbitrary address, possibly f...