CVE-2006-0853

Buffer overflow in the IMAP service of TrueNorth Internet Anywhere IA eMailserver 5.3.4 allows remote authenticated users to cause a denial of service crash and possibly execute arbitrary code via a long SEARCH argument...

CVE-2006-0782

Unspecified vulnerability in weblog.pl in PerlBlog 1.09b and earlier allows remote attackers to create arbitrary files and possibly execute arbitrary code via unspecified attack vectors related to improper handling of 1 the reply parameter, possibly involving injection of 2 the name parameter and...

Double free

Double free vulnerability in isode.eddy in Isode M-Vault Server 11.3 allows remote attackers to execute arbitrary code via a crafted LDAP request, as demonstrated by ProtoVer Sample LDAP...

CVE-2006-0681

Format string vulnerability in powerd.c in Power Daemon powerd 2.0.2 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the WHATIDO variable...

CVE-2006-0646

ld in SUSE Linux 9.1 through 10.0, and SLES 9, in certain circumstances when linking binaries, can leave an empty RPATH or RUNPATH, which allows local attackers to execute arbitrary code as other users via by running an ld-linked application from the current directory, which could contain an...

CVE-2006-0645

Tiny ASN.1 Library libtasn1 before 0.2.18, as used by 1 GnuTLS 1.2.x before 1.2.10 and 1.3.x before 1.3.4, and 2 GNU Shishi, allows attackers to crash the DER decoder and possibly execute arbitrary code via "out-of-bounds access" caused by invalid input, as demonstrated by the ProtoVer SSL test...

CVE-2006-0587

Unspecified vulnerability in util.php in Gallery before 1.5.2-pl2 allows remote authenticated users with trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafted file...

PT-2006-1648 · Gallery · Gallery

Name of the Vulnerable Software and Affected Versions: Gallery versions prior to 1.5.2-pl2 Description: The issue allows remote authenticated users to trick an owner into modifying stored album data and possibly executing arbitrary code via unspecified vectors involving a crafted link to a crafte...

Mandrake Linux Security Advisory : kdegraphics (MDKSA-2006:031)

Heap-based buffer overflow in Splash.cc in xpdf allows attackers to cause a denial of service and possibly execute arbitrary code via crafted splash images that produce certain values that exceed the width or height of the associated bitmap. Kdegraphics-kpdf uses a copy of the xpdf code and as su...

CVE-2006-0544

urlmon.dll in Microsoft Internet Explorer 7.0 beta 2 aka 7.0.5296.0 allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via a BGSOUND element with its SRC attribute set to "file://" followed by a large number of "-" dash of hyphen characters...

Design/Logic Flaw

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

CVE-2006-0292

The Javascript interpreter jsinterp.c in Mozilla and Firefox before 1.5.1 does not properly dereference objects, which allows remote attackers to cause a denial of service crash or execute arbitrary code via unknown attack vectors related to garbage collection...

CVE-2005-4694

Unspecified vulnerability in the wwwadd method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors...

CVE-2006-0468

CommuniGate Pro Core Server before 5.0.7 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via LDAP messages with negative BER lengths, and possibly other vectors, as demonstrated by the ProtoVer LDAP test suite...

CVE-2006-0224

Buffer overflow in Library of Assorted Spiffy Things LibAST 0.6.1 and earlier, as used in Eterm and possibly other software, allows local users to execute arbitrary code as the utmp user via a long -X command line argument alternative configuration file name...

CVE-2006-0308

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...

CVE-2006-0308

PHP remote file inclusion vulnerability in htmltonuke.php in the htmltonuke 2.0 alpha, and possibly other versions, module for PHP-Nuke allows remote attackers to execute arbitrary PHP code via a URL in the filnavn parameter...

Mandrake Linux Security Advisory : tetex (MDKSA-2006:011)

Multiple heap-based buffer overflows in the DCTStream::readProgressiveSOF and DCTStream::readBaselineSOF functions in the DCT stream parsing code Stream.cc in xpdf 3.01 and earlier, allow user-complicit attackers to cause a denial of service heap corruption and possibly execute arbitrary code via...

Ubuntu 4.10 / 5.04 : xine-lib vulnerabilities (USN-123-1)

Two buffer overflows have been discovered in the MMS and Real RTSP stream handlers of the Xine library. By tricking a user to connect to a malicious MMS or RTSP video/audio stream source with an application that uses this library, an attacker could crash the client and possibly even execute...

CVE-2006-0162

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ClamAV before 0.88 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via crafted UPX files...