Remote file inclusion

PHP remote file include vulnerability in 1 include/templates/categories/default.php and 2 certain other include/templates/categories/ PHP scripts in Valdersoft Shopping Cart 3.0 allows remote attackers to execute arbitrary code via a URL in the catalogDocumentRoot parameter...

CVE-2006-0082

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via a numeric format string specifier such as %d in the file name...

Buffer overflow

Buffer overflow in termsh on SCO OpenServer 5.0.7 allows remote attackers to execute arbitrary code via a long -o command line argument. NOTE: this is probably a different vulnerability than CVE-2005-0351 since it involves a distinct attack vector...

CVE-2005-4817

Format string vulnerability in ui.c in Textbased MSN Client TMSNC before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function...

CVE-2005-4817

Format string vulnerability in ui.c in Textbased MSN Client TMSNC before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function...

CVE-2005-3535

Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors...

CVE-2005-3535

Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors...

CVE-2005-3535

Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors...

CVE-2005-4466

Heap-based buffer overflow in the SIPParser function in i3sipmsg.dll in Interaction SIP Proxy before 3.0.011 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a REGISTER request with a SPI version number that contains a large number of space or tab...

CVE-2005-4465

The Internet Key Exchange version 1 IKEv1 implementation in NEC UNIVERGE IX1000, IX2000, and IX3000 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of...

CVE-2005-4457

MailEnable Enterprise 1.1 before patch ME-10009 allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via several "..." triple dot sequences in a UID FETCH command...

CVE-2005-4287

PHP remote file include vulnerability in MarmaraWeb E-commerce allows remote attackers to execute arbitrary code via the page parameter to index.php...

CVE-2005-3903

Buffer overflow in uidadmin in SCO Unixware 7.1.3 and 7.1.4 allows local users to execute arbitrary code via a -S scheme argument that specifies a large file, a different vulnerability than CVE-2001-1063...

CVE-2005-3533

Buffer overflow in OSH before 1.7-15 allows local users to execute arbitrary code via a long current working directory and filename...

CVE-2005-4092

Multiple heap-based buffer overflows in QuickTime.qts in Apple QuickTime Player 7.0.3 and iTunes 6.0.1 3 and earlier allow remote attackers to cause a denial of service crash and execute arbitrary code via a .mov file with 1 a Movie Resource atom with a large size value, or 2 an stsd atom with a...

CVE-2005-3995

Format string vulnerability in the dosyslog function in the OBEX server obexsrv.c for Sobexsrv before 1.0.0-pre4, when the syslog -S function is enabled, allows remote attackers to execute arbitrary code via format string specifiers in file name arguments to OBEX commands...

CVE-2005-3985

The Internet Key Exchange version 1 IKEv1 implementation in Astaro Security Linux before 6.102 allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of...

CVE-2005-3915

The Internet Key Exchange version 1 IKEv1 implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the...

Unalz 0.x - Archive Filename Buffer Overflow

Unalz 0.x - Archive Filename Buffer Overflow source: https://www.securityfocus.com/bid/15577/info The 'unalz' utility is prone to a buffer-overflow vulnerability. This issue is exposed when the application extracts an ALZ archive that contains a file with a long name. An attacker could exploit th...

CVE-2005-3757

The Saxon XSLT parser in Google Mini Search Appliance, and possibly Google Search Appliance, allows remote attackers to obtain sensitive information and execute arbitrary code via dangerous Java class methods in select attribute of xsl:value-of tags in XSLT style sheets, such as 1 system-property...