DEBIAN-CVE-2006-6103

Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of unspecified data structures...

DEBIAN-CVE-2006-6101

Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during processing of glyph management data...

DEBIAN-CVE-2006-6563

Stack-based buffer overflow in the prctrlsrecvrequest function in ctrls.c in the modctrls module in ProFTPD before 1.3.1rc1 allows local users to execute arbitrary code via a large reqarglen length value...

CVE-2006-6494

CVE-2006-6494 affects Sun Solaris 8, 9, and 10 where ld.so.1 is vulnerable to a directory traversal via a dot-dot sequence in the LANG environment variable that points to a locale file containing attacker-controlled format string specifiers. According to the provided records, this allows a local ...

CVE-2006-4810

Buffer overflow in the readline function in util/texindex.c, as used by the 1 texi2dvi and 2 texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file...

CVE-2006-3455

The SAVRT.SYS device driver, as used in Symantec AntiVirus Corporate Edition 8.1 and 9.0.x up to 9.0.3, and Symantec Client Security 1.1 and 2.0.x up to 2.0.3, allows local users to execute arbitrary code via a modified address for the output buffer argument to the DeviceIOControl function...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

CVE-2006-4801

CVE-2006-4801 describes a race condition in Deja Vu, used in Roxio Toast Titanium 7 (and possibly other products), where temporary files (including dejavu_manual.rb) are executed with elevated privileges, allowing local users to execute arbitrary code. The details specify a local-privilege-elevat...

DEBIAN-CVE-2006-3739

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics AFM files with a modified number of character metrics StartCharMetrics, which leads to a heap-based buffer overflow...

CVE-2006-3740

Integer overflow in the scancidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted 1 CMap and 2 CIDFont font data with modified item counts in the a begincodespacerange, b cidrange, and c notdefrange sections...

CVE-2006-3739

CVE-2006-3739 is associated with the X11 server (X.Org/XFree86) vulnerability described as a heap-based overflow triggered by crafted Adobe Font Metrics files. Connected advisories reference Solaris 10 patches for Xsun (X11 6.6.2) with CVE-2006-3739 included in the patch sets (e.g., 119060-64 on ...

security flaw

Integer overflow in the scancidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted 1 CMap and 2 CIDFont font data with modified item counts in the a begincodespacerange, b cidrange, and c notdefrange sections...

security flaw

Integer overflow in the CIDAFM function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted Adobe Font Metrics AFM files with a modified number of character metrics StartCharMetrics, which leads to a heap-based buffer overflow...

security flaw

Integer overflow in the scancidfont function in X.Org 6.8.2 and XFree86 X server allows local users to execute arbitrary code via crafted 1 CMap and 2 CIDFont font data with modified item counts in the a begincodespacerange, b cidrange, and c notdefrange sections...

IntelliTamper 2.07 (*.map file) Local Arbitrary Code Execution Exploit

Exploit for unknown platform in category local exploits ====================================================================== IntelliTamper 2.07 .map file Local Arbitrary Code Execution Exploit ======================================================================...

Input validation

EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper file permissions...

mplayer -- heap overflow in the ASF demuxer

The Mplayer team reports: A potential buffer overflow was found in the ASF demuxer. Arbitrary remote code execution is possible under the user ID running the player when streaming an ASF file from a malicious server or local code execution under the user ID running the player if a malicious ASF...

Ubuntu 4.10 / 5.04 / 5.10 : curl vulnerability (USN-228-1)

Stefan Esser discovered several buffer overflows in the handling of URLs. By attempting to load an URL with a specially crafted invalid hostname, a local attacker could exploit this to execute arbitrary code with the privileges of the application that uses the cURL library. It is not possible to...

DEBIAN-CVE-2006-0083

Format string vulnerability in the logging code of SMS Server Tools smstools 1.14.8 and earlier allows local users to execute arbitrary code via unspecified attack vectors...

CVE-2005-4681

Buffer overflow in mIRC 5.91, 6.03, 6.12, and 6.16 allows local users to execute arbitrary code via a long string that is entered after reaching the DCC Get Folder Dialog. NOTE: this issue has been disputed by the vendor, saying "as far as I can tell, this is neither an exploit nor a vulnerabilit...