Lucene search
K

6781 matches found

OSV
OSV
added 2006/08/15 11:4 p.m.3 views

DEBIAN-CVE-2006-4144

Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service crash and possibly execute arbitrary code via large 1 bytesperpixel, 2 columns, and 3 rows values, which trigger a heap-based buffer overflow...

2.6CVSS7.6AI score0.10211EPSS
Exploits1References1
NVD
NVD
added 2006/08/03 1:4 a.m.23 views

CVE-2006-3464

TIFF library libtiff before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecified vectors involving "unchecked arithmetic...

7.5CVSS6.5AI score0.03466EPSS
Exploits1References36
NVD
NVD
added 2006/07/31 9:4 p.m.13 views

CVE-2006-3929

Cross-site scripting XSS vulnerability in the Forms/rpSysAdmin script on the Zyxel Prestige 660H-61 ADSL Router running firmware 3.40PT.0b32 allows remote attackers to inject arbitrary web script or HTML via hex-encoded values in the a parameter...

4.3CVSS5.7AI score0.03357EPSS
Exploits2References9
RedHat Linux
RedHat Linux
added 2006/07/18 10:13 a.m.7 views

security flaw

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service crash via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values...

5CVSS5.9AI score0.11884EPSS
Exploits0References4
Prion
Prion
added 2006/06/09 10:2 a.m.11 views

Buffer overflow

The iaxnetread function in the iaxclient open source library, as used in multiple products including a LoudHush 1.3.6, b IDE FISK 1.35 and earlier, c Kiax 0.8.5 and earlier, d DIAX, e Ziaxphone, f IAX Phone, g X-lite, h MediaX, i Extreme Networks ePhone, and j iaxComm before 1.2.0, allows remote...

6.4CVSS8.7AI score0.04299EPSS
Exploits0References17Affected Software1
OSV
OSV
added 2006/05/27 12:0 a.m.14 views

DSA-1078-1 tiff - out-of-bounds read

Bulletin has no description...

2.1CVSS6.3AI score0.00799EPSS
Exploits0
OSV
OSV
added 2006/05/23 10:6 a.m.2 views

DEBIAN-CVE-2006-0747

Integer underflow in Freetype before 2.2 allows remote attackers to cause a denial of service crash via a font file with an odd number of blue values, which causes the underflow when decrementing by 2 in a context that assumes an even number of values...

5CVSS6.3AI score0.11884EPSS
Exploits0References1
Prion
Prion
added 2006/05/19 11:2 p.m.17 views

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in Mobotix IP Network Cameras M1 1.9.4.7 and M10 2.0.5.2, and other versions before 2.2.3.18 for M10/D10 and 3.0.3.31 for M22, allow remote attackers to inject arbitrary web script or HTML via URL-encoded values in 1 the query string to help/help,...

4.3CVSS6.1AI score0.02883EPSS
Exploits1References13Affected Software1
Prion
Prion
added 2006/05/12 5:6 p.m.14 views

Sql injection

E-Business Designer eBD 3.1.4 and earlier allows remote attackers to obtain the full path of the web server via "'" characters, and possibly other invalid values, in 1 the id parameter to formgrupo.html, or requests to the 2 archivos/ and 3 files/ directories. NOTE: this issue might be resultant...

5CVSS8.4AI score0.01351EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2006/05/01 10:6 p.m.13 views

Out-of-bounds

The TIFFToRGB function in libtiff before 3.8.1 allows remote attackers to cause a denial of service crash via a crafted TIFF image with Yr/Yg/Yb values that exceed the YCR/YCG/YCB values, which triggers an out-of-bounds read...

2.1CVSS6.5AI score0.00799EPSS
Exploits0References18Affected Software1
UbuntuCve
UbuntuCve
added 2006/04/20 10:2 a.m.57 views

CVE-2006-1896

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 $themefontcolor3 variable and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clari...

6CVSS6.3AI score0.01278EPSS
Exploits0References1
Cvelist
Cvelist
added 2006/04/20 10:0 a.m.28 views

CVE-2006-1900

Multiple buffer overflows in World Wide Web Consortium W3C Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in 1 the COMPACT attribute of the COLGROUP element, 2 the ROWS attribute of the TEXTAREA element, and 3 t...

7.7AI score0.16545EPSS
Exploits1References10
Prion
Prion
added 2006/04/19 4:6 p.m.14 views

Design/Logic Flaw

xFlow 5.46.11 and earlier allows remote attackers to determine the installation path of the application via the 1 action parameter to membersonly/index.cgi and 2 page parameter customerarea/index.cgi, probably due to invalid values...

5CVSS7.2AI score0.01377EPSS
Exploits0References3Affected Software1
FreeBSD
FreeBSD
added 2006/04/14 12:0 a.m.30 views

amaya -- Attribute Value Buffer Overflow Vulnerabilities

Secunia reports: Amaya have two vulnerabilities, which can be exploited by malicious people to compromise a user's system. The vulnerabilities are caused due to boundary errors within the parsing of various attribute values. This can be exploited to cause stack-based buffer overflows when a user...

7.6CVSS6.9AI score0.16545EPSS
Exploits1References3
NVD
NVD
added 2006/04/12 12:2 a.m.27 views

CVE-2006-0014

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...

5.1CVSS7.6AI score0.23875EPSS
Exploits0References17
Prion
Prion
added 2006/04/12 12:2 a.m.18 views

Buffer overflow

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...

5.1CVSS8AI score0.23875EPSS
Exploits0References17Affected Software1
Cvelist
Cvelist
added 2006/04/12 12:0 a.m.27 views

CVE-2006-0014

Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book WAB file containing "certain Unicode strings" and modified length values...

7.6AI score0.23875EPSS
Exploits0References17
Prion
Prion
added 2006/03/31 11:6 a.m.19 views

Design/Logic Flaw

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

4.6CVSS6.8AI score0.00478EPSS
Exploits1References3Affected Software1
NVD
NVD
added 2006/03/31 11:6 a.m.14 views

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

4.6CVSS6.5AI score0.00478EPSS
Exploits1References3
Cvelist
Cvelist
added 2006/03/31 11:0 a.m.21 views

CVE-2006-1564

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the 1 modauthzsvn.so and 2 moddavsvn.so modules, which might allow local users to gain privileges by installing malicious libraries in that...

6.5AI score0.00478EPSS
Exploits1References3
Rows per page
Query Builder