Max CVSS 10.0 Min CVSS 1.2 Total Count59
IDCVSSSummaryLast (major) updatePublished
CVE-2006-5925 7.5
Links web browser 1.00pre12 and Elinks 0.9.2 with smbclient installed allows remote attackers to execute arbitrary code via shell metacharacters in an smb:// URI, as demonstrated by using PUT and GET statements.
07-12-2016 - 22:00 15-11-2006 - 14:07
CVE-2005-3353 5.0
The exif_read_data function in the Exif module in PHP before 4.4.1 allows remote attackers to cause a denial of service (infinite loop) via a malformed JPEG image.
07-12-2016 - 22:00 18-11-2005 - 18:03
CVE-2006-5052 5.0
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
17-10-2016 - 23:41 27-09-2006 - 19:07
CVE-2006-5051 9.3
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
17-10-2016 - 23:41 27-09-2006 - 19:07
CVE-2006-4924 7.8
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack d
17-10-2016 - 23:41 26-09-2006 - 21:07
CVE-2006-5467 5.0
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier
13-09-2013 - 01:21 27-10-2006 - 14:07
CVE-2006-4340 4.0
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5, when using an RSA key with exponent 3, does not properly handle extra data in a signature
07-09-2013 - 01:04 15-09-2006 - 14:07
CVE-2006-5793 2.6
The sPLT chunk handling code (png_set_sPLT function in pngset.c) in libpng 1.0.6 through 1.2.12 uses a sizeof operator on the wrong data type, which allows context-dependent attackers to cause a denial of service (crash) via malformed sPLT chunks tha
04-07-2013 - 01:57 17-11-2006 - 18:07
CVE-2007-2754 6.8
Integer signedness error in truetype/ttgload.c in Freetype 2.3.4 and earlier might allow remote attackers to execute arbitrary code via a crafted TTF image with a negative n_points value, which leads to an integer overflow and heap-based buffer overf
30-10-2012 - 22:36 17-05-2007 - 18:30
CVE-2006-5740 5.0
Unspecified vulnerability in the LDAP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via a crafted LDAP packet.
13-08-2012 - 22:05 27-10-2006 - 19:07
CVE-2006-5468 5.0
Unspecified vulnerability in the HTTP dissector in Wireshark (formerly Ethereal) 0.99.3 allows remote attackers to cause a denial of service (crash) via unspecified vectors.
13-08-2012 - 22:04 27-10-2006 - 19:07
CVE-2006-5456 5.1
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage functio
20-09-2011 - 00:00 23-10-2006 - 13:07
CVE-2006-5748 5.0
Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code vi
01-09-2011 - 00:00 08-11-2006 - 16:07
CVE-2005-3011 1.2
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
25-07-2011 - 00:00 21-09-2005 - 16:03
CVE-2008-4226 10.0
Integer overflow in the xmlSAX2Characters function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a large XML document.
07-03-2011 - 22:12 25-11-2008 - 18:30
CVE-2008-4225 7.8
Integer overflow in the xmlBufferResize function in libxml2 2.7.2 allows context-dependent attackers to cause a denial of service (infinite loop) via a large XML document.
07-03-2011 - 22:12 25-11-2008 - 18:30
CVE-2008-3529 10.0
Heap-based buffer overflow in the xmlParseAttValueComplex function in parser.c in libxml2 before 2.7.0 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a long XML entity name.
07-03-2011 - 22:10 12-09-2008 - 12:56
CVE-2006-6318 5.0
The show_elog_list function in elogd.c in elog 2.6.2 and earlier allows remote authenticated users to cause a denial of service (daemon crash) by attempting to access a logbook whose name begins with "global," which results in a NULL pointer derefere
07-03-2011 - 21:45 28-12-2006 - 15:28
CVE-2006-5794 7.5
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed th
07-03-2011 - 21:43 08-11-2006 - 15:07
CVE-2006-5747 7.5
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary code via the XML.prototype.hasOwnProperty JavaScript function.
07-03-2011 - 21:43 08-11-2006 - 16:07
CVE-2006-5705 6.0
Multiple directory traversal vulnerabilities in plugins/wp-db-backup.php in WordPress before 2.0.5 allow remote authenticated users to read or overwrite arbitrary files via directory traversal sequences in the (1) backup and (2) fragment parameters i
07-03-2011 - 21:43 03-11-2006 - 20:07
CVE-2006-5469 5.0
Unspecified vulnerability in the WBXML dissector in Wireshark (formerly Ethereal) 0.10.11 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger a null dereference.
07-03-2011 - 21:43 27-10-2006 - 20:07
CVE-2006-5466 5.4
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages.
07-03-2011 - 21:43 06-11-2006 - 12:07
CVE-2006-5465 7.5
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
07-03-2011 - 21:43 03-11-2006 - 19:07
CVE-2006-5464 5.0
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allow remote attackers to cause a denial of service (crash) via unspecified vectors.
07-03-2011 - 21:43 08-11-2006 - 16:07
CVE-2006-5463 7.5
Unspecified vulnerability in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6 allows remote attackers to execute arbitrary JavaScript bytecode via unspecified vectors involving modification of a Script object whi
07-03-2011 - 21:43 08-11-2006 - 17:07
CVE-2006-5462 6.4
Mozilla Network Security Service (NSS) library before 3.11.3, as used in Mozilla Firefox before 1.5.0.8, Thunderbird before 1.5.0.8, and SeaMonkey before 1.0.6, when using an RSA key with exponent 3, does not properly handle extra data in a signature
07-03-2011 - 21:43 08-11-2006 - 16:07
CVE-2006-5455 2.6
Cross-site request forgery (CSRF) vulnerability in editversions.cgi in Bugzilla before 2.22.1 and 2.23.x before 2.23.3 allows user-assisted remote attackers to create, modify, or delete arbitrary bug reports via a crafted URL.
07-03-2011 - 21:43 23-10-2006 - 13:07
CVE-2006-5454 5.0
Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote attackers to obtain (1) the description of arbitrary attachments by viewing the attachment in "diff" mode in attachment.cgi, and (2) the
07-03-2011 - 21:43 23-10-2006 - 13:07
CVE-2006-5453 3.5
Multiple cross-site scripting (XSS) vulnerabilities in Bugzilla 2.18.x before 2.18.6, 2.20.x before 2.20.3, 2.22.x before 2.22.1, and 2.23.x before 2.23.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) page headers us
07-03-2011 - 21:43 23-10-2006 - 13:07
CVE-2006-5379 7.5
The accelerated rendering functionality of NVIDIA Binary Graphics Driver (binary blob driver) For Linux v8774 and v8762, and probably on other operating systems, allows local and remote attackers to execute arbitrary code via a large width value in a
07-03-2011 - 21:43 18-10-2006 - 00:06
CVE-2006-5170 7.5
pam_ldap in nss_ldap on Red Hat Enterprise Linux 4, Fedora Core 3 and earlier, and possibly other distributions does not return an error condition when an LDAP directory server responds with a PasswordPolicyResponse control response, which causes the
07-03-2011 - 21:42 10-10-2006 - 00:06
CVE-2006-4810 4.6
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
07-03-2011 - 21:42 08-11-2006 - 16:07
CVE-2006-4809 5.1
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
07-03-2011 - 21:42 06-11-2006 - 19:07
CVE-2006-4808 2.6
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
07-03-2011 - 21:42 06-11-2006 - 19:07
CVE-2006-4807 2.6
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
07-03-2011 - 21:42 06-11-2006 - 19:07
CVE-2006-4806 5.1
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loade
07-03-2011 - 21:42 06-11-2006 - 19:07
CVE-2006-4805 5.0
epan/dissectors/packet-xot.c in the XOT dissector (dissect_xot_pdu) in Wireshark (formerly Ethereal) 0.9.8 through 0.99.3 allows remote attackers to cause a denial of service (memory consumption and crash) via an encoded XOT packet that produces a ze
07-03-2011 - 21:42 27-10-2006 - 19:07
CVE-2006-4574 5.0
Off-by-one error in the MIME Multipart dissector in Wireshark (formerly Ethereal) 0.10.1 through 0.99.3 allows remote attackers to cause a denial of service (crash) via certain vectors that trigger an assertion error related to unexpected length valu
07-03-2011 - 21:41 27-10-2006 - 20:07
CVE-2006-4571 10.0
Multiple unspecified vulnerabilities in Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allow remote attackers to cause a denial of service (crash), corrupt memory, and possibly execute arbitrary code via unspecified ve
07-03-2011 - 21:41 15-09-2006 - 15:07
CVE-2006-4568 4.3
Mozilla Firefox before 1.5.0.7 and SeaMonkey before 1.0.5 allows remote attackers to bypass the security model and inject content into the sub-frame of another site via targetWindow.frames[n].document.open(), which facilitates spoofing and other atta
07-03-2011 - 21:41 15-09-2006 - 15:07
CVE-2006-4566 5.0
Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) via a malformed JavaScript regular expression that ends with a backslash in an unterminated character
07-03-2011 - 21:41 15-09-2006 - 14:07
CVE-2006-4565 9.3
Heap-based buffer overflow in Mozilla Firefox before 1.5.0.7, Thunderbird before 1.5.0.7, and SeaMonkey before 1.0.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a JavaScript regular expression
07-03-2011 - 21:41 15-09-2006 - 14:07
CVE-2006-4482 9.3
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990
07-03-2011 - 21:41 31-08-2006 - 17:04
CVE-2006-4251 7.5
Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.
07-03-2011 - 21:40 14-11-2006 - 14:07
CVE-2006-2418 6.8
Cross-site scripting (XSS) vulnerabilities in certain versions of phpMyAdmin before 2.8.0.4 allow remote attackers to inject arbitrary web script or HTML via the db parameter in unknown scripts.
07-03-2011 - 21:36 16-05-2006 - 06:02
CVE-2006-1678 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.
07-03-2011 - 21:33 10-04-2006 - 20:02
CVE-2005-3665 4.3
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_HOST variable and (2) various scripts in the libraries directory that handle header generati
07-03-2011 - 21:26 08-12-2005 - 06:03
CVE-2005-2693 4.6
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
07-03-2011 - 21:24 26-08-2005 - 11:50
CVE-2006-0082 5.1
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick 6.2.3 and other versions, and GraphicsMagick, allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via a numeric fo
07-03-2011 - 00:00 04-01-2006 - 18:03
CVE-2006-5868 9.3
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
15-09-2010 - 01:30 21-11-2006 - 20:07
CVE-2006-4144 2.6
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values
15-09-2010 - 01:14 15-08-2006 - 19:04
CVE-2006-3017 9.3
zend_hash_del_key_or_index in zend_hash.c in PHP before 4.4.3 and 5.x before 5.1.3 can cause zend_hash_del to delete the wrong element, which prevents a variable from being unset even when the PHP unset function is called, which might cause the varia
15-09-2010 - 00:00 14-06-2006 - 19:02
CVE-2006-2788 7.5
Double free vulnerability in the getRawDER function for nsIX509Cert in Firefox allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via certain Javascript code.
21-08-2010 - 00:48 02-06-2006 - 17:06
CVE-2006-5778 4.6
ftpd in linux-ftpd 0.17, and possibly other versions, performs a chdir before setting the UID, which allows local users to bypass intended access restrictions by redirecting their home directory to a restricted directory.
05-09-2008 - 17:13 07-11-2006 - 13:07
CVE-2006-5116 5.1
Multiple cross-site request forgery (CSRF) vulnerabilities in phpMyAdmin before 2.9.1-rc1 allow remote attackers to perform unauthorized actions as another user by (1) directly setting a token in the URL though dynamic variable evaluation and (2) uns
05-09-2008 - 17:11 03-10-2006 - 00:03
CVE-2005-4534 7.5
The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
05-09-2008 - 16:57 27-12-2005 - 21:03
CVE-2005-3621 5.0
CRLF injection vulnerability in phpMyAdmin before 2.6.4-pl4 allows remote attackers to conduct HTTP response splitting attacks via unspecified scripts.
05-09-2008 - 16:54 16-11-2005 - 06:02
CVE-2004-2190 5.0
Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact and attack vectors.
05-09-2008 - 16:43 31-12-2004 - 00:00
Back to Top Mark selected
Back to Top