Max CVSS 10.0 Min CVSS 1.9 Total Count68
IDCVSSSummaryLast (major) updatePublished
CVE-2006-6103 6.6
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during
07-12-2016 - 22:00 31-12-2006 - 00:00
CVE-2006-6102 10.0
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption durin
07-12-2016 - 22:00 31-12-2006 - 00:00
CVE-2006-6101 6.6
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption dur
07-12-2016 - 22:00 31-12-2006 - 00:00
CVE-2007-0008 6.8
Integer underflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, SeaMonkey before 1.0.8, Thunderbird before 1.5.0.10, and certain Sun Java System server produc
04-05-2014 - 22:38 26-02-2007 - 15:28
CVE-2007-0009 6.8
Stack-based buffer overflow in the SSLv2 support in Mozilla Network Security Services (NSS) before 3.11.5, as used by Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, SeaMonkey before 1.0.8, and certain Sun Java System ser
16-01-2014 - 22:46 26-02-2007 - 15:28
CVE-2006-4538 4.9
Linux kernel 2.6.17 and earlier, when running on IA64 or SPARC platforms, allows local users to cause a denial of service (crash) via a malformed ELF file that triggers memory maps that cross region boundaries.
12-07-2013 - 01:03 05-09-2006 - 15:04
CVE-2007-1092 9.3
Mozilla Firefox 1.5.0.9 and 2.0.0.1, and SeaMonkey before 1.0.8 allow remote attackers to execute arbitrary code via JavaScript onUnload handlers that modify the structure of a document, wich triggers memory corruption due to the lack of a finalize h
06-07-2013 - 02:01 26-02-2007 - 12:28
CVE-2007-2868 9.3
Multiple vulnerabilities in the JavaScript engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of se
05-11-2012 - 22:40 31-05-2007 - 20:30
CVE-2007-2867 9.3
Multiple vulnerabilities in the layout engine for Mozilla Firefox 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, Thunderbird 1.5.x before 1.5.0.12 and 2.x before 2.0.0.4, and SeaMonkey 1.0.9 and 1.1.2 allow remote attackers to cause a denial of servic
05-11-2012 - 22:40 31-05-2007 - 20:30
CVE-2007-0772 7.8
The Linux kernel 2.6.13 and other versions before 2.6.20.1 allows remote attackers to cause a denial of service (oops) via a crafted NFSACL 2 ACCESS request that triggers a free of an incorrect pointer.
19-03-2012 - 00:00 20-02-2007 - 12:28
CVE-2007-0776 9.3
Heap-based buffer overflow in the _cairo_pen_init function in Mozilla Firefox 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to execute arbitrary code via a large stroke-width attribute in the clip
17-10-2011 - 00:00 26-02-2007 - 14:28
CVE-2007-0537 2.6
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags withi
11-10-2011 - 00:00 29-01-2007 - 11:28
CVE-2007-0994 6.8
A regression error in Mozilla Firefox 2.x before 2.0.0.2 and 1.x before 1.5.0.10, and SeaMonkey 1.1 before 1.1.1 and 1.0 before 1.0.8, allows remote attackers to execute arbitrary JavaScript as the user via an HTML mail message with a javascript: URI
20-09-2011 - 00:00 05-03-2007 - 19:19
CVE-2007-0906 7.5
Multiple buffer overflows in PHP before 5.2.1 allow attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors in the (1) session, (2) zip, (3) imap, and (4) sqlite extensions; (5) stream filters; and the (6) s
20-09-2011 - 00:00 13-02-2007 - 18:28
CVE-2006-5456 5.1
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage functio
20-09-2011 - 00:00 23-10-2006 - 13:07
CVE-2007-0045 4.3
Multiple cross-site scripting (XSS) vulnerabilities in Adobe Acrobat Reader Plugin before 8.0.0, and possibly the plugin distributed with Adobe Reader 7.x before 7.1.4, 8.x before 8.1.7, and 9.x before 9.2, for Mozilla Firefox, Microsoft Internet Exp
13-09-2011 - 00:00 03-01-2007 - 16:28
CVE-2007-0775 3.7
Multiple unspecified vulnerabilities in the layout engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allow remote attackers to cause a denial of service (crash) and potentially e
01-09-2011 - 00:00 26-02-2007 - 14:28
CVE-2006-6498 6.8
Multiple unspecified vulnerabilities in the JavaScript engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, SeaMonkey before 1.0.7, and Mozilla 1.7 and probably earlier on Solaris, allow remote attackers to
01-09-2011 - 00:00 19-12-2006 - 20:28
CVE-2006-6497 6.8
Multiple unspecified vulnerabilities in the layout engine for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allow remote attackers to cause a denial of service (memory corruption and
01-09-2011 - 00:00 19-12-2006 - 20:28
CVE-2007-1246 7.6
The DMO_VideoDecoder_Open function in loader/dmo/DMO_VideoDecoder.c in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibl
25-07-2011 - 00:00 03-03-2007 - 14:19
CVE-2006-4814 4.6
The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
20-06-2011 - 00:00 19-12-2006 - 21:28
CVE-2007-0908 5.0
The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element
06-06-2011 - 00:00 13-02-2007 - 18:28
CVE-2007-0988 4.3
The zend_hash_init function in PHP 5 before 5.2.1 and PHP 4 before 4.4.5, when running on a 64-bit platform, allows context-dependent attackers to cause a denial of service (infinite loop) by unserializing certain integer expressions, which only caus
25-05-2011 - 00:00 20-02-2007 - 12:28
CVE-2007-0910 10.0
Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors.
10-03-2011 - 00:00 13-02-2007 - 18:28
CVE-2007-1385 7.5
chunkcounter.cpp in KTorrent before 2.1.2 allows remote attackers to cause a denial of service (crash) and heap corruption via a negative or large idx value.
07-03-2011 - 21:52 10-03-2007 - 13:19
CVE-2007-1384 6.4
Directory traversal vulnerability in torrent.cpp in KTorrent before 2.1.2 allows remote attackers to overwrite arbitrary files via ".." sequences in a torrent filename.
07-03-2011 - 21:52 10-03-2007 - 13:19
CVE-2007-1308 4.3
ecma/kjs_html.cpp in KDE JavaScript (KJS), as used in Konqueror in KDE 3.5.5, allows remote attackers to cause a denial of service (crash) by accessing the content of an iframe with an ftp:// URI in the src attribute, probably due to a NULL pointer d
07-03-2011 - 21:51 06-03-2007 - 19:19
CVE-2007-1282 9.3
Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long lin
07-03-2011 - 21:51 05-03-2007 - 21:19
CVE-2007-1269 5.0
GNUMail 1.1.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents GNUMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote a
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1268 5.0
Mutt 1.5.13 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Mutt from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attack
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1267 5.0
Sylpheed 2.2.7 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Sylpheed from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1266 5.0
Evolution 2.8.1 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Evolution from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remo
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1265 7.8
KMail 1.9.5 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents KMail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remote attac
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1264 5.0
Enigmail 0.94.2 and earlier does not properly use the --status-fd argument when invoking GnuPG, which prevents Enigmail from visually distinguishing between signed and unsigned portions of OpenPGP messages with multiple components, which allows remot
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1263 5.0
GnuPG 1.4.6 and earlier and GPGME before 1.1.4, when run from the command line, does not visually distinguish signed and unsigned portions of OpenPGP messages with multiple components, which might allow remote attackers to forge the contents of a mes
07-03-2011 - 21:51 06-03-2007 - 15:19
CVE-2007-1218 6.8
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally re
07-03-2011 - 21:51 02-03-2007 - 16:18
CVE-2007-0996 5.8
The child frames in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 inherit the default charset from the parent window, which allows remote attackers to conduct cross-site scripting (XSS) attacks, as demonstrated us
07-03-2011 - 21:51 26-02-2007 - 21:28
CVE-2007-0995 4.3
Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 ignores trailing invalid HTML characters in attribute names, which allows remote attackers to bypass content filters that use regular expressions.
07-03-2011 - 21:51 26-02-2007 - 14:28
CVE-2007-0909 7.5
Multiple format string vulnerabilities in PHP before 5.2.1 might allow attackers to execute arbitrary code via format string specifiers to (1) all of the *print functions on 64-bit systems, and (2) the odbc_result_all function.
07-03-2011 - 21:50 13-02-2007 - 18:28
CVE-2007-0907 5.0
Buffer underflow in PHP before 5.2.1 allows attackers to cause a denial of service via unspecified vectors involving the sapi_header_op function.
07-03-2011 - 21:50 13-02-2007 - 18:28
CVE-2007-0800 4.3
Cross-zone vulnerability in Mozilla Firefox 1.5.0.9 considers blocked popups to have an internal zone origin, which allows user-assisted remote attackers to cross zone restrictions and read arbitrary file:// URIs by convincing a user to show a blocke
07-03-2011 - 21:50 07-02-2007 - 06:28
CVE-2007-0780 6.8
browser.js in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 uses the requesting URI to identify child windows, which allows remote attackers to conduct cross-site scripting (XSS) attacks by opening a blocked
07-03-2011 - 21:50 26-02-2007 - 15:28
CVE-2007-0779 6.4
GUI overlay vulnerability in Mozilla Firefox 1.5.x before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 allows remote attackers to spoof certain user interface elements, such as the host name or security indicators, via the CSS3 hotspot
07-03-2011 - 21:50 26-02-2007 - 15:28
CVE-2007-0778 5.4
The page cache feature in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8 can generate hash collisions that cause page data to be appended to the wrong page cache, which allows remote attackers to obtain sensitive i
07-03-2011 - 21:50 26-02-2007 - 15:28
CVE-2007-0777 9.3
The JavaScript engine in Mozilla Firefox before 1.5.0.10 and 2.x before 2.0.0.2, Thunderbird before 1.5.0.10, and SeaMonkey before 1.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain vect
07-03-2011 - 21:50 26-02-2007 - 14:28
CVE-2007-0478 4.3
WebCore on Apple Mac OS X 10.3.9 and 10.4.10, as used in Safari, does not properly parse HTML comments in TITLE elements, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding
07-03-2011 - 21:49 24-01-2007 - 19:28
CVE-2007-0475 4.4
Multiple stack-based buffer overflows in utilities/smb4k_*.cpp in Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to gain privileges via unspecified vectors related to the args variable and unspecified other variables, i
07-03-2011 - 21:49 03-02-2007 - 18:28
CVE-2007-0474 3.3
Smb4K before 0.8.0 allow local users, when present on the Smb4K sudoers list, to kill arbitrary processes, related to a "design issue with smb4k_kill."
07-03-2011 - 21:49 03-02-2007 - 18:28
CVE-2007-0473 1.9
The writeFile function in core/smb4kfileio.cpp in Smb4K before 0.8.0 does not preserve /etc/sudoers permissions across modifications, which allows local users to obtain sensitive information (/etc/sudoers contents) by reading this file.
07-03-2011 - 21:49 03-02-2007 - 18:28
CVE-2007-0472 3.7
Multiple race conditions in Smb4K before 0.8.0 allow local users to (1) modify arbitrary files via unspecified manipulations of Smb4K's lock file, which is not properly handled by the remove_lock_file function in core/smb4kfileio.cpp, and (2) add lin
07-03-2011 - 21:49 03-02-2007 - 18:28
CVE-2006-6505 6.8
Multiple heap-based buffer overflows in Mozilla Thunderbird before 1.5.0.9 and SeaMonkey before 1.0.7 allow remote attackers to execute arbitrary code via (1) external message modies with long Content-Type headers or (2) long RFC2047-encoded (MIME no
07-03-2011 - 21:46 19-12-2006 - 20:28
CVE-2006-6503 6.8
Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to bypass cross-site scripting (XSS) protection by changing the src attribute of an IMG element to a javascript:
07-03-2011 - 21:46 19-12-2006 - 20:28
CVE-2006-6502 7.1
Use-after-free vulnerability in the LiveConnect bridge code for Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to cause a denial of service (crash) via unknown
07-03-2011 - 21:46 19-12-2006 - 20:28
CVE-2006-6501 6.8
Unspecified vulnerability in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 allows remote attackers to gain privileges and install malicious code via the watch Javascript function.
07-03-2011 - 21:46 19-12-2006 - 20:28
CVE-2006-6499 4.3
The js_dtoa function in Mozilla Firefox 2.x before 2.0.0.1, 1.5.x before 1.5.0.9, Thunderbird before 1.5.0.9, and SeaMonkey before 1.0.7 overwrites memory instead of exiting when the floating point precision is reduced, which allows remote attackers
07-03-2011 - 21:46 19-12-2006 - 20:28
CVE-2006-6077 5.0
The (1) Password Manager in Mozilla Firefox 2.0, and 1.5.0.8 and earlier; and the (2) Passcard Manager in Netscape 8.1.2 and possibly other versions, do not properly verify that an ACTION URL in a FORM element containing a password INPUT element matc
07-03-2011 - 21:45 24-11-2006 - 12:07
CVE-2006-6053 4.9
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
07-03-2011 - 21:44 21-11-2006 - 20:07
CVE-2007-0981 7.5
Mozilla based browsers, including Firefox before 1.5.0.10 and 2.x before 2.0.0.2, and SeaMonkey before 1.0.8, allow remote attackers to bypass the same origin policy, steal cookies, and conduct other attacks by writing a URI with a null byte to the h
07-03-2011 - 00:00 15-02-2007 - 20:28
CVE-2007-1387 6.8
The DirectShow loader (loader/dshow/DS_VideoDecoder.c) in MPlayer 1.0rc1 and earlier, as used in xine-lib, does not set the biSize before use in a memcpy, which allows user-assisted remote attackers to cause a buffer overflow and possibly execute arb
30-11-2010 - 01:02 13-03-2007 - 15:19
CVE-2007-0999 9.3
Format string vulnerability in Ekiga 2.0.3, and probably other versions, allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2007-1006.
15-09-2010 - 01:45 10-03-2007 - 14:19
CVE-2007-0958 2.1
Linux kernel 2.6.x before 2.6.20 allows local users to read unreadable binaries by using the interpreter (PT_INTERP) functionality and triggering a core dump, a variant of CVE-2004-1073.
15-09-2010 - 01:44 15-02-2007 - 13:28
CVE-2006-6056 4.9
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit functio
15-09-2010 - 01:32 21-11-2006 - 20:07
CVE-2006-5823 4.0
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
15-09-2010 - 01:30 09-11-2006 - 06:07
CVE-2006-5753 7.2
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
15-09-2010 - 01:30 30-01-2007 - 14:28
CVE-2007-0006 1.9
The key serial number collision avoidance code in the key_alloc_serial function in Linux kernel 2.6.9 up to 2.6.20 allows local users to cause a denial of service (crash) via vectors that trigger a null dereference, as originally reported as "spinloc
15-09-2010 - 00:00 06-02-2007 - 14:28
CVE-2005-2120 6.5
Stack-based buffer overflow in the Plug and Play (PnP) service (UMPNPMGR.DLL) in Microsoft Windows 2000 SP4, and XP SP1 and SP2, allows remote or local authenticated attackers to execute arbitrary code via a large number of "\" (backslash) characters
10-09-2008 - 15:41 13-10-2005 - 06:02
CVE-2007-1565 7.8
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
05-09-2008 - 17:20 21-03-2007 - 15:19
CVE-2007-0801 4.3
The nsExternalAppHandler::SetUpTempFile function in Mozilla Firefox 1.5.0.9 creates temporary files with predictable filenames based on creation time, which allows remote attackers to execute arbitrary web script or HTML via a crafted XMLHttpRequest.
05-09-2008 - 17:18 07-02-2007 - 06:28
Back to Top Mark selected
Back to Top