Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by ebay
CVE-2023-26107 (GCVE-0-2023-26107)
Vulnerability from cvelistv5 – Published: 2023-03-06 05:00 – Updated: 2025-03-05 19:51
VLAI
Summary
All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.
Severity
6.9 (Medium)
SSVC
Exploitation: poc
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.558Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L115"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L64"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-26107",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-05T19:51:04.442249Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94 Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-03-05T19:51:11.794Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "sketchsvg",
"vendor": "n/a",
"versions": [
{
"lessThan": "*",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Everardo Padilla"
}
],
"descriptions": [
{
"lang": "en",
"value": "All versions of the package sketchsvg are vulnerable to Arbitrary Code Injection when invoking shell.exec without sanitization nor parametrization while concatenating the current directory as part of the command string.\r\r"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 6.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:L/E:P",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "Arbitrary Code Injection",
"lang": "en"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-06T05:00:04.316Z",
"orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"shortName": "snyk"
},
"references": [
{
"url": "https://security.snyk.io/vuln/SNYK-JS-SKETCHSVG-3167969"
},
{
"url": "https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L115"
},
{
"url": "https://github.com/eBay/SketchSVG/blob/dd1036648f0f320a3187ef79d506b676b9eb87a6/lib/index.js%23L64"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
"assignerShortName": "snyk",
"cveId": "CVE-2023-26107",
"datePublished": "2023-03-06T05:00:04.316Z",
"dateReserved": "2023-02-20T10:28:48.921Z",
"dateUpdated": "2025-03-05T19:51:11.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4211 (GCVE-0-2010-4211)
Vulnerability from cvelistv5 – Published: 2010-11-08 23:00 – Updated: 2024-08-07 03:34
VLAI
Summary
The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
8 references
| URL | Tags |
|---|---|
| http://viaforensics.com/press-releases/viaforensi… | x_refsource_MISC |
| http://www.vupen.com/english/advisories/2010/2887 | vdb-entryx_refsource_VUPEN |
| http://news.cnet.com/8301-27080_3-20021730-245.html | x_refsource_MISC |
| http://www.securityfocus.com/bid/44657 | vdb-entryx_refsource_BID |
| http://online.wsj.com/article/SB10001424052748703… | x_refsource_MISC |
| http://itunes.apple.com/us/app/paypal/id283646709 | x_refsource_MISC |
| http://viaforensics.com/security/viaforensics-unc… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2010-11-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.803Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
},
{
"name": "ADV-2010-2887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2010/2887"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
},
{
"name": "44657",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44657"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://itunes.apple.com/us/app/paypal/id283646709"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
},
{
"name": "paypal-certificate-info-disclosure(63002)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-16T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
},
{
"name": "ADV-2010-2887",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2010/2887"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
},
{
"name": "44657",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44657"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://itunes.apple.com/us/app/paypal/id283646709"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
},
{
"name": "paypal-certificate-info-disclosure(63002)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4211",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The PayPal app before 3.0.1 for iOS does not verify that the server hostname matches the domain name of the subject of an X.509 certificate, which allows man-in-the-middle attackers to spoof a PayPal web server via an arbitrary certificate."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html",
"refsource": "MISC",
"url": "http://viaforensics.com/press-releases/viaforensics-uncovers-paypal-application-vulnerability.html"
},
{
"name": "ADV-2010-2887",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2010/2887"
},
{
"name": "http://news.cnet.com/8301-27080_3-20021730-245.html",
"refsource": "MISC",
"url": "http://news.cnet.com/8301-27080_3-20021730-245.html"
},
{
"name": "44657",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44657"
},
{
"name": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html",
"refsource": "MISC",
"url": "http://online.wsj.com/article/SB10001424052748703506904575592782874885808.html"
},
{
"name": "http://itunes.apple.com/us/app/paypal/id283646709",
"refsource": "MISC",
"url": "http://itunes.apple.com/us/app/paypal/id283646709"
},
{
"name": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html",
"refsource": "MISC",
"url": "http://viaforensics.com/security/viaforensics-uncovers-significant-vulnerability-paypal-iphone.html"
},
{
"name": "paypal-certificate-info-disclosure(63002)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/63002"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4211",
"datePublished": "2010-11-08T23:00:00.000Z",
"dateReserved": "2010-11-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.803Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2475 (GCVE-0-2008-2475)
Vulnerability from cvelistv5 – Published: 2009-06-09 20:00 – Updated: 2024-08-07 09:05
VLAI
Summary
eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| http://osvdb.org/54968 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/35412 | third-party-advisoryx_refsource_SECUNIA |
| http://pages.ebay.com/securitycenter/activex/index.html | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/35248 | vdb-entryx_refsource_BID |
| http://www.kb.cert.org/vuls/id/983731 | third-party-advisoryx_refsource_CERT-VN |
Date Public
2009-06-09 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:05:30.200Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "54968",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/54968"
},
{
"name": "35412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35412"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://pages.ebay.com/securitycenter/activex/index.html"
},
{
"name": "35248",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/35248"
},
{
"name": "VU#983731",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/983731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-06-09T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-06-13T09:00:00.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "54968",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/54968"
},
{
"name": "35412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35412"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://pages.ebay.com/securitycenter/activex/index.html"
},
{
"name": "35248",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/35248"
},
{
"name": "VU#983731",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/983731"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2008-2475",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "eBay Enhanced Picture Uploader ActiveX control (EPUWALcontrol.dll) before 1.0.27 allows remote attackers to execute arbitrary commands via the PictureUrls property."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "54968",
"refsource": "OSVDB",
"url": "http://osvdb.org/54968"
},
{
"name": "35412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35412"
},
{
"name": "http://pages.ebay.com/securitycenter/activex/index.html",
"refsource": "CONFIRM",
"url": "http://pages.ebay.com/securitycenter/activex/index.html"
},
{
"name": "35248",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/35248"
},
{
"name": "VU#983731",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/983731"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2008-2475",
"datePublished": "2009-06-09T20:00:00.000Z",
"dateReserved": "2008-05-28T00:00:00.000Z",
"dateUpdated": "2024-08-07T09:05:30.200Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1176 (GCVE-0-2006-1176)
Vulnerability from cvelistv5 – Published: 2006-07-08 00:00 – Updated: 2024-08-07 17:03
VLAI
Summary
Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup & Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
7 references
| URL | Tags |
|---|---|
| http://secunia.com/advisories/20969 | third-party-advisoryx_refsource_SECUNIA |
| http://securitytracker.com/id?1016445 | vdb-entryx_refsource_SECTRACK |
| http://www.kb.cert.org/vuls/id/597721 | third-party-advisoryx_refsource_CERT-VN |
| http://www.securityfocus.com/bid/18921 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2006/2698 | vdb-entryx_refsource_VUPEN |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.kb.cert.org/vuls/id/MIMG-6QKPVH | x_refsource_CONFIRM |
Date Public
2006-07-06 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:03:28.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20969"
},
{
"name": "1016445",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016445"
},
{
"name": "VU#597721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/597721"
},
{
"name": "18921",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/18921"
},
{
"name": "ADV-2006-2698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2698"
},
{
"name": "ebay-epuimagecontrol-bo(27631)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27631"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-6QKPVH"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-07-06T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup \u0026 Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"shortName": "certcc"
},
"references": [
{
"name": "20969",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20969"
},
{
"name": "1016445",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016445"
},
{
"name": "VU#597721",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/597721"
},
{
"name": "18921",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/18921"
},
{
"name": "ADV-2006-2698",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2698"
},
{
"name": "ebay-epuimagecontrol-bo(27631)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27631"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.kb.cert.org/vuls/id/MIMG-6QKPVH"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cert@cert.org",
"ID": "CVE-2006-1176",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in eBay Enhanced Picture Services (aka EPUImageControl Class) in EUPWALcontrol.dll before 1.0.3.48, as used in Sell Your Item (SYI), Setup \u0026 Test eBay Enhanced Picture Services, Picture Manager Enhanced Uploader, and CARad.com Add Vehicle, allows remote attackers to execute arbitrary code via a crafted HTML document."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20969",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20969"
},
{
"name": "1016445",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016445"
},
{
"name": "VU#597721",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/597721"
},
{
"name": "18921",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/18921"
},
{
"name": "ADV-2006-2698",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2698"
},
{
"name": "ebay-epuimagecontrol-bo(27631)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27631"
},
{
"name": "http://www.kb.cert.org/vuls/id/MIMG-6QKPVH",
"refsource": "CONFIRM",
"url": "http://www.kb.cert.org/vuls/id/MIMG-6QKPVH"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b",
"assignerShortName": "certcc",
"cveId": "CVE-2006-1176",
"datePublished": "2006-07-08T00:00:00.000Z",
"dateReserved": "2006-03-12T00:00:00.000Z",
"dateUpdated": "2024-08-07T17:03:28.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}