Unknown · CVSS Not scored
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.
Published Jan 11, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.
Published Jan 5, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.
Published Jan 11, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Published Jan 11, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.
Published Jan 11, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.
Published Jan 23, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.
Published Jan 18, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).
Published Jan 18, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.
Published Jan 14, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.
Published Jan 23, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large number of packets with 0xFF characters to the Telnet port (TCP 23), which corrupts the heap.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.
Published Jan 9, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
Published Jan 6, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The mq_open system call in Linux kernel 2.6.9, in certain situations, can decrement a counter twice ("double decrement") as a result of multiple calls to the mntput function when the dentry_open function call fails, which allows local users to cause a denial of service (panic) via unspecified attack vectors.
Published Jan 23, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.
Published Jan 19, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The listening daemon in Blue Coat Systems Inc. WinProxy before 6.1a allows remote attackers to cause a denial of service (crash) via a long HTTP request that causes an out-of-bounds read.
Published Jan 5, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.
Published Jan 18, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.
Published Jan 2, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.
Published Jan 11, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow.
Published Jan 9, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets.
Published Jan 2, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file.
Published Jan 2, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).
Published Jan 15, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.
Published Jan 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers to bypass the user's intended privacy and security policy by using cookies in e-mail messages.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC scripts.
Published Jan 22, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable.
Published Jan 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.
Published Jan 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program.
Published Jan 19, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.
Published Jan 22, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.
Published Jan 29, 2005 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.
Published Jan 19, 2005 · Updated Aug 7, 2024