High · CVSS 8.8
Integer overflow in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a 0x7fffffff argument to the setSlice method on a WebViewFolderIcon ActiveX object, which leads to an invalid memory copy.
Published Jul 19, 2006 · Updated Feb 25, 2026
High · CVSS 7.5
Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.
Published Jul 25, 2007 · Updated Apr 3, 2025
Medium · CVSS 5.5
EMC VMware Player allows user-assisted attackers to cause a denial of service (unrecoverable application failure) via a long value of the ide1:0.fileName parameter in the .vmx file of a virtual machine. NOTE: third parties have disputed this issue, saying that write access to the .vmx file enables other ways of stopping the virtual machine, so no privilege boundaries are crossed
Published Jul 13, 2006 · Updated Jan 17, 2025
Unknown · CVSS Not scored
Tor before 0.1.1.20 does not sufficiently obey certain firewall options, which allows remote attackers to bypass intended access restrictions for dirservers, direct connections, or proxy servers.
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tor before 0.1.1.20 kills the circuit when it receives an unrecognized relay command, which causes network circuits to be disbanded. NOTE: while this item is listed under the "Security fixes" section of the developer changelog, the developer clarified on 20060707 that this is only a self-DoS. Therefore this issue should not be included in CVE
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tor client before 0.1.1.20 prefers entry points based on is_fast or is_stable flags, which could allow remote attackers to be preferred over nodes that are identified as more trustworthy "entry guard" (is_guard) systems by directory authorities.
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Unspecified vulnerability in SAP SAPLPD and SAPSPRINT allows remote attackers to cause a denial of service (application crash) via a certain print job request. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Published Jul 10, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The privoxy configuration file in Tor before 0.1.1.20, when run on Apple OS X, logs all data via the "logfile", which allows attackers to obtain potentially sensitive information.
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tor before 0.1.1.20 uses improper logic to validate the "OR" destination, which allows remote attackers to perform a man-in-the-middle (MITM) attack via unspecified vectors.
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tor before 0.1.1.20 does not validate that a server descriptor's fingerprint line matches its identity key, which allows remote attackers to spoof the fingerprint line, which might be trusted by users or other applications.
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tor before 0.1.1.20 uses OpenSSL pseudo-random bytes (RAND_pseudo_bytes) instead of cryptographically strong RAND_bytes, and seeds the entropy value at start-up with 160-bit chunks without reseeding, which makes it easier for attackers to conduct brute force guessing attacks.
Published Jul 7, 2006 · Updated Sep 17, 2024
Unknown · CVSS Not scored
The Intel Core 2 Extreme processor X6800 and Core 2 Duo desktop processor E6000 and E4000 incorrectly set the memory page Access (A) bit for a page in certain circumstances involving proximity of the code segment limit to the end of a code page, which has unknown impact and attack vectors on certain operating systems other than OpenBSD, aka AI90.
Published Jul 3, 2007 · Updated Sep 17, 2024
Unknown · CVSS Not scored
Tor before 0.1.1.20 supports server descriptors that contain hostnames instead of IP addresses, which allows remote attackers to arbitrarily group users by providing preferential address resolution.
Published Jul 7, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Apache Derby before 10.2.1.6 does not determine privilege requirements for lock table statements at compilation time, and consequently does not enforce privilege requirements at execution time, which allows remote authenticated users to lock arbitrary tables.
Published Jul 5, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Integer overflow in the calloc function in libc/stdlib/malloc.c in jemalloc in libc for FreeBSD 6.4 and NetBSD makes it easier for context-dependent attackers to perform memory-related attacks such as buffer overflows via a large size value, which triggers a memory allocation of one byte.
Published Jul 25, 2012 · Updated Sep 16, 2024
Unknown · CVSS Not scored
eZ publish before 3.8.5 does not properly enforce permissions for editing in a specific language, which allows remote authenticated users to create a draft in an unauthorized language by editing an archived version of an object, and then using Manage Versions to copy this version to a new draft.
Published Jul 6, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jul 14, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
TLS handshakes in Tor before 0.1.1.20 generate public-private keys based on TLS context rather than the connection, which makes it easier for remote attackers to conduct brute force attacks on the encryption keys.
Published Jul 7, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in LifeType 1.0.5 allows remote attackers to execute arbitrary SQL commands via the Date parameter in a Default op.
Published Jul 13, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
eZ publish before 3.8.1 does not properly enforce permissions for "content edit Language" when there are four or more languages, which allows remote authenticated users to perform translations into languages that are not listed in a Module Function Limitation policy.
Published Jul 6, 2007 · Updated Sep 16, 2024
Unknown · CVSS Not scored
VirtuaStore 2.0 stores sensitive files under the web root with insufficient access control, which allows remote attackers to obtain local database information by directly accessing database/virtuastore.mdb.
Published Jul 10, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in Index.PHP in CuteNews 1.4.5 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Published Jul 17, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Absolute path traversal vulnerability in administrador.asp in VirtuaStore 2.0 allows remote attackers to possibly read arbitrary directories or files via an absolute path with Windows drive letter in the Pasta parameter when link=util, acao=ftp, and acaba=sim.
Published Jul 10, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
The Languages selection in the admin interface in Kailash Nadh boastMachine (formerly bMachine) 3.1 and earlier allows remote authenticated administrators to upload files with arbitrary extensions to the bmc/Inc/Lang directory. NOTE: because the uploaded files cannot be accessed through HTTP, this issue is a vulnerability only if there is a likely usage pattern in which the files would be opened or executed by local users, e.g., malware files with names that entice local users to open the files.
Published Jul 25, 2006 · Updated Sep 16, 2024
Unknown · CVSS Not scored
Apache Derby before 10.2.1.6 does not determine schema privilege requirements during the DropSchemaNode bind phase, which allows remote authenticated users to execute arbitrary drop schema statements in SQL authorization mode.
Published Jul 5, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 allows remote attackers to cause a denial of service (CMA Framework service crash) and possibly execute arbitrary code via unspecified vectors.
Published Jul 12, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer overflow in the Real-Time Information Server (RIS) Data Collector service (RisDC.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via crafted packets, resulting in a heap-based buffer overflow.
Published Jul 15, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Off-by-one error in the Certificate Trust List (CTL) Provider service (CTLProvider.exe) in Cisco Unified Communications Manager (CUCM, formerly CallManager) before 20070711 allow remote attackers to execute arbitrary code via a crafted packet that triggers a heap-based buffer overflow.
Published Jul 15, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Integer underflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted UDP packet, which causes stack corruption.
Published Jul 12, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.6.0.453 and earlier allows remote attackers to execute arbitrary code via a crafted ping packet.
Published Jul 12, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in McAfee ePolicy Orchestrator 3.5 through 3.6.1, ProtectionPilot 1.1.1 and 1.5, and Common Management Agent (CMA) 3.5.5.438 through 3.6.0.453 allows remote attackers to execute arbitrary code via a crafted packet.
Published Jul 12, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple integer overflows in the image loader plug-ins in GIMP before 2.2.16 allow user-assisted remote attackers to execute arbitrary code via crafted length values in (1) DICOM, (2) PNM, (3) PSD, (4) PSP, (5) Sun RAS, (6) XBM, and (7) XWD files.
Published Jul 10, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Heap-based buffer overflow in Microsoft DirectX SDK (February 2006) and probably earlier, including 9.0c End User Runtimes, allows context-dependent attackers to execute arbitrary code via a crafted Targa file with a run-length-encoding (RLE) compression that produces more data than expected when decoding.
Published Jul 18, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple directory traversal vulnerabilities in the G/PGP (GPG) Plugin 2.0, and 2.1dev before 20070614, for Squirrelmail allow remote authenticated users to include and execute arbitrary local files via a .. (dot dot) in the help parameter to (1) gpg_help.php or (2) gpg_help_base.php.
Published Jul 15, 2007 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in WebScarab before 20060718-1904, when used with Microsoft Internet Explorer 6 SP2 or Konqueror 3.5.3, allows remote attackers to inject arbitrary web script or HTML via the URL, which is not sanitized before being returned in an error message when WebScarab is not able to access the URL.
Published Jul 25, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in links.php in Gonafish LinksCaffe 3.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the provenance of this information is unknown; the details are obtained from third party information.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
The server driver (srv.sys) in Microsoft Windows NT 4.0, 2000, XP, and Server 2003 allows remote attackers to cause a denial of service (system crash) via an SMB_COM_TRANSACTION SMB message that contains a string without null character termination, which leads to a NULL dereference in the ExecuteTransaction function, possibly related to an "SMB PIPE," aka the "Mailslot DOS" vulnerability. NOTE: the name "Mailslot DOS" was derived from incomplete initial research; the vulnerability is not associated with a mailslot.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos before 1.6.5 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Published Jul 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in (1) admin.php, and possibly (2) details.php, (3) modify.php, (4) newgroup.php, (5) newtask.php, and (6) rss.php, in MoSpray (aka com_mospray) 1.8 RC1 allows remote attackers to execute arbitrary PHP code via a URL in the basedir parameter.
Published Jul 25, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Internet Key Exchange (IKE) version 1 protocol, as implemented on Cisco IOS, VPN 3000 Concentrators, and PIX firewalls, allows remote attackers to cause a denial of service (resource exhaustion) via a flood of IKE Phase-1 packets that exceed the session expiration rate. NOTE: it has been argued that this is due to a design weakness of the IKE version 1 protocol, in which case other vendors and implementations would also be affected.
Published Jul 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Cross-site scripting (XSS) vulnerability in auctionsearch.php in PhpProBid 5.24 allows remote attackers to inject arbitrary web script or HTML via the advsrc parameter.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
DotClear allows remote attackers to obtain sensitive information via a direct request for (1) edit_cat.php, (2) index.php, (3) edit_link.php in ecrire/tools/blogroll/; (4) syslog/index.php, (5) thememng/index.php, (6) toolsmng/index.php, (7) utf8convert/index.php in /ecrire/tools/; (8) /ecrire/inc/connexion.php and (9) /inc/session.php; (10) class.blog.php, (11) class.blogcomment.php, (12) and class.blogpost.php in /inc/classes/; (13) append.php, (14) class.xblog.php, (15) class.xblogcomment.php, and (16) class.xblogpost.php in /layout/; (17) form.php, (18) list.php, (19) post.php, or (20) template.php in /themes/default/, which reveal the installation path in error messages.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple stack-based buffer overflows in Tumbleweed Email Firewall (EMF) allow remote attackers to execute arbitrary code via an email attachment with an LHA archive that contains a (1) file or (2) directory with a long LHA extended header, (3) an LHA archive in which the "temporary pathname" field for decompressed output is greater than 2 bytes, or (4) an LHA archive with a long filename.
Published Jul 27, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
system/workplace/views/admin/admin-main.jsp in Alkacon OpenCms before 6.2.2 does not restrict access to administrator functions, which allows remote authenticated users to (1) send broadcast messages to all users (/workplace/broadcast), (2) list all users (/accounts/users), (3) add webusers (/accounts/webusers/new), (4) upload database import and export files (/database/importhttp), (5) upload arbitrary program modules (/modules/modules_import), and (6) read the log file (/workplace/logfileview) by setting the appropriate value for the path parameter in a direct request to admin-main.jsp.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
SQL injection vulnerability in index.php in GeodesicSolutions GeoAuctions Enterprise 1.0.6 allows remote attackers to execute arbitrary SQL commands via the d parameter.
Published Jul 25, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
PHP remote file inclusion vulnerability in admin.a6mambohelpdesk.php in a6mambohelpdesk Mambo Component 18RC1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the mosConfig_live_site parameter.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via a (1) Forms.ListBox.1 or (2) Forms.ListBox.1 object with the ListWidth property set to (a) 0x7fffffff, which triggers an integer overflow exception, or to (b) 0x7ffffffe, which triggers a null dereference.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Multiple SQL injection vulnerabilities in PhpProBid 5.24 allow remote attackers to execute arbitrary SQL commands via the (1) view or (2) start parameters to (a) viewfeedback.php or the (3) orderType parameter to (b) categories.php.
Published Jul 31, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
Published Jul 28, 2006 · Updated Aug 7, 2024
Unknown · CVSS Not scored
Stack-based buffer overflow in NDFXArtEffects in Microsoft Internet Explorer 6 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) via long (1) RGBExtraColor, (2) RGBForeColor, and (3) RGBBackColor properties.
Published Jul 31, 2006 · Updated Aug 7, 2024