Integer overflow in the ReadWideString function in agentdpv.dll in Microsoft Agent on Microsoft Windows 2000 SP4, XP SP2, and Server 2003 up to SP1 allows remote attackers to execute arbitrary code via a large length value in an .ACF file, which results in a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
48.23%
Published
2006-11-14
Updated
2018-10-18
Stack-based buffer overflow in the Sky Software FileView ActiveX control, as used in WinZip 10 before build 7245 and in certain other applications, allows remote attackers to execute arbitrary code via a long FilePattern attribute in a WZFILEVIEW object, a different vulnerability than CVE-2006-5198.
Max CVSS
9.3
EPSS Score
82.26%
Published
2006-11-21
Updated
2018-10-17
My Firewall Plus 5.0 Build 1119 does not verify if explorer.exe is running before launching iexplore.exe from the "Test Your Firewall" feature, which allows local users to gain SYSTEM privileges.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-11-22
Updated
2018-10-17
Business Objects Crystal Enterprise 9 and 10 generates predictable session identifiers, which allows remote attackers to hijack sessions of other users via WCSID cookie values.
Max CVSS
7.5
EPSS Score
1.83%
Published
2006-11-29
Updated
2017-07-20
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors.
Max CVSS
10.0
EPSS Score
46.34%
Published
2006-11-28
Updated
2017-07-20
Buffer overflow in PowerDNS Recursor 3.1.3 and earlier might allow remote attackers to execute arbitrary code via a malformed TCP DNS query that prevents Recursor from properly calculating the TCP DNS query length.
Max CVSS
7.5
EPSS Score
10.80%
Published
2006-11-14
Updated
2017-07-20
PowerDNS Recursor 3.1.3 and earlier allows remote attackers to cause a denial of service (resource exhaustion and application crash) via a CNAME record with a zero TTL, which triggers an infinite loop.
Max CVSS
5.0
EPSS Score
1.95%
Published
2006-11-14
Updated
2017-07-20
The Apple Type Services (ATS) server in Mac OS X 10.4.8 and earlier does not securely create log files, which allows local users to create and modify arbitrary files via unspecified vectors, possibly relating to a symlink attack.
Max CVSS
4.6
EPSS Score
0.04%
Published
2006-11-30
Updated
2011-03-08
Multiple buffer overflows in the Apple Type Services (ATS) server in Mac OS X 10.4 through 10.4.8 allow local users to execute arbitrary code via crafted service requests.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-11-30
Updated
2011-03-08
Stack-based buffer overflow in the Apple Type Services (ATS) server in Mac OS 10.4.8 and earlier allow user-assisted attackers to execute arbitrary code via crafted font files.
Max CVSS
5.1
EPSS Score
1.16%
Published
2006-11-30
Updated
2011-03-08
Unspecified vulnerability in CFNetwork in Mac OS 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary FTP commands via a crafted FTP URI.
Max CVSS
5.1
EPSS Score
4.20%
Published
2006-11-30
Updated
2011-03-08
Heap-based buffer overflow in the Finder in Apple Mac OS X 10.4.8 and earlier allows user-assisted remote attackers to execute arbitrary code by browsing directories containing crafted .DS_Store files.
Max CVSS
5.1
EPSS Score
6.15%
Published
2006-11-30
Updated
2017-07-20
The FTP server in Apple Mac OS X 10.4.8 and earlier, when FTP Access is enabled, will crash when a login failure occurs with a valid user name, which allows remote attackers to cause a denial of service (crash) and enumerate valid usernames.
Max CVSS
4.0
EPSS Score
4.77%
Published
2006-11-30
Updated
2017-07-20
The Installer application in Apple Mac OS X 10.4.8 and earlier, when used by a user with Admin credentials, does not authenticate the user before installing certain software requiring system privileges.
Max CVSS
10.0
EPSS Score
0.99%
Published
2006-11-30
Updated
2011-03-08
Buffer overflow in PPP on Apple Mac OS X 10.4.x up to 10.4.8 and 10.3.x up to 10.3.9, when PPPoE is enabled, allows remote attackers to execute arbitrary code via unspecified vectors.
Max CVSS
7.5
EPSS Score
7.36%
Published
2006-11-30
Updated
2017-07-20
The Security Framework in Apple Mac OS X 10.3.x up to 10.3.9 does not properly prioritize encryption ciphers when negotiating the strongest shared cipher, which causes Secure Transport to user a weaker cipher that makes it easier for remote attackers to decrypt traffic.
Max CVSS
5.0
EPSS Score
1.82%
Published
2006-11-30
Updated
2011-03-08
The Security Framework in Apple Mac OS X 10.4 through 10.4.8 allows remote attackers to cause a denial of service (resource consumption) via certain public key values in an X.509 certificate that requires extra resources during signature verification. NOTE: this issue may be similar to CVE-2006-2940.
Max CVSS
5.0
EPSS Score
4.56%
Published
2006-11-30
Updated
2011-03-08
The Online Certificate Status Protocol (OCSP) service in the Security Framework in Apple Mac OS X 10.4 through 10.4.8 retrieve certificate revocation lists (CRL) when an HTTP proxy is in use, which could cause the system to accept certificates that have been revoked.
Max CVSS
5.0
EPSS Score
2.24%
Published
2006-11-30
Updated
2011-03-08
The Security Framework in Apple Mac OS X 10.3.9, and 10.4.x before 10.4.7, does not properly search certificate revocation lists (CRL), which allows remote attackers to access systems by using revoked certificates.
Max CVSS
7.5
EPSS Score
2.42%
Published
2006-11-30
Updated
2011-03-08
The VPN service in Apple Mac OS X 10.3.x through 10.3.9 and 10.4.x through 10.4.8 does not properly clean the environment when executing commands, which allows local users to gain privileges via unspecified vectors.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-11-30
Updated
2011-03-08
WebKit in Apple Mac OS X 10.3.x through 10.3.9 and 10.4 through 10.4.8 allows remote attackers to execute arbitrary code via a crafted HTML file, which accesses previously deallocated objects.
Max CVSS
6.8
EPSS Score
6.89%
Published
2006-11-30
Updated
2017-07-20
Apple Remote Desktop before 3.1 uses insecure permissions for certain built-in packages, which allows local users on an Apple Remote Desktop administration system to modify the packages and gain root privileges on client systems that use the packages.
Max CVSS
7.2
EPSS Score
0.04%
Published
2006-11-18
Updated
2011-03-08
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE document, which causes the ole_init_info function to allocate insufficient memory.
Max CVSS
7.5
EPSS Score
2.13%
Published
2006-11-30
Updated
2018-10-17
Novell iManager 2.5 and 2.0.2 allows remote attackers to cause a denial of service (crash) in the Tomcat server via a long TREE parameter in an HTTP POST, which triggers a NULL pointer dereference.
Max CVSS
7.8
EPSS Score
5.95%
Published
2006-11-01
Updated
2017-07-20
Qbik WinGate 6.1.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a DNS request with a self-referencing compressed name pointer, which triggers an infinite loop.
Max CVSS
5.0
EPSS Score
3.36%
Published
2006-11-28
Updated
2017-07-20
507 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!