Medium
CVE-2006-2409
Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format paramet…
Tag: Remote Code Execution
All CVEs associated with "Remote Code Execution". Page 325/345 • 41310 CVEs.
Subscribe CVEs: RSS for “Remote Code Execution” · RSS (High+Critical only)
About “Remote Code Execution”
A curated feed of “Remote Code Execution”-related CVEs appears below. We currently track 41310 CVEs for this tag (all time). In the last 365 days, 4654 were published. Average CVSS is 8.3 (all time; 8.2 over 365d), and 86% are rated High/Critical (all time). Top CWEs (last 365 days): CWE-94 - Improper Control of Generation of Code ('Code Injection'), CWE-434 - Unrestricted Upload of File with Dangerous Type, CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection').
In our taxonomy this topic maps to a VERY HIGH impact class. Common exploitation patterns for this weakness can lead to very high. Use the filters to triage high risk first and validate exposure in your environment. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2006-05-16
High
CVE-2006-2411
Buffer overflow in raydium_network_read function in network.c in Raydium SVN revision 312 and earlier allows remote attackers to execute arbitrary code by sending packets with long global variables t…
High
CVE-2006-2391
Buffer overflow in EMC Retrospect Client 5.1 through 7.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted packet to port 497.
High
CVE-2006-2399
Stack-based buffer overflow in the ServerNetworking::incoming_client_data function in servnet.cpp in Outgun 1.0.3 bot 2 and earlier allows remote attackers to cause a denial of service (application c…
2006-05-15
High
CVE-2006-2362
Buffer overflow in getsym in tekhex.c in libbfd in Free Software Foundation GNU Binutils before 20060423, as used by GNU strings, allows context-dependent attackers to cause a denial of service (appl…
2006-05-12
High
CVE-2006-1441
Integer overflow in CFNetwork in Apple Mac OS X 10.4.6 allows remote attackers to execute arbitrary code via crafted chunked transfer encoding.
High
CVE-2006-1442
The bundle API in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 loads dynamic libraries even if the client application has not directly requested it, which allows attackers to execute arbitrary…
Medium
CVE-2006-1443
Integer underflow in CoreFoundation in Apple Mac OS X 10.3.9 and 10.4.6 allows context-dependent attackers to execute arbitrary code via unspecified vectors involving conversions from string to file…
Medium
CVE-2006-1445
Buffer overflow in the FTP server (FTPServer) in Apple Mac OS X 10.3.9 and 10.4.6 allows remote authenticated users to execute arbitrary code via vectors related to "FTP server path name handling."
Medium
CVE-2006-1448
Finder in Apple Mac OS X 10.3.9 and 10.4.6 allows user-assisted attackers to execute arbitrary code by tricking a user into launching an Internet Location item that appears to use a safe URL scheme,…
High
CVE-2006-1449
Integer overflow in Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted MacMIME encapsulated attachment.
High
CVE-2006-1450
Mail in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via an enriched text e-mail message with "invalid color information" that causes Mail to allocate and initia…
Medium
CVE-2006-1452
Stack-based buffer overflow in Preview in Apple Mac OS 10.4 up to 10.4.6 allows local users to execute arbitrary code via a deep directory hierarchy.
High
CVE-2006-1456
Buffer overflow in QuickTime Streaming Server in Apple Mac OS X 10.3.9 and 10.4.6 allows remote attackers to execute arbitrary code via a crafted RTSP request, which is not properly handled during me…
High
CVE-2006-2238
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted BMP file that triggers the overflow in the ReadBMP function. NOTE: this issue…
Medium
CVE-2006-1453
Stack-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file containing malformed font information.
Medium
CVE-2006-1454
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickDraw PICT image format file with malformed image data.
Medium
CVE-2006-1458
Integer overflow in Apple QuickTime Player before 7.1 allows remote attackers to execute arbitrary code via a crafted JPEG image.
Medium
CVE-2006-1459
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to cause a denial of service or execute arbitrary code via a crafted QuickTime movie (.MOV).
Medium
CVE-2006-1460
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime movie (.MOV), as demonstrated via a large size for a udta Atom.
Medium
CVE-2006-1461
Multiple buffer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime Flash (SWF) file.
Medium
CVE-2006-1462
Multiple integer overflows in Apple QuickTime before 7.1 allow remote attackers to execute arbitrary code via a crafted QuickTime H.264 (M4V) video format file.
Medium
CVE-2006-1463
Heap-based buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a H.264 (M4V) video format file with a certain modified size value.
Medium
CVE-2006-1464
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime MPEG4 (M4P) video format file.
Medium
CVE-2006-1465
Buffer overflow in Apple QuickTime before 7.1 allows remote attackers to execute arbitrary code via a crafted QuickTime AVI video format file.
Medium
CVE-2006-2349
E-Business Designer (eBD) 3.1.4 and earlier allows remote attackers to upload or modify arbitrary files, and execute arbitrary code, via a direct request to (1) common/html_editor/image_browser.uploa…
Critical
CVE-2006-2324
180solutions Zango downloads "required Adware components" without checking integrity or authenticity, which might allow context-dependent attackers to execute arbitrary code by subverting the DNS res…
Medium
CVE-2006-2327
Multiple integer overflows in the DPRPC library (DPRPCNLM.NLM) NDPS/iPrint module in Novell Distributed Print Services in Novell NetWare 6.5 SP3, SP4, and SP5 allow remote attackers to execute arbitr…
2006-05-11
Critical
CVE-2006-2304
Multiple integer overflows in the DPRPC library (DPRPCW32.DLL) in Novell Client 4.83 SP3, 4.90 SP2 and 4.91 SP2 allow remote attackers to execute arbitrary code via an XDR encoded array with a field…
2006-05-10
High
CVE-2006-0994
Multiple Sophos Anti-Virus products, including Anti-Virus for Windows 5.x before 5.2.1 and 4.x before 4.05, when cabinet file inspection is enabled, allows remote attackers to execute arbitrary code…
Medium
CVE-2006-2297
Heap-based buffer overflow in Microsoft Infotech Storage System Library (itss.dll) allows user-assisted attackers to execute arbitrary code via a crafted CHM / ITS file that triggers the overflow whi…
High
CVE-2006-0034
Heap-based buffer overflow in the CRpcIoManagerServer::BuildContext function in msdtcprx.dll for Microsoft Distributed Transaction Coordinator (MSDTC) for Windows NT 4.0 and Windows 2000 SP2 and SP3…
Low
CVE-2006-2289
Buffer overflow in avahi-core in Avahi before 0.6.10 allows local users to execute arbitrary code via unknown vectors.
High
CVE-2006-0027
Unspecified vulnerability in Microsoft Exchange allows remote attackers to execute arbitrary code via e-mail messages with crafted (1) vCal or (2) iCal Calendar properties.
2006-05-09
Medium
CVE-2006-1172
Stack-based buffer overflow in the createPKCS10 function in Cryptomathic Cenroll ActiveX Control 1.1.0.0 allows remote attackers to execute arbitrary code via vectors related to the TDC Digital signa…
Medium
CVE-2006-2161
Buffer overflow in (1) TZipBuilder 1.79.03.01, (2) Abakt 0.9.2 and 0.9.3-beta1, (3) CAM UnZip 4.0 and 4.3, and possibly other products, allows user-assisted attackers to execute arbitrary code via a…
High
CVE-2006-2270
PHP remote file inclusion vulnerability in includes/config.php in Jetbox CMS 2.1 allows remote attackers to execute arbitrary code via a URL in the relative_script_path parameter.
2006-05-08
Medium
CVE-2006-2237
The web interface for AWStats 6.4 and 6.5, when statistics updates are enabled, allows remote attackers to execute arbitrary code via shell metacharacters in the migrate parameter.
2006-05-05
High
CVE-2006-2225
Buffer overflow in XM Easy Personal FTP Server 4.3 and earlier allows remote attackers to execute arbitrary code, probably via a USER command with a long username.
High
CVE-2006-2233
Buffer overflow in BankTown Client Control (aka BtCxCtl20Com) 1.4.2.51817, and possibly 1.5.2.50209, allows remote attackers to execute arbitrary code via a long string in the first argument to SetBa…
Medium
CVE-2006-1518
Buffer overflow in the open_table function in sql_base.cc in MySQL 5.0.x up to 5.0.20 might allow remote attackers to execute arbitrary code via crafted COM_TABLE_DUMP packets with invalid length val…
Medium
CVE-2006-2212
Buffer overflow in KarjaSoft Sami FTP Server 2.0.2 and earlier allows remote attackers to execute arbitrary code via a long (1) USER or (2) PASS command.
Critical
CVE-2006-2218
Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demons…
2006-05-04
Medium
CVE-2006-2170
Buffer overflow in ArgoSoft FTP Server 1.4.3.6 allows remote attackers to execute arbitrary code via Unicode in the RNTO command, as demonstrated by the Infigo FTPStress Fuzzer.
Medium
CVE-2006-2171
Buffer overflow in WDM.exe in WarFTPD allows remote attackers to execute arbitrary code via unspecified arguments, as demonstrated by the Infigo FTPStress Fuzzer.
High
CVE-2006-2172
Buffer overflow in Gene6 FTP Server 3.1.0 allows remote authenticated attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long argument to (1) MKD or (2) XMKD, as…
Medium
CVE-2006-2173
Buffer overflow in FileZilla FTP Server 2.2.22 allows remote authenticated attackers to cause a denial of service and possibly execute arbitrary code via a long (1) PORT or (2) PASS followed by the M…
Medium
CVE-2006-2180
Buffer overflow in Golden FTP Server Pro 2.70 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via a long argument to the (1) NLST or (2) APPE comma…
2006-05-03
Medium
CVE-2006-2162
Buffer overflow in CGI scripts in Nagios 1.x before 1.4 and 2.x before 2.3 allows remote attackers to execute arbitrary code via a negative content length (Content-Length) HTTP header.
High
CVE-2006-2154
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 does not drop privileges before opening files, which allows local users to execute arbitrary code via the F…
Medium
CVE-2006-2155
EMC Retrospect for Windows 6.5 before 6.5.382, 7.0 before 7.0.344, and 7.5 before 7.5.1.105 allows local users to execute arbitrary code by replacing the Retrospect.exe file, possibly due to improper…
2006-05-02
High
CVE-2006-2148
Multiple buffer overflows in client.c in CGI:IRC (CGIIRC) before 0.5.8 might allow remote attackers to execute arbitrary code via (1) cookies or (2) the query string.
2006-05-01
Medium
CVE-2006-2121
PHP remote file include vulnerability in admin/config_settings.tpl.php in I-RATER Platinum allows remote attackers to execute arbitrary code via a URL in the include_path parameter. NOTE: this is a…
Medium
CVE-2006-2122
PHP remote file inclusion vulnerability in index.php in CoolMenus allows remote attackers to execute arbitrary code via a URL in the page parameter. NOTE: the original report for this issue is proba…
Medium
CVE-2006-2119
PHP remote file inclusion vulnerability in event/index.php in Artmedic Event allows remote attackers to execute arbitrary code via a URL in the page parameter.
Medium
CVE-2006-1989
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
High
CVE-2006-2114
Buffer overflow in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via a long request.
High
CVE-2006-2115
Format string vulnerability in SWS web Server 0.1.7 allows remote attackers to execute arbitrary code via unspecified vectors that are not properly handled in a syslog function call.
2006-04-29
Medium
CVE-2006-2085
Multiple buffer overflows in (1) CxAce60.dll and (2) CxAce60u.dll in SpeedProject Squeez 5.10 Build 4460, and SpeedCommander 10.52 Build 4450 and 11.01 Build 4450, allow user-assisted remote attacker…
High
CVE-2006-2086
Buffer overflow in JuniperSetupDLL.dll, loaded from JuniperSetup.ocx by the Juniper SSL-VPN Client when accessing a Juniper NetScreen IVE device running IVE OS before 4.2r8.1, 5.0 before 5.0r6.1, 5.1…
High
CVE-2006-2107
Buffer overflow in BL4 SMTP Server 0.1.4 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long argument to the (1) EHLO, (2) MAIL FROM, and (3)…
2006-04-28
High
CVE-2006-2083
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that t…
2006-04-27
High
CVE-2006-1514
Multiple buffer overflows in the abcmidi-yaps translator in abcmidi 20050101, and other versions, allow remote attackers to execute arbitrary code via crafted ABC music files that trigger the overflo…
2006-04-26
Medium
CVE-2006-2027
Buffer overflow in Unicode processing in the logging functionality in Pablo Software Solutions Quick 'n Easy FTP Server Professional and Lite, probably 3.0, allows remote authenticated users to execu…
2006-04-25
Medium
CVE-2006-2025
Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a craf…
Medium
CVE-2006-2026
Double free vulnerability in tif_jpeg.c in libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TIFF image th…
High
CVE-2006-2022
Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL.
Medium
CVE-2006-1513
Multiple buffer overflows in abc2ps before 1.3.3 allow user-assisted attackers to execute arbitrary code via crafted ABC music files.
Medium
CVE-2006-1934
Multiple buffer overflows in Ethereal 0.10.x up to 0.10.14 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the (1) ALCAP dissector, (2) Network Ins…
Medium
CVE-2006-1935
Buffer overflow in Ethereal 0.9.15 up to 0.10.14 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the COPS dissector.
Medium
CVE-2006-1936
Buffer overflow in Ethereal 0.8.5 up to 0.10.14 allows remote attackers to execute arbitrary code via the telnet dissector.
Medium
CVE-2006-1993
Mozilla Firefox 1.5.0.2, when designMode is enabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code via certain Javascript that is not properly handled by th…
High
CVE-2006-2007
Heap-based buffer overflow in Winny 2.0 b7.1 and earlier allows remote attackers to execute arbitrary code via long strings to certain commands sent to the file transfer port.
Low
CVE-2006-1992
mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences incl…
2006-04-24
Medium
CVE-2006-1990
Integer overflow in the wordwrap function in string.c in PHP 4.4.2 and 5.1.2 might allow context-dependent attackers to execute arbitrary code via certain long arguments that cause a small buffer to…
2006-04-21
High
CVE-2006-1982
Heap-based buffer overflow in the LZWDecodeVector function in Mac OS X before 10.4.6, as used in applications that use ImageIO or AppKit, allows remote attackers to execute arbitrary code via crafted…
Medium
CVE-2006-1983
Multiple heap-based buffer overflows in Mac OS X 10.4.6 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via the (1) PredictorVSetField function for…
Medium
CVE-2006-1985
Heap-based buffer overflow in BOM BOMArchiveHelper 10.4 (6.3) Build 312, as used in Mac OS X 10.4.6 and earlier, allows user-assisted attackers to execute arbitrary code via a crafted archive (such a…
High
CVE-2006-1959
PHP remote file inclusion vulnerability in direct.php in ActualScripts ActualAnalyzer Lite 2.72 and earlier, Gold 7.63 and earlier, and Server 8.23 and earlier allows remote attackers to execute arbi…
2006-04-20
High
CVE-2006-1868
Buffer overflow in the Advanced Replication component in Oracle Database Server 10.1.0.4 allows database users to execute arbitrary code via the VERIFY_LOG procedure of the DBMS_SNAPSHOT_UTL package,…
High
CVE-2006-1900
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1…
High
CVE-2006-1905
Multiple format string vulnerabilities in xiTK (xitk/main.c) in xine 0.99.3 allow remote attackers to execute arbitrary code via format string specifiers in a long filename on an EXTINFO line in a pl…
2006-04-19
Medium
CVE-2006-1828
SQL injection vulnerability in php121language.php in PHP121 1.4 allows remote attackers to execute arbitrary SQL commands and execute arbitrary code via the sess_username variable, as set by the php1…
Medium
CVE-2006-1834
Integer signedness error in Opera before 8.54 allows remote attackers to execute arbitrary code via long values in a stylesheet attribute, which pass a length check. NOTE: a sign extension problem m…
High
CVE-2006-1839
PHP remote file inclusion vulnerability in language.php in PHP Album 0.3.2.3, when register_globals is enabled, allows remote attackers to execute arbitrary code via an FTP URL in the data_dir parame…
2006-04-18
Medium
CVE-2006-1827
Integer signedness error in format_jpeg.c in Asterisk 1.2.6 and earlier allows remote attackers to execute arbitrary code via a length value that passes a length check as a negative number, but trigg…
Medium
CVE-2006-1816
PHP remote file inclusion vulnerability in VBulletin 3.5.1, 3.5.2, and 3.5.4 allows remote attackers to execute arbitrary code via a URL in the systempath parameter to (1) ImpExModule.php, (2) ImpExC…
2006-04-14
Critical
CVE-2006-1790
A regression fix in Mozilla Firefox 1.0.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the InstallTrigger.install method, which leads to memory…
Critical
CVE-2006-0749
nsHTMLContentSink.cpp in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial of serv…
Critical
CVE-2006-0748
Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via "an invalid an…
Critical
CVE-2006-0992
Stack-based buffer overflow in Novell GroupWise Messenger before 2.0 Public Beta 2 allows remote attackers to execute arbitrary code via a long Accept-Language value without a comma or semicolon. NO…
High
CVE-2006-1529
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via u…
High
CVE-2006-1530
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via u…
High
CVE-2006-1531
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via u…
High
CVE-2006-1723
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via u…
High
CVE-2006-1724
Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (…
Critical
CVE-2006-1726
Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code vi…
Critical
CVE-2006-1728
Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbi…
Critical
CVE-2006-1730
Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary cod…
Medium
CVE-2006-1733
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly protect the compilation scope of privileged built-in XBL…
Medium
CVE-2006-1734
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using the Object.watc…
Critical
CVE-2006-1735
Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to execute arbitrary code by using an eval in an X…
Critical
CVE-2006-1739
The CSS border-rendering code in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to cause a denial…
2006-04-13
High
CVE-2006-1551
Eval injection vulnerability in pajax_call_dispatcher.php in PAJAX 0.5.1 and earlier allows remote attackers to execute arbitrary code via the (1) $method and (2) $args parameters.
2006-04-12
Medium
CVE-2006-1744
Buffer overflow in pl_main.c in sail in BSDgames before 2.17-7 allows local users to execute arbitrary code via a long player name that is used in a scanf function call.
Medium
CVE-2006-0003
Unspecified vulnerability in the RDS.Dataspace ActiveX control, which is contained in ActiveX Data Objects (ADO) and distributed in Microsoft Data Access Components (MDAC) 2.7 and 2.8, allows remote…
Medium
CVE-2006-0012
Unspecified vulnerability in Windows Explorer in Microsoft Windows 2000 SP4, XP SP1 and SP2, and Server 2003 SP1 allows remote attackers to execute arbitrary code via attack vectors involving COM obj…
Medium
CVE-2006-0014
Buffer overflow in Microsoft Outlook Express 5.5 and 6 allows remote attackers to execute arbitrary code via a crafted Windows Address Book (WAB) file containing "certain Unicode strings" and modifie…
2006-04-11
High
CVE-2006-1185
Unspecified vulnerability in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via certain invalid HTML that causes memory corruption.
Critical
CVE-2006-1186
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via by instantiating the (1) Mdt2gddr.dll, (2) Mdt2dd.dll, and (3) Mdt2gddo.dll COM objects as ActiveX con…
High
CVE-2006-1188
Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via HTML elements with a certain crafted tag, which leads to memory corruption.
Critical
CVE-2006-1189
Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01 through 6 allows remote attackers to execute arbitrary code via a crafted URL with an International Domain Name (IDN) using double-by…
Critical
CVE-2006-1190
Microsoft Internet Explorer 5.01 through 6 does not always return the correct IOleClientSite information when dynamically creating an embedded object, which could cause Internet Explorer to run the o…
High
CVE-2006-1060
Heap-based buffer overflow in zgv before 5.8 and xzgv before 0.8 might allow user-assisted attackers to execute arbitrary code via a JPEG image with more than 3 output components, such as a CMYK or Y…
2006-04-08
High
CVE-2006-0951
The GUI (nod32.exe) in NOD32 2.5 runs with SYSTEM privileges when the scheduler runs a scheduled on-demand scan, which allows local users to execute arbitrary code during a scheduled scan via unspeci…
2006-04-07
High
CVE-2006-1664
Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.
High
CVE-2006-1672
The installation of Cisco Transport Controller (CTC) for Cisco Optical Networking System (ONS) 15000 series nodes adds a Java policy file entry with a wildcard that grants the java.security.AllPermis…
2006-04-06
Medium
CVE-2006-1614
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a…
Critical
CVE-2006-1615
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whethe…
Critical
CVE-2006-1629
OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.