Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 796

Количество 63 796

ubuntu логотип

CVE-2006-1730

почти 20 лет назад

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

CVSS2: 9.3
EPSS: Средний
ubuntu логотип

CVE-2006-1729

почти 20 лет назад

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2006-1728

почти 20 лет назад

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

CVSS2: 9.3
EPSS: Средний
ubuntu логотип

CVE-2006-1727

почти 20 лет назад

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

CVSS2: 7.6
EPSS: Низкий
ubuntu логотип

CVE-2006-1726

почти 20 лет назад

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

CVSS2: 9.3
EPSS: Низкий
ubuntu логотип

CVE-2006-1725

почти 20 лет назад

Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-1724

почти 20 лет назад

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2006-1723

почти 20 лет назад

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2006-1721

почти 20 лет назад

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-1712

почти 20 лет назад

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

CVSS2: 2.6
EPSS: Низкий
ubuntu логотип

CVE-2006-1711

почти 20 лет назад

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

CVSS2: 5
EPSS: Средний
ubuntu логотип

CVE-2006-1695

почти 20 лет назад

The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].

CVSS2: 1.2
EPSS: Низкий
ubuntu логотип

CVE-2006-1678

почти 20 лет назад

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2006-1664

почти 20 лет назад

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2006-1656

почти 20 лет назад

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.

CVSS2: 7.2
EPSS: Низкий
ubuntu логотип

CVE-2006-1655

почти 20 лет назад

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.

CVSS2: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2006-1650

почти 20 лет назад

Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2006-1630

почти 20 лет назад

The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."

CVSS2: 5
EPSS: Средний
ubuntu логотип

CVE-2006-1629

почти 20 лет назад

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

CVSS2: 9
EPSS: Низкий
ubuntu логотип

CVE-2006-1624

почти 20 лет назад

The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.

CVSS2: 7.8
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2006-1730

Integer overflow in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via a large number in the CSS letter-spacing property that leads to a heap-based buffer overflow.

CVSS2: 9.3
26%
Средний
почти 20 лет назад
ubuntu логотип
CVE-2006-1729

Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler.

CVSS2: 4.3
2%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1728

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method.

CVSS2: 9.3
30%
Средний
почти 20 лет назад
ubuntu логотип
CVE-2006-1727

Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview".

CVSS2: 7.6
5%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1726

Unspecified vulnerability in Firefox and Thunderbird 1.5 before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to bypass the js_ValueToFunctionObject check and execute arbitrary code via unknown vectors involving setTimeout and Firefox' ForEach method.

CVSS2: 9.3
10%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1725

Mozilla Firefox 1.5 before 1.5.0.2 and SeaMonkey before 1.0.1 causes certain windows to become translucent due to an interaction between XUL content windows and the history mechanism, which might allow user-assisted remote attackers to trick users into executing arbitrary code.

CVSS2: 2.6
3%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1724

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attack vectors related to DHTML.

CVSS2: 7.5
25%
Средний
почти 20 лет назад
ubuntu логотип
CVE-2006-1723

Unspecified vulnerability in Firefox and Thunderbird before 1.5.0.2, and SeaMonkey before 1.0.1, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unknown attack vectors related to DHTML. NOTE: due to the lack of sufficient public details from the vendor as of 20060413, it is unclear how CVE-2006-1529, CVE-2006-1530, CVE-2006-1531, and CVE-2006-1723 are different.

CVSS2: 7.5
18%
Средний
почти 20 лет назад
ubuntu логотип
CVE-2006-1721

digestmd5.c in the CMU Cyrus Simple Authentication and Security Layer (SASL) library 2.1.18, and possibly other versions before 2.1.21, allows remote unauthenticated attackers to cause a denial of service (segmentation fault) via malformed inputs in DIGEST-MD5 negotiation.

CVSS2: 2.6
4%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1712

Cross-site scripting (XSS) vulnerability in the private archive script (private.py) in GNU Mailman 2.1.7 allows remote attackers to inject arbitrary web script or HTML via the action argument.

CVSS2: 2.6
1%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1711

Plone 2.0.5, 2.1.2, and 2.5-beta1 does not restrict access to the (1) changeMemberPortrait, (2) deletePersonalPortrait, and (3) testCurrentPassword methods, which allows remote attackers to modify portraits.

CVSS2: 5
11%
Средний
почти 20 лет назад
ubuntu логотип
CVE-2006-1695

The fbgs script in the fbi package 2.01-1.4, when the TMPDIR environment variable is not defined, allows local users to overwrite arbitrary files via a symlink attack on temporary files in /var/tmp/fbps-[PID].

CVSS2: 1.2
0%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1678

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.8.0.3 allow remote attackers to inject arbitrary web script or HTML via unknown vectors in unspecified scripts in the themes directory.

CVSS2: 4.3
1%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1664

Buffer overflow in xine_list_delete_current in libxine 1.14 and earlier, as distributed in xine-lib 1.1.1 and earlier, allows remote attackers to execute arbitrary code via a crafted MPEG stream.

CVSS2: 7.5
6%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1656

vserver in util-vserver 0.30.209 executes a command as root when the suexec userid parameter is invalid and non-numeric, which might cause local users to inadvertently execute dangerous commands as root.

CVSS2: 7.2
0%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1655

Multiple buffer overflows in mpg123 0.59r allow user-assisted attackers to trigger a segmentation fault and possibly have other impacts via a certain MP3 file, as demonstrated by mpg1DoS3. NOTE: this issue might be related to CVE-2004-0991, but it is not clear.

CVSS2: 6.5
1%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1650

Firefox 1.5.0.1 allows remote attackers to spoof the address bar and possibly conduct phishing attacks by re-opening the window to a malicious Shockwave Flash application, then changing the window location back to a trusted URL while the Flash application is still loading. NOTE: a followup was unable to replicate this issue.

CVSS2: 5
0%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1630

The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."

CVSS2: 5
17%
Средний
почти 20 лет назад
ubuntu логотип
CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LD_PRELOAD environment variable.

CVSS2: 9
4%
Низкий
почти 20 лет назад
ubuntu логотип
CVE-2006-1624

The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.

CVSS2: 7.8
1%
Низкий
почти 20 лет назад

Уязвимостей на страницу