Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2006-04-25 | CVE-2006-2025 | Integer Overflow vulnerability in LibTiff TIFFFetchData Integer overflow in the TIFFFetchData function in tif_dirread.c for libtiff before 3.8.1 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via a crafted TIFF image. | 6.5 |
| 2006-04-25 | CVE-2006-2024 | Denial of Service vulnerability in LibTiff Multiple vulnerabilities in libtiff before 3.8.1 allow context-dependent attackers to cause a denial of service via a TIFF image that triggers errors in (1) the TIFFFetchAnyArray function in (a) tif_dirread.c; (2) certain "codec cleanup methods" in (b) tif_lzw.c, (c) tif_pixarlog.c, and (d) tif_zip.c; (3) and improper restoration of setfield and getfield methods in cleanup functions within (e) tif_jpeg.c, tif_pixarlog.c, (f) tif_fax3.c, and tif_zip.c. | 4.0 |
| 2006-04-25 | CVE-2006-2023 | Remote Buffer Overflow and Denial Of Service vulnerability in Fenice Integer overflow in the RTSP_msg_len function in rtsp/RTSP_msg_len.c in Fenice 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a large HTTP Content-Length value, which leads to an invalid memory access. | 5.0 |
| 2006-04-25 | CVE-2006-2022 | Remote Buffer Overflow and Denial Of Service vulnerability in Fenice Buffer overflow in the parse_url function in the RTSP module (rtsp/parse_url.c) in Fenice 1.10 and earlier allows remote attackers to execute arbitrary code via a long URL. | 7.5 |
| 2006-04-25 | CVE-2006-2021 | Information Disclosure vulnerability in Asterisk Recording Interface Absolute path traversal vulnerability in recordings/misc/audio.php in the Asterisk Recording Interface (ARI) web interface in Asterisk@Home before 2.8 allows remote attackers to read arbitrary MP3, WAV, and GSM files via a full pathname in the recording parameter. | 5.0 |
| 2006-04-25 | CVE-2006-2020 | Information Disclosure vulnerability in Asterisk Recording Interface Asterisk Recording Interface (ARI) in Asterisk@Home before 2.8 stores recordings/includes/main.conf under the web document root with insufficient access control, which allows remote attackers to obtain password information. | 7.8 |
| 2006-04-25 | CVE-2006-2019 | Denial Of Service vulnerability in Apple Safari Web Browser Rowspan Apple Mac OS X Safari 2.0.3, 1.3.1, and possibly other versions allows remote attackers to cause a denial of service (CPU consumption and crash) via a TD element with a large number in the rowspan attribute. | 5.0 |
| 2006-04-25 | CVE-2006-2018 | SQL-Injection vulnerability in vBulletin SQL injection vulnerability in calendar.php in vBulletin 3.0.x allows remote attackers to execute arbitrary SQL commands via the eventid parameter. | 7.5 |
| 2006-04-25 | CVE-2006-2017 | Denial Of Service vulnerability in Dnsmasq 2.29 Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request. | 5.0 |
| 2006-04-25 | CVE-2006-2016 | Cross-Site Scripting vulnerability in multiple products Multiple cross-site scripting (XSS) vulnerabilities in phpLDAPadmin 0.9.8 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) dn parameter in (a) compare_form.php, (b) copy_form.php, (c) rename_form.php, (d) template_engine.php, and (e) delete_form.php; (2) scope parameter in (f) search.php; and (3) Container DN, (4) Machine Name, and (5) UID Number fields in (g) template_engine.php. | 2.6 |