Vulnerabilities > Out-of-bounds Write

DATE CVE VULNERABILITY TITLE RISK
2007-04-30 CVE-2007-2356 Out-of-bounds Write vulnerability in Gimp 2.2.14
Stack-based buffer overflow in the set_color_table function in sunras.c in the SUNRAS plugin in Gimp 2.2.14 allows user-assisted remote attackers to execute arbitrary code via a crafted RAS file.
network
gimp CWE-787
6.8
2007-04-06 CVE-2007-0957 Out-Of-Bounds Write vulnerability in multiple products
Stack-based buffer overflow in the krb5_klog_syslog function in the kadm5 library, as used by the Kerberos administration daemon (kadmind) and Key Distribution Center (KDC), in MIT krb5 before 1.6.1 allows remote authenticated users to execute arbitrary code and modify the Kerberos key database via crafted arguments, possibly involving certain format string specifiers.
network
low complexity
mit debian canonical CWE-787
critical
9.0
2006-12-15 CVE-2006-6576 Out-Of-Bounds Write vulnerability in Goldenftpserver Golden FTP Server 1.92
Heap-based buffer overflow in Golden FTP Server (goldenftpd) 1.92 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long PASS command.
network
low complexity
goldenftpserver CWE-787
7.5
2006-08-31 CVE-2006-4482 Out-of-bounds Write vulnerability in multiple products
Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990.
network
php canonical debian CWE-787
critical
9.3
2006-07-31 CVE-2006-3945 Out-of-bounds Write vulnerability in Opera Browser 9.0
The CSS functionality in Opera 9 on Windows XP SP2 allows remote attackers to cause a denial of service (crash) by setting the background property of a DHTML element to a long http or https URL, which triggers memory corruption.
network
low complexity
opera CWE-787
5.0
2006-07-27 CVE-2006-3897 Out-of-bounds Write vulnerability in Microsoft Internet Explorer 6.0
Stack overflow in Microsoft Internet Explorer 6 on Windows 2000 allows remote attackers to cause a denial of service (application crash) by creating an NMSA.ASFSourceMediaDescription.1 ActiveX object with a long dispValue property.
network
low complexity
microsoft CWE-787
5.0
2005-05-02 CVE-2005-0560 Out-Of-Bounds Write vulnerability in Microsoft Exchange Server 2000/2003
Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.
network
low complexity
microsoft CWE-787
7.5
2005-02-09 CVE-2004-0978 Out-Of-Bounds Write vulnerability in Microsoft Internet Explorer 5.01/5.5/6
Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX control for Internet Explorer 5.01 through 6, when users who visit online gaming sites that are associated with MSN, allows remote attackers to execute arbitrary code via the SetupData parameter.
network
low complexity
microsoft CWE-787
critical
10.0
2004-12-31 CVE-2004-1189 Out-Of-Bounds Write vulnerability in MIT Kerberos 5
The add_to_history function in svr_principal.c in libkadm5srv for MIT Kerberos 5 (krb5) up to 1.3.5, when performing a password change, does not properly track the password policy's history count and the maximum number of keys, which can cause an array index out-of-bounds error and may allow authenticated users to execute arbitrary code via a heap-based buffer overflow.
local
low complexity
mit CWE-787
7.2
2004-11-03 CVE-2004-0574 Out-Of-Bounds Write vulnerability in Microsoft products
The Network News Transfer Protocol (NNTP) component of Microsoft Windows NT Server 4.0, Windows 2000 Server, Windows Server 2003, Exchange 2000 Server, and Exchange Server 2003 allows remote attackers to execute arbitrary code via XPAT patterns, possibly related to improper length validation and an "unchecked buffer," leading to off-by-one and heap-based buffer overflows.
network
low complexity
microsoft CWE-787
critical
10.0