CVE-2006-1741
https://notcve.org/view.php?id=CVE-2006-1741
Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt ftp://patches.sgi.com/support/free/security/advisories/20060404-01-U.asc http://lists.suse.com/archive/suse-security-announce/2006-Apr/0003.html http://secunia.com/advisories/19631 http://secunia.com/advisories/19696 http://secunia.com/advisories/19714 http://secunia.com/advisories/19721 http://secunia.com/advisories/19729 http://secunia.com/advisories/19746 http://secunia.com/advisories/19759 http: • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2006-1183 – Ubuntu 5.10 Installer - Password Disclosure
https://notcve.org/view.php?id=CVE-2006-1183
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/1579 http://secunia.com/advisories/19200 http://securitytracker.com/id?1015761 http://www.osvdb.org/23868 http://www.securityfocus.com/bid/17086 http://www.vupen.com/english/advisories/2006/0927 https://exchange.xforce.ibmcloud.com/vulnerabilities/25170 https://launchpad.net/distros/ubuntu/+source/shadow/+bug/34606 https://usn.ubuntu.com/262-1 •
CVE-2006-0151
https://notcve.org/view.php?id=CVE-2006-0151
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. • http://secunia.com/advisories/18358 http://secunia.com/advisories/18363 http://secunia.com/advisories/18549 http://secunia.com/advisories/18558 http://secunia.com/advisories/18906 http://secunia.com/advisories/19016 http://secunia.com/advisories/21692 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.421822 http://www.debian.org/security/2006/dsa-946 http://www.mandriva.com/security/advisories?name=MDKSA-2006:159 http://www.novell.com/l •
CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •
CVE-2005-4807 – GNU BinUtils 2.1x - GAS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4807
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. • https://www.exploit-db.com/exploits/28397 http://bugs.gentoo.org/show_bug.cgi?id=99464 http://secunia.com/advisories/21508 http://secunia.com/advisories/21530 http://www.osvdb.org/27960 http://www.securityfocus.com/bid/19555 http://www.ubuntu.com/usn/usn-336-1 http://www.vupen.com/english/advisories/2006/3307 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •