CVSS: 7.5EPSS: 16%CPEs: 1EXPL: 0CVE-2006-5502
https://notcve.org/view.php?id=CVE-2006-5502
Heap-based buffer overflow in the AOL.PicDownloadCtrl.1 ActiveX control (YGPPicDownload.dll) 9.2.3.0 in America Online (AOL) 9.0 Security Edition allows remote attackers to execute arbitrary code via the AddPictureNoAlbum method, a different vulnerability than CVE-2006-5501. Desbordamiento del buffer basado en pilas en el control de ActiveX AOL.PicDownloadCtrl.1 (YGPPicDownload.dll) 9.2.3.0 en America Online (AOL) 9.0 Security Edition permite a atacantes remotos la ejecución de código de su elección mediante el método AddPictureNoAlbum. Vulnerabilidad distinta a la CVE-2006-5501. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=429 http://secunia.com/advisories/22567 http://securitytracker.com/id?1017121 http://www.securityfocus.com/bid/20747 http://www.vupen.com/english/advisories/2006/4197 https://exchange.xforce.ibmcloud.com/vulnerabilities/29795 •
CVSS: 7.5EPSS: 11%CPEs: 1EXPL: 0CVE-2006-3887
https://notcve.org/view.php?id=CVE-2006-3887
Buffer overflow in AOL You've Got Pictures (YGP) Screensaver ActiveX control allows remote attackers to execute arbitrary code via unspecified vectors. Desbordamiento de búfer en el control ActiveX AOL You've Got Pictures (YGP) Screensaver permite a atacantes remotos ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/22304 http://securitytracker.com/id?1017024 http://www.kb.cert.org/vuls/id/154641 http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8 http://www.securityfocus.com/bid/20425 http://www.vupen.com/english/advisories/2006/3967 https://exchange.xforce.ibmcloud.com/vulnerabilities/29411 •
CVSS: 7.5EPSS: 30%CPEs: 1EXPL: 0CVE-2006-3888
https://notcve.org/view.php?id=CVE-2006-3888
Buffer overflow in AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload ActiveX control (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), as used in America Online 9.0 Security Edition, allows remote attackers to execute arbitrary code via a long argument to the SetAlbumName method. Desbordamiento de búfer en el control ActiveX de AOL You've Got Pictures (YGP) Pic Downloader YGPPDownload (AOL.PicDownloadCtrl.1, YGPPicDownload.dll), como el utilizado en la Edición de Seguridad America Online 9.0, permite a atacantes remotos ejecutar código de su elección mediante el paso de un argumento largo al método SetAlbumName. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=420 http://secunia.com/advisories/22304 http://securitytracker.com/id?1017024 http://www.kb.cert.org/vuls/id/661524 http://www.kb.cert.org/vuls/id/MIMG-6MUUJ8 http://www.securityfocus.com/bid/20425 http://www.securityfocus.com/bid/20472 http://www.vupen.com/english/advisories/2006/3967 https://exchange.xforce.ibmcloud.com/vulnerabilities/29410 https://exchange.xforce.ibmcloud.com/vulnerabilities/29494 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0948
https://notcve.org/view.php?id=CVE-2006-0948
AOL 9.0 Security Edition revision 4184.2340, and probably other versions, uses insecure permissions (Everyone/Full Control) for the "America Online 9.0" directory, which allows local users to gain privileges by replacing critical files. AOL 9.0 Security Edition revision 4184.2340, y probablemente otras versiones, utiliza permisos inseguros (Todos/Control Total) para el directorio "America Online 9.0", lo que permite a usuarios locales obtener privilegios mediante el reemplazo de archivos críticos. • http://secunia.com/advisories/18734 http://secunia.com/secunia_research/2006-08 http://securityreason.com/securityalert/1416 http://securitytracker.com/id?1016717 http://www.osvdb.org/27995 http://www.securityfocus.com/archive/1/443622/100/0/threaded http://www.securityfocus.com/bid/19583 http://www.vupen.com/english/advisories/2006/3317 https://exchange.xforce.ibmcloud.com/vulnerabilities/28445 •
CVSS: 5.1EPSS: 2%CPEs: 1EXPL: 0CVE-2006-0629
https://notcve.org/view.php?id=CVE-2006-0629
Unspecified vulnerability in AOL Instant Messenger (AIM) 5.9.3861 allows user-assisted remote attackers to cause a denial of service (client crash) and possibly execute arbitrary code by tricking the user into requesting Buddy Info about a long screen name, which might cause a buffer overflow. • http://archives.neohapsis.com/archives/fulldisclosure/2006-01/0948.html http://www.securityfocus.com/archive/1/423906/100/0/threaded http://www.securityfocus.com/archive/1/423920/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/24362 •