CVSS: 7.2EPSS: 5%CPEs: 23EXPL: 2CVE-2007-1049 – WordPress Core < 2.09 - Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-1049
21 Feb 2007 — Cross-site scripting (XSS) vulnerability in the wp_explain_nonce function in the nonce AYS functionality (wp-includes/functions.php) for WordPress 2.0 before 2.0.9 and 2.1 before 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the file parameter to wp-admin/templates.php, and possibly other vectors involving the action variable. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en la función wp_explain_nonce de la funcionalidad nonce AYS (wp-includes/functions.php) p... • https://www.exploit-db.com/exploits/29598 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0CVE-2007-0476
https://notcve.org/view.php?id=CVE-2007-0476
25 Jan 2007 — The gencert.sh script, when installing OpenLDAP before 2.1.30-r10, 2.2.x before 2.2.28-r7, and 2.3.x before 2.3.30-r2 as an ebuild in Gentoo Linux, does not create temporary directories in /tmp securely during emerge, which allows local users to overwrite arbitrary files via a symlink attack. La secuencia de comandos gencert.sh, cuando se instala OpenLDAP anterior a la 2.1.30-r10, la 2.2.x anterior a la 2.2.28-r7 y la 2.3.x anterior a la 2.3.30-r2 como en el ebuild del Gentoo Linux, no crea directorios temp... • http://osvdb.org/31617 •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3005 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2006-3005
13 Jun 2006 — The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. • http://bugs.gentoo.org/show_bug.cgi?id=130889 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2006-1390
https://notcve.org/view.php?id=CVE-2006-1390
25 Mar 2006 — The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. • http://bugs.gentoo.org/show_bug.cgi?id=122376 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0071
https://notcve.org/view.php?id=CVE-2006-0071
04 Jan 2006 — The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. • http://secunia.com/advisories/18284 •
CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 11%CPEs: 127EXPL: 1CVE-2005-3625
https://notcve.org/view.php?id=CVE-2005-3625
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 9%CPEs: 127EXPL: 1CVE-2005-3626
https://notcve.org/view.php?id=CVE-2005-3626
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4595
https://notcve.org/view.php?id=CVE-2005-4595
31 Dec 2005 — Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory. • http://bugs.gentoo.org/show_bug.cgi?id=117063 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4279
https://notcve.org/view.php?id=CVE-2005-4279
16 Dec 2005 — Untrusted search path vulnerability in Qt-UnixODBC before 3.3.4-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. • http://secunia.com/advisories/17232 •