CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2006-0353
https://notcve.org/view.php?id=CVE-2006-0353
22 Jan 2006 — unix_random.c in lshd for lsh 2.0.1 leaks file descriptors related to the randomness generator, which allows local users to cause a denial of service by truncating the seed file, which prevents the server from starting, or obtain sensitive seed information that could be used to crack keys. • http://lists.lysator.liu.se/pipermail/lsh-bugs/2006q1/000467.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 32%CPEs: 5EXPL: 1CVE-2006-0075 – PHPBook 1.x - Mail Field PHP Code Injection
https://notcve.org/view.php?id=CVE-2006-0075
04 Jan 2006 — Direct static code injection vulnerability in phpBook 1.3.2 and earlier allows remote attackers to execute arbitrary PHP code via the e-mail field (mail variable) in a new message, which is written to a PHP file. • https://www.exploit-db.com/exploits/26999 •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-4808
https://notcve.org/view.php?id=CVE-2005-4808
31 Dec 2005 — Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. • http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069 •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 2CVE-2005-4807 – GNU BinUtils 2.1x - GAS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4807
31 Dec 2005 — Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. • https://www.exploit-db.com/exploits/28397 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 13EXPL: 0CVE-2005-1918 – tar archive path traversal issue
https://notcve.org/view.php?id=CVE-2005-1918
31 Dec 2005 — The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-4268 – cpio large filesize buffer overflow
https://notcve.org/view.php?id=CVE-2005-4268
15 Dec 2005 — Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 84%CPEs: 3EXPL: 0CVE-2005-4153
https://notcve.org/view.php?id=CVE-2005-4153
11 Dec 2005 — Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a different vulnerability than CVE-2005-3573. Mailman 2.1.4 a 2.1.6 permite a atacantes remotos causar una denegación de servicio mediante un mensaje que causa que el servidor "falle con un desbordamiento en datos de fecha incorrectos en un mensaje procesado", una vulnerabilidad diferente de CVE-2005-3572. • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •
CVSS: 7.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-3355
https://notcve.org/view.php?id=CVE-2005-3355
18 Nov 2005 — Directory traversal vulnerability in GNU Gnump3d before 2.9.8 has unknown impact via "CGI parameters, and cookie values". • http://secunia.com/advisories/17646 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.5EPSS: 0%CPEs: 8EXPL: 0CVE-2005-3349
https://notcve.org/view.php?id=CVE-2005-3349
18 Nov 2005 — GNU Gnump3d before 2.9.8 allows local users to modify or delete arbitrary files via a symlink attack on the index.lok temporary file. • http://secunia.com/advisories/17646 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 7.5EPSS: 86%CPEs: 24EXPL: 0CVE-2005-3573
https://notcve.org/view.php?id=CVE-2005-3573
16 Nov 2005 — Scrubber.py in Mailman 2.1.5-8 does not properly handle UTF8 character encodings in filenames of e-mail attachments, which allows remote attackers to cause a denial of service (application crash). • ftp://patches.sgi.com/support/free/security/advisories/20060401-01-U •