Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 485

Warning: Undefined variable $scrape_url_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 525

Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

CVE-2006-0225

scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.

Publication date: Wed, 25 Jan 2006 17:03:00 +0000

Cyber News related to CVE-2006-0225

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2023-38336 - netkit-rcp in rsh-client 0.17-24 allows command injection via filenames because /bin/sh is used by susystem, a related issue to CVE-2006-0225, CVE-2019-7283, and CVE-2020-15778. ...
2 years ago

CVE-2007-3717 - rcp on Sun Solaris 8, 9, and 10 before 20070710 does not properly call certain helper applications, which allows local users to gain privileges by creating files with certain names, possibly containing shell metacharacters or spaces, a similar issue ...
6 years ago

CVE-2006-0225 - scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice. ...
6 years ago

CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

Google Patches Six Vulnerabilities With First Chrome Update of 2024 - Google on Wednesday announced the first Chrome security update of 2024, which resolves six vulnerabilities, including four reported by external researchers. All the four externally reported security defects are high-severity memory safety flaws, but ...
1 year ago Securityweek.com CVE-2024-0222 CVE-2024-0223 CVE-2024-0224 CVE-2024-0225

CVE-2008-0238 - Multiple heap-based buffer overflows in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 allow remote attackers to execute arbitrary code via the SDP (1) Title, (2) Author, or (3) Copyright attribute, related to the ...
16 years ago

CVE-2018-8016 - The default configuration in Apache Cassandra 3.8 through 3.11.1 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via an RMI request. This issue is a regression of ...
5 years ago

CVE-2001-0225 - fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. ...
17 years ago

CVE-2002-0225 - tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, creates files from the accounting directive with world-readable and writable permissions, which allows local users to access and modify sensitive files. ...
17 years ago

CVE-1999-0225 - Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size. ...
16 years ago

CVE-2000-0225 - The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled. ...
16 years ago

CVE-2008-0225 - Heap-based buffer overflow in the rmff_dump_cont function in input/libreal/rmff.c in xine-lib 1.1.9 and earlier allows remote attackers to execute arbitrary code via the SDP Abstract attribute in an RTSP session, related to the rmff_dump_header ...
13 years ago

CVE-2011-0225 - WebKit, as used in Apple Safari before 5.0.6, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a different vulnerability than other WebKit CVEs listed in ...
13 years ago

CVE-2013-0225 - Cross-site scripting (XSS) vulnerability in the User Relationships module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-alpha5 for Drupal allows remote authenticated users with the "administer user relationships" permission to inject ...
12 years ago

CVE-2005-0225 - firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack. ...
8 years ago

CVE-2007-0225 - Cross-site scripting (XSS) vulnerability in shopcustadmin.asp in VP-ASP Shopping Cart 6.09 and earlier allows remote attackers to inject arbitrary web script or HTML via the msg parameter. ...
7 years ago

CVE-2012-0225 - Cross-site scripting (XSS) vulnerability in Invensys Wonderware Information Server 4.0 SP1 and 4.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. ...
7 years ago

CVE-2015-0225 - The default configuration in Apache Cassandra 1.2.0 through 1.2.19, 2.0.0 through 2.0.13, and 2.1.0 through 2.1.3 binds an unauthenticated JMX/RMI interface to all network interfaces, which allows remote attackers to execute arbitrary Java code via ...
6 years ago

CVE-2009-0225 - Microsoft Office PowerPoint 2002 SP3 allows remote attackers to execute arbitrary code via crafted sound data in a file that uses a PowerPoint 95 native file format, leading to improper "array indexing" and memory corruption, aka "PP7 ...
6 years ago

CVE-2003-0225 - The ASP function Response.AddHeader in Microsoft Internet Information Server (IIS) 4.0 and 5.0 does not limit memory requests when constructing headers, which allow remote attackers to generate a large header to cause a denial of service (memory ...
6 years ago

CVE-2018-0225 - The Enterprise Console in Cisco AppDynamics App iQ Platform before 4.4.3.10598 (HF4) allows SQL injection, aka the Security Advisory 2089 issue. ...
6 years ago

CVE-2016-0225 - IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.9 allows remote authenticated Commerce Accelerator administrators to obtain sensitive information via unspecified vectors. ...
5 years ago

CVE-2019-0225 - A specially crafted url could be used to access files under the ROOT directory of the application on Apache JSPWiki 2.9.0 to 2.11.0.M2, which could be used by an attacker to obtain registered users' details. ...
5 years ago

CVE-2020-0225 - In a2dp_vendor_ldac_decoder_decode_packet of a2dp_vendor_ldac_decoder.cc, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction ...
5 years ago

CVE-2021-0225 - An Improper Check for Unusual or Exceptional Conditions in Juniper Networks Junos OS Evolved may cause the stateless firewall filter configuration which uses the action 'policer' in certain combinations with other options to not take effect. ...
4 years ago