CVE-2006-1148

Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.

Publication date: Thu, 18 Oct 2018 21:30:00 +0000

Cyber News related to CVE-2006-1148

CVE-2024-46785 - In the Linux kernel, the following vulnerability has been resolved: eventfs: Use list_del_rcu() for SRCU protected list variable Chi Zhiling reported: We found a null pointer accessing in tracefs[1], the reason is that the variable 'ei_child' is set ...
4 months ago Tenable.com

CVE-2006-1148 - Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which ...
1 year ago

CVE-2019-1078 - An information disclosure vulnerability exists when the Windows Graphics component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from CVE-2019-1148, ...
5 years ago

CVE-2019-1153 - An information disclosure vulnerability exists when the Microsoft Windows Graphics Component improperly handles objects in memory, aka 'Microsoft Graphics Component Information Disclosure Vulnerability'. This CVE ID is unique from ...
4 years ago

CVE-2020-1289 - A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from ...
4 years ago

CVE-2020-1148 - A spoofing vulnerability exists when Microsoft SharePoint Server does not properly sanitize a specially crafted web request to an affected SharePoint server, aka 'Microsoft SharePoint Spoofing Vulnerability'. This CVE ID is unique from ...
4 years ago

CVE-2007-4669 - The Services API in Firebird before 2.0.2 allows remote authenticated users without SYSDBA privileges to read the server log (firebird.log), aka CORE-1148. ...
16 years ago

CVE-2009-1148 - Directory traversal vulnerability in bs_disp_as_mime_type.php in the BLOB streaming feature in phpMyAdmin before 3.1.3.1 allows remote attackers to read arbitrary files via directory traversal sequences in the file_path parameter ($filename ...
15 years ago

CVE-2013-1148 - The General Responder implementation in the IP Service Level Agreement (SLA) feature in Cisco IOS 15.2 and IOS XE 3.1.xS through 3.4.xS before 3.4.5S and 3.5.xS through 3.7.xS before 3.7.2S allows remote attackers to cause a denial of service (device ...
11 years ago

CVE-2015-1148 - Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file. ...
9 years ago

CVE-2003-1148 - Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS Les Visiteurs 2.0.1, as used in phpMyConferences (phpMyConference) 8.0.2 and possibly other products, allow remote attackers to execute arbitrary PHP code via a URL in the ...
7 years ago

CVE-2001-1148 - Multiple buffer overflows in programs used by scoadmin and sysadmsh in SCO OpenServer 5.0.6a and earlier allow local users to gain privileges via a long TERM environment variable to (1) atcronsh, (2) auditsh, (3) authsh, (4) backupsh, (5) lpsh, (6) ...
7 years ago

CVE-2004-1148 - phpMyAdmin before 2.6.1, when configured with UploadDir functionality, allows remote attackers to read arbitrary files via the sql_localfile parameter. ...
7 years ago

CVE-2005-1148 - calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information. ...
7 years ago

CVE-2008-1148 - A certain pseudo-random number generator (PRNG) algorithm that uses ADD with 0 random hops (aka "Algorithm A0"), as used in OpenBSD 3.5 through 4.2 and NetBSD 1.6.2 through 4.0, allows remote attackers to guess sensitive values such as (1) ...
1 year ago

CVE-2012-3233 - Cross-site scripting (XSS) vulnerability in __swift/thirdparty/PHPExcel/PHPExcel/Shared/JAMA/docs/download.php in Kayako Fusion 4.40.1148, and possibly before 4.50.1581, allows remote attackers to inject arbitrary web script or HTML via the ...
7 years ago

CVE-2000-1148 - The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server. ...
7 years ago

CVE-2017-1148 - IBM OpenPages GRC Platform 7.2 and 7.3 with OpenPages Loss Event Entry (LEE) application could allow a user to obtain sensitive information including private APIs that could be used in further attacks against the system. IBM X-Force ID: 122201. ...
7 years ago

CVE-2018-1148 - In Nessus before 7.1.0, Session Fixation exists due to insufficient session management within the application. An authenticated attacker could maintain system access due to session fixation after a user password change. ...
6 years ago

CVE-1999-1148 - FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time. ...
6 years ago

CVE-2007-1148 - PHP remote file inclusion vulnerability in install/index.php in LoveCMS 1.4 allows remote attackers to execute arbitrary PHP code via a URL in the step parameter. ...
6 years ago

CVE-2011-1148 - Use-after-free vulnerability in the substr_replace function in PHP 5.3.6 and earlier allows context-dependent attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact by using the same variable for multiple ...
6 years ago

CVE-2002-1394 - Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148. ...
5 years ago

CVE-2002-1148 - The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet. ...
5 years ago

CVE-2016-1148 - Akerun - Smart Lock Robot App for iOS before 1.2.4 does not verify SSL certificates. ...
4 years ago

Latest Cyber News

CVE-2025-1193 - 20 hours ago
CVE-2024-11621 - 20 hours ago
CVE-2025-1147 - 20 hours ago
CVE-2025-1148 - 20 hours ago
CVE-2024-8684 - 21 hours ago
CVE-2024-8685 - 21 hours ago
CVE-2025-1175 - 21 hours ago
CVE-2025-25247 - 22 hours ago
CVE-2025-1099 - 23 hours ago
CVE-2025-21684 - 1 day ago
CVE-2025-21685 - 1 day ago
CVE-2024-57949 - 1 day ago
CVE-2024-13440 - 2 days ago
CVE-2025-0169 - 2 days ago
CVE-2024-5183 - 2 days ago
CVE-2024-6909 - 2 days ago
CVE-2024-8377 - 2 days ago
CVE-2025-0316 - 2 days ago
CVE-2025-0517 - 2 days ago
CVE-2023-4927 - 2 days ago

Cyber Trends (last 7 days)

Okta - 1 year ago
23andMe - 1 year ago
Kimsuky - 1 year ago
LogoFAIL - 1 year ago
Gh0st rat - 1 year ago

Trending Cyber News (last 7 days)

CVE-2025-1099 - 23 hours ago
CVE-2025-25247 - 22 hours ago
CVE-2024-8684 - 21 hours ago
CVE-2024-8685 - 21 hours ago
CVE-2025-1175 - 21 hours ago
CVE-2024-11621 - 20 hours ago
CVE-2025-1147 - 20 hours ago
CVE-2025-1148 - 20 hours ago
CVE-2025-1193 - 20 hours ago
CVE-2025-1115 - 3 days ago
CVE-2025-1116 - 2 days ago
CVE-2024-13850 - 2 days ago
CVE-2025-1117 - 2 days ago
CVE-2024-54176 - 2 days ago
CVE-2023-4927 - 2 days ago
CVE-2024-5183 - 2 days ago
CVE-2024-6909 - 2 days ago
CVE-2024-8377 - 2 days ago
CVE-2025-0316 - 2 days ago
CVE-2025-0517 - 2 days ago