CyberSecurityBoard
Sponsor Register Login

CVE-2006-1992

mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of code execution was originally theorized, but Microsoft has stated that this issue is non-exploitable.

Publication date: Tue, 25 Apr 2006 06:02:00 +0000


Cyber News related to CVE-2006-1992

CVE-2009-1992 - Unspecified vulnerability in the Core RDBMS component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.4 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors. Per: ...
12 years ago
CVE-2006-2218 - Unspecified vulnerability in Internet Explorer 6.0 on Microsoft Windows XP SP2 allows remote attackers to execute arbitrary code via "exceptional conditions" that trigger memory corruption, as demonstrated using an exception handler and ...
3 years ago
CVE-2006-1992 - mshtml.dll 6.00.2900.2873, as used in Microsoft Internet Explorer, allows remote attackers to cause a denial of service (crash) via nested OBJECT tags, which trigger invalid pointer dereferences including NULL dereferences. NOTE: the possibility of ...
3 years ago
CVE-2024-1992 - Rejected reason: Rejected as duplicate of CVE-2024-2306 ...
11 months ago
CVE-2002-1992 - Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or 5, allows remote attackers to cause a denial of service in IIS via (1) a long template file name or (2) a long HTTP header. ...
16 years ago
CVE-2012-1992 - Cross-site scripting (XSS) vulnerability in admin/edituser.php in CMS Made Simple 1.10.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the email parameter (aka the Email Address field in the Edit User template). ...
12 years ago
CVE-2013-1992 - Multiple integer overflows in X.org libdmx 1.1.2 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) DMXGetScreenAttributes, (2) DMXGetWindowAttributes, and (3) ...
11 years ago
CVE-2014-1992 - Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. ...
10 years ago
CVE-2016-1992 - HPE ArcSight ESM before 6.8c, and ArcSight ESM Express before 6.9.1, allows remote authenticated users to obtain sensitive information via unspecified vectors. ...
8 years ago
CVE-2015-1992 - IBM Systems Director 5.2.x, 6.1.x, 6.2.0.x, 6.2.1.x, 6.3.0.0, 6.3.1.x, 6.3.2.x, 6.3.3.x, 6.3.5.0, and 6.3.6.0 improperly processes events, which allows local users to gain privileges via unspecified vectors. ...
8 years ago
CVE-2005-1992 - The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. ...
1 year ago
CVE-2007-1992 - Multiple PHP remote file inclusion vulnerabilities in the com_zoom 2.5 beta 2 and earlier module for Mambo allow remote attackers to execute arbitrary PHP code via a URL in the mosConfig_absolute_path parameter to (1) EXIF_Makernote.php or (2) ...
7 years ago
CVE-2010-1992 - Google Chrome 1.0.154.48 executes a mail application in situations where an IFRAME element has a mailto: URL in its SRC attribute, which allows remote attackers to cause a denial of service (excessive application launches) via an HTML document with ...
6 years ago
CVE-2008-1992 - Acidcat CMS 3.4.1 does not properly restrict access to (1) default_mail_aspemail.asp, (2) default_mail_cdosys.asp or (3) default_mail_jmail.asp, which allows remote attackers to bypass restrictions and relay email messages with modified From, ...
6 years ago
CVE-2020-11528 - bit2spr 1992-06-07 has a stack-based buffer overflow (129-byte write) in conv_bitmap in bit2spr.c via a long line in a bitmap file. ...
4 years ago
CVE-2020-1992 - A format string vulnerability in the Varrcvr daemon of PAN-OS on PA-7000 Series devices with a Log Forwarding Card (LFC) allows remote attackers to crash the daemon creating a denial of service condition or potentially execute code with root ...
4 years ago
CVE-2018-1992 - The IBM Power 9 OP910, OP920, and FW910 boot firmware's bootloader is responsible for loading and validating the initial boot firmware image that drives the rest of the system's hardware initialization. The bootloader firmware contains a ...
5 years ago
CVE-2004-1992 - Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. ...
4 years ago
CVE-2011-1992 - The XSS Filter in Microsoft Internet Explorer 8 allows remote attackers to read content from a different (1) domain or (2) zone via a "trial and error" attack, aka "XSS Filter Information Disclosure Vulnerability." ...
3 years ago
CVE-2019-1992 - In bta_hl_sdp_query_results of bta_hl_main.cc, there is a possible use-after-free due to a race condition. This could lead to remote code execution with no additional execution privileges needed. User interaction is needed for exploitation. Product: ...
3 years ago
CVE-2022-1992 - Path Traversal in GitHub repository gogs/gogs prior to 0.12.9. ...
2 years ago
CVE-2023-1992 - RPCoRDMA dissector crash in Wireshark 4.0.0 to 4.0.4 and 3.6.0 to 3.6.12 allows denial of service via packet injection or crafted capture file ...
1 year ago
CVE-2017-1992 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was in a CNA pool that was not assigned to any issues during 2017. Notes: none ...
55 years ago Tenable.com
CVE-2024-40905 - In the Linux kernel, the following vulnerability has been resolved: ...
5 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
55 years ago Tenable.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)