CyberSecurityBoard
Sponsor Register Login

CVE-2006-2779

Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) "Content-implemented tree views," (4) BoxObjects, (5) the XBL implementation, (6) an iframe that attempts to remove itself, which leads to memory corruption. Fixed in: Firefox 1.5.0.4 Thunderbird 1.5.0.4 SeaMonkey 1.0.2

Publication date: Sat, 03 Jun 2006 00:02:00 +0000


Cyber News related to CVE-2006-2779

CVE-2006-2779 - Mozilla Firefox and Thunderbird before 1.5.0.4 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) nested <option> tags in a select tag, (2) a DOMNodeRemoved mutation event, (3) ...
7 years ago
CVE-2013-2779 - Cisco IOS XE 3.4 before 3.4.5S, and 3.5 through 3.7 before 3.7.1S, on 1000 series Aggregation Services Routers (ASR) does not properly implement the Cisco Multicast Leaf Recycle Elimination (MLRE) feature, which allows remote attackers to cause a ...
4 years ago
CVE-2008-2779 - Directory traversal vulnerability in GlobalSCAPE CuteFTP Home 8.2.0 Build 02.26.2008.4 and CuteFTP Pro 8.2.0 Build 04.01.2008.1 allows remote FTP servers to create or overwrite arbitrary files via ..\ (dot dot backslash) sequences in responses to ...
8 years ago
CVE-2011-2779 - Windows Event Log SmartConnector in HP ArcSight Connector Appliance before 6.1 uses world-writable permissions for exported report files, which allows local users to change or delete log data by modifying a file, a different vulnerability than ...
8 years ago
CVE-2020-2779 - Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected are 8.0.18 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via ...
4 years ago
CVE-2009-2779 - SQL injection vulnerability in index.php in AJ Matrix DNA allows remote attackers to execute arbitrary SQL commands via the id parameter in a productdetail action. ...
16 years ago
CVE-2010-2779 - Cross-site scripting (XSS) vulnerability in WebAccess in Novell GroupWise 8.x before 8.0 SP2 allows remote attackers to inject arbitrary web script or HTML via a crafted message, related to "replies." ...
15 years ago
CVE-2014-2779 - mpengine.dll in Microsoft Malware Protection Engine before 1.1.10701.0 allows remote attackers to cause a denial of service (system hang) via a crafted file. ...
9 years ago
CVE-2005-2779 - The iTAN Online-Banking Security System allows remote attackers to obtain TAN numbers via a man-in-the-middle (MITM) attack while the transaction is taking place, which facilitates a "phishing" attack. ...
9 years ago
CVE-2015-2779 - Stack consumption vulnerability in the message splitting functionality in Quassel before 0.12-rc1 allows remote attackers to cause a denial of service (uncontrolled recursion) via a crafted massage. ...
9 years ago
CVE-2007-2779 - PHP remote file inclusion vulnerability in template_csv.php in Libstats 1.0.3 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the rInfo[content] parameter. ...
8 years ago
CVE-2004-2779 - id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b misparses ID3v2 tags encoded in UTF-16 with an odd number of bytes, triggering an endless loop allocating memory until an OOM condition is reached, leading to denial-of-service (DoS). ...
7 years ago
CVE-2012-2779 - Unspecified vulnerability in the decode_frame function in libavcodec/indeo5.c in FFmpeg before 0.11, and Libav 0.7.x before 0.7.7 and 0.8.x before 0.8.4, has unknown impact and attack vectors, related to an invalid "gop header" and decoding ...
7 years ago
CVE-2018-2779 - Vulnerability in the MySQL Server component of Oracle MySQL (subcomponent: Server: Optimizer). Supported versions that are affected are 5.7.21 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via ...
7 years ago
CVE-2016-2779 - runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call, which pushes characters to the terminal's input buffer. ...
7 years ago
CVE-2019-2779 - Vulnerability in the Siebel Core - Common Components component of Oracle Siebel CRM (subcomponent: Email). Supported versions that are affected are 19.0 and prior. Difficult to exploit vulnerability allows high privileged attacker with network access ...
5 years ago
CVE-2017-2779 - An exploitable memory corruption vulnerability exists in the RSRC segment parsing functionality of LabVIEW 2017, LabVIEW 2016, LabVIEW 2015, and LabVIEW 2014. A specially crafted Virtual Instrument (VI) file can cause an attacker controlled looping ...
3 years ago
CVE-2022-2779 - A vulnerability classified as critical was found in SourceCodester Gas Agency Management System. Affected by this vulnerability is an unknown functionality of the file /gasmark/assets/myimages/oneWord.php. The manipulation of the argument shell leads ...
3 years ago
CVE-2023-2779 - The Social Share, Social Login and Social Comments WordPress plugin before 7.13.52 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege ...
2 years ago
CVE-2024-2779 - A vulnerability was found in Campcodes Online Marriage Registration System 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/application-bwdates-reports-details.php. The manipulation of the argument fromdate ...
1 year ago
CVE-2024-35849 - In the Linux kernel, the following vulnerability has been resolved: btrfs: fix information leak in btrfs_ioctl_logical_to_ino() Syzbot reported the following information leak for in btrfs_ioctl_logical_to_ino(): BUG: KMSAN: kernel-infoleak in ...
1 year ago Tenable.com
CVE-2025-2779 - The Insert Headers and Footers Code – HT Script plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajax_dismiss function in all versions up to, and including, 1.1.2. This makes it ...
11 months ago
CVE-2022-49142 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago
CVE-2025-38213 - In the Linux kernel, the following vulnerability has been resolved: ...
8 months ago
CVE-2006-0092 - Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2006-0992, CVE-2006-0158. Reason: this candidate was intended for one issue, but a typo caused it to be associated with a Novell/Groupwise issue. In addition, this issue was a ...
56 years ago Tenable.com

Latest Cyber News


    Cyber Trends (last 7 days)


    Trending Cyber News (last 7 days)