CVE-2006-1900
published 2006-04-20CVE-2006-1900: Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to…
PriorityP347high7.6CVSS 2.0
AVNACHAuNCCICAC
EXPLOIT
EPSS
16.55%
96.6th percentile
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| w3c | amaya | — | — |
CVSS provenance
nvdv2.07.6HIGHAV:N/AC:H/Au:N/C:C/I:C/A:C
vendor_cisco6.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-gg2r-jxgr-8f34: Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9
ghsa_unreviewed·2022-05-01
CVE-2006-1900 [HIGH] GHSA-gg2r-jxgr-8f34: Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9
Multiple buffer overflows in World Wide Web Consortium (W3C) Amaya 9.4, and possibly other versions including 8.x before 8.8.5, allow remote attackers to execute arbitrary code via a long value in (1) the COMPACT attribute of the COLGROUP element, (2) the ROWS attribute of the TEXTAREA element, and (3) the COLOR attribute of the LEGEND element; and via other unspecified attack vectors consisting of "dozens of possible snippets."
Cisco
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
vendor_cisco·2006-09-20·CVSS 6.0
CVE-2006-4950 [MEDIUM] CWE-264 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
A vulnerability exists in certain Cisco IOS
® software release trains running on the Cisco
IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog
Phone Gateways. Vulnerable versions may contain a default hard-coded Simple
Network Management Protocol (SNMP) community string when SNMP is enabled on the
device. The default community string is a result of inadvertently identifying
these devices as supporting Data Over Cable Service Interface Specification
(DOCSIS) compliant interfaces. The consequence of this error is that an
additional read-write community string may be enabled if the device is
configured for SNMP management, allowing a knowledgeable attacker the potential
to gain privileged access
Cisco
DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
vendor_cisco
CVE-2006-4950 DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
CVE-2006-4950: DOCSIS Read-Write Community String Enabled in Non-DOCSIS Platforms
A vulnerability exists in certain Cisco IOS � software release trains running on the Cisco IAD2400 series, 1900 Series Mobile Wireless Edge Routers and Cisco VG224 Analog Phone Gateways. Vulnerable versions may contain a default hard-coded Simple Network Management Protocol (SNMP) community string when SNMP is enabled on the device. The default community string is a result of inadvertently identifying these devices as supporting Data Over Cable Service Interface Specification (DOCSIS) compliant interfaces. The consequence of this error is that an additional read-write community string may be enabled if the device is configured for SNMP management, allowing a knowledgeable attacker the potential to gain privil
No detection rules found.
Exploit-DB
D-Link Routers - UPNP Buffer Overflow
exploitdb·2006-07-17
CVE-2006-3687 D-Link Routers - UPNP Buffer Overflow
D-Link Routers - UPNP Buffer Overflow
---
source: https://www.securityfocus.com/bid/19006/info
D-Link wired and wireless routers are prone to a buffer-overflow vulnerability because these devices fail to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer.
Successful exploits can allow remote attackers to execute arbitrary machine code in the context of the affected device.
Attackers can exploit this issue by sending a request of the form:
M-SEARCH HTTP/1.0
to UDP port 1900.
Exploit-DB
W3C Amaya 9.4 - legend color Attribute Value Overflow
exploitdb·2006-04-13
CVE-2006-1900 W3C Amaya 9.4 - legend color Attribute Value Overflow
W3C Amaya 9.4 - legend color Attribute Value Overflow
---
source: https://www.securityfocus.com/bid/17507/info
W3C Amaya is susceptible to multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it to insufficiently sized memory buffers.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts likely crash the application.
Amaya version 9.4 is affected by these issues; other versions may also be vulnerable.
Exploit-DB
W3C Amaya 9.4 - textarea rows Attribute Value Overflow
exploitdb·2006-04-13
CVE-2006-1900 W3C Amaya 9.4 - textarea rows Attribute Value Overflow
W3C Amaya 9.4 - textarea rows Attribute Value Overflow
---
source: https://www.securityfocus.com/bid/17507/info
W3C Amaya is susceptible to multiple remote buffer-overflow vulnerabilities. These issues are due to the application's failure to properly bounds-check user-supplied data before copying it to insufficiently sized memory buffers.
Remote attackers may exploit this issue to execute arbitrary machine code in the context of the affected application. Failed exploit attempts likely crash the application.
Amaya version 9.4 is affected by these issues; other versions may also be vulnerable.
No writeups or analysis indexed.
http://morph3us.org/advisories/20060412-amaya-94-2.txthttp://morph3us.org/advisories/20060412-amaya-94.txthttp://secunia.com/advisories/19670http://www.osvdb.org/24623http://www.osvdb.org/24624http://www.securityfocus.com/archive/1/430877/100/0/threadedhttp://www.securityfocus.com/archive/1/430879/100/0/threadedhttp://www.securityfocus.com/bid/17507http://www.vupen.com/english/advisories/2006/1351https://exchange.xforce.ibmcloud.com/vulnerabilities/25791http://morph3us.org/advisories/20060412-amaya-94-2.txthttp://morph3us.org/advisories/20060412-amaya-94.txthttp://secunia.com/advisories/19670http://www.osvdb.org/24623http://www.osvdb.org/24624http://www.securityfocus.com/archive/1/430877/100/0/threadedhttp://www.securityfocus.com/archive/1/430879/100/0/threadedhttp://www.securityfocus.com/bid/17507http://www.vupen.com/english/advisories/2006/1351https://exchange.xforce.ibmcloud.com/vulnerabilities/25791
2006-04-20
Published