CVE-2006-5556
published 2006-10-27CVE-2006-5556: Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute…
PriorityP424medium4.6CVSS 2.0
AVLACLAuNCPIPAP
EXPLOIT
EPSS
1.25%
65.8th percentile
Buffer overflow in the localtime_r function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
| hp | hp-ux | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
bugzilla·2007-01-31·CVSS 4.6
CVE-2007-0555 [MEDIUM] CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
+++ This bug was initially created as a clone of Bug #225493 +++
An authenticated PostgreSQL user has the ability to crash the database server or
possibly read arbitrary memory for the server process. This is caused by
insufficient type checking for SQL-language functions.
CVE-2006-5556 also describes a similar flaw. The description form the
PostgreSQL advisory describes it as such:
The risk scenarios are exactly the same as above, but the method to
exploit the hole is a bit different. The attacker must cause a query plan
to be prepared and saved (via PREPARE, or implicitly in a plpgsql
function) and then execute an ALTER COLUMN TYPE command to change the type
of one of the columns used in the query, and then execute
Bugzilla
CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
bugzilla·2007-01-30·CVSS 4.6
CVE-2007-0555 [MEDIUM] CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
CVE-2007-0555 PostgreSQL arbitrary memory read flaws (CVE-2007-0556)
+++ This bug was initially created as a clone of Bug #225493 +++
An authenticated PostgreSQL user has the ability to crash the database server or
possibly read arbitrary memory for the server process. This is caused by
insufficient type checking for SQL-language functions.
CVE-2006-5556 also describes a similar flaw. The description form the
PostgreSQL advisory describes it as such:
The risk scenarios are exactly the same as above, but the method to
exploit the hole is a bit different. The attacker must cause a query plan
to be prepared and saved (via PREPARE, or implicitly in a plpgsql
function) and then execute an ALTER COLUMN TYPE command to change the type
of one of the columns used in the query, and then execute
http://blogs.23.nu/prdelka/stories/13144/http://www.securityfocus.com/bid/20718https://exchange.xforce.ibmcloud.com/vulnerabilities/29777https://www.exploit-db.com/exploits/2636http://blogs.23.nu/prdelka/stories/13144/http://www.securityfocus.com/bid/20718https://exchange.xforce.ibmcloud.com/vulnerabilities/29777https://www.exploit-db.com/exploits/2636
2006-10-27
Published