Max CVSS | 10.0 | Min CVSS | 1.2 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2007-3798 | 6.8 |
Integer overflow in print-bgp.c in the BGP dissector in tcpdump 3.9.6 and earlier allows remote attackers to execute arbitrary code via crafted TLVs in a BGP packet, related to an unchecked return value.
|
15-10-2024 - 15:35 | 16-07-2007 - 22:30 | |
CVE-2003-1307 | 4.3 |
The mod_php module for the Apache HTTP Server allows local users with write access to PHP scripts to send signals to the server's process group and use the server's file descriptors, as demonstrated by sending a STOP signal, then intercepting incomin
|
08-08-2024 - 03:15 | 31-12-2003 - 05:00 | |
CVE-2004-2343 | 7.2 |
Apache HTTP Server 2.0.47 and earlier allows local users to bypass .htaccess file restrictions, as specified in httpd.conf with directives such as Deny From All, by using an ErrorDocument directive. NOTE: the vendor has disputed this issue, since the
|
08-08-2024 - 02:15 | 31-12-2004 - 05:00 | |
CVE-2005-1753 | 5.0 |
ReadMessage.jsp in JavaMail API 1.1.3 through 1.3, as used by Apache Tomcat 5.0.16, allows remote attackers to view other users' e-mail attachments via a direct request to /mailboxesdir/username@domainname. NOTE: Sun and Apache dispute this issue. S
|
07-08-2024 - 22:15 | 31-12-2005 - 05:00 | |
CVE-2006-5159 | 7.5 |
Stack-based buffer overflow in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving JavaScript. NOTE: the vendor and original researchers have released a follow-up comment disputing the severity of this
|
07-08-2024 - 20:15 | 05-10-2006 - 04:04 | |
CVE-2006-5160 | 7.8 |
Multiple unspecified vulnerabilities in Mozilla Firefox have unspecified vectors and impact, as claimed during ToorCon 2006. NOTE: the vendor and original researchers have released a follow-up comment disputing this issue, in which one researcher st
|
07-08-2024 - 20:15 | 05-10-2006 - 04:04 | |
CVE-2006-3486 | 2.1 |
Off-by-one buffer overflow in the Instance_options::complete_initialization function in instance_options.cc in the Instance Manager in MySQL before 5.0.23 and 5.1 before 5.1.12 might allow local users to cause a denial of service (application crash)
|
07-08-2024 - 19:15 | 10-07-2006 - 21:05 | |
CVE-2007-6423 | 7.8 |
Unspecified vulnerability in mod_proxy_balancer for Apache HTTP Server 2.2.x before 2.2.7-dev, when running on Windows, allows remote attackers to trigger memory corruption via a long URL. NOTE: the vendor could not reproduce this issue
|
07-08-2024 - 16:15 | 12-01-2008 - 00:46 | |
CVE-2007-5894 | 9.3 |
The reply function in ftpd.c in the gssftp ftpd in MIT Kerberos 5 (krb5) does not initialize the length variable when auth_type has a certain value, which has unknown impact and remote authenticated attack vectors. NOTE: the original disclosure misi
|
07-08-2024 - 16:15 | 06-12-2007 - 02:46 | |
CVE-2007-3508 | 7.2 |
Integer overflow in the process_envvars function in elf/rtld.c in glibc before 2.5-rc4 might allow local users to execute arbitrary code via a large LD_HWCAP_MASK environment variable value. NOTE: the glibc maintainers state that they do not believe
|
07-08-2024 - 15:15 | 03-07-2007 - 21:30 | |
CVE-2007-0086 | 7.8 |
The Apache HTTP Server, when accessed through a TCP connection with a large window size, allows remote attackers to cause a denial of service (network bandwidth consumption) via a Range header that specifies multiple copies of the same fragment. NOT
|
07-08-2024 - 12:15 | 05-01-2007 - 18:28 | |
CVE-2007-0080 | 6.6 |
Buffer overflow in the SMB_Connect_Server function in FreeRadius 1.1.3 and earlier allows attackers to execute arbitrary code related to the server desthost field of an SMB_Handle_Type instance. NOTE: the impact of this issue has been disputed by a
|
07-08-2024 - 12:15 | 05-01-2007 - 11:28 | |
CVE-2008-4977 | 6.9 |
postfix_groups.pl in Postfix 2.5.2 allows local users to overwrite arbitrary files via a symlink attack on the (1) /tmp/postfix_groups.stdout, (2) /tmp/postfix_groups.stderr, and (3) /tmp/postfix_groups.message temporary files. NOTE: the vendor disp
|
07-08-2024 - 11:15 | 06-11-2008 - 15:55 | |
CVE-2008-1685 | 6.8 |
gcc 4.2.0 through 4.3.0 in GNU Compiler Collection, when casts are not used, considers the sum of a pointer and an int to be greater than or equal to the pointer, which might lead to removal of length testing code that was intended as a protection me
|
07-08-2024 - 09:15 | 06-04-2008 - 23:44 | |
CVE-2009-0127 | 5.0 |
M2Crypto does not properly check the return value from the OpenSSL EVP_VerifyFinal, DSA_verify, ECDSA_verify, DSA_do_verify, and ECDSA_do_verify functions, which might allow remote attackers to bypass validation of the certificate chain via a malform
|
07-08-2024 - 05:15 | 15-01-2009 - 17:30 | |
CVE-2006-5051 | 9.3 |
Signal handler race condition in OpenSSH before 4.4 allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code if GSSAPI authentication is enabled, via unspecified vectors that lead to a double-free.
|
29-07-2024 - 01:15 | 27-09-2006 - 23:07 | |
CVE-2008-4109 | 5.0 |
A certain Debian patch for OpenSSH before 4.3p2-9etch3 on etch; before 4.6p1-1 on sid and lenny; and on other distributions such as SUSE uses functions that are not async-signal-safe in the signal handler for login timeouts, which allows remote attac
|
01-07-2024 - 11:15 | 18-09-2008 - 15:04 | |
CVE-2003-0693 | 10.0 |
A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CV
|
01-07-2024 - 11:15 | 22-09-2003 - 04:00 | |
CVE-2009-3564 | 4.7 |
puppetmasterd in puppet 0.24.6 does not reset supplementary groups when it switches to a different user, which might allow local users to access restricted files.
|
10-06-2024 - 19:15 | 06-10-2009 - 17:30 | |
CVE-2009-0601 | 2.1 |
Format string vulnerability in Wireshark 0.99.8 through 1.0.5 on non-Windows platforms allows local users to cause a denial of service (application crash) via format string specifiers in the HOME environment variable.
|
17-05-2024 - 17:31 | 16-02-2009 - 20:30 | |
CVE-2008-0166 | 7.8 |
OpenSSL 0.9.8c-1 up to versions before 0.9.8g-9 on Debian-based operating systems uses a random number generator that generates predictable numbers, which makes it easier for remote attackers to conduct brute force guessing attacks against cryptograp
|
14-05-2024 - 01:50 | 13-05-2008 - 17:20 | |
CVE-2007-6420 | 4.3 |
Cross-site request forgery (CSRF) vulnerability in the balancer-manager in mod_proxy_balancer for Apache HTTP Server 2.2.x allows remote attackers to gain privileges via unspecified vectors.
|
26-04-2024 - 16:08 | 12-01-2008 - 00:46 | |
CVE-2007-4559 | 6.8 |
Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related
|
23-03-2024 - 03:15 | 28-08-2007 - 01:17 | |
CVE-2009-3720 | 5.0 |
The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafte
|
22-02-2024 - 03:40 | 03-11-2009 - 16:30 | |
CVE-2006-4434 | 5.0 |
Use-after-free vulnerability in Sendmail before 8.13.8 allows remote attackers to cause a denial of service (crash) via a long "header line", which causes a previously freed variable to be referenced. NOTE: the original developer has disputed the sev
|
15-02-2024 - 21:20 | 29-08-2006 - 00:04 | |
CVE-2006-4095 | 5.0 |
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned.
|
15-02-2024 - 21:04 | 06-09-2006 - 00:04 | |
CVE-2004-0112 | 5.0 |
The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a
|
15-02-2024 - 20:54 | 23-11-2004 - 05:00 | |
CVE-2009-4272 | 7.8 |
A certain Red Hat patch for net/ipv4/route.c in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5 allows remote attackers to cause a denial of service (deadlock) via crafted packets that force collisions in the IPv4 routing hash table, and
|
15-02-2024 - 20:47 | 27-01-2010 - 17:30 | |
CVE-2009-2699 | 5.0 |
The Solaris pollset feature in the Event Port backend in poll/unix/port.c in the Apache Portable Runtime (APR) library before 1.3.9, as used in the Apache HTTP Server before 2.2.14 and other products, does not properly handle errors, which allows rem
|
15-02-2024 - 20:46 | 13-10-2009 - 10:30 | |
CVE-2009-1961 | 1.9 |
The inode double locking code in fs/ocfs2/file.c in the Linux kernel 2.6.30 before 2.6.30-rc3, 2.6.27 before 2.6.27.24, 2.6.29 before 2.6.29.4, and possibly other versions down to 2.6.19 allows local users to cause a denial of service (prevention of
|
15-02-2024 - 20:41 | 08-06-2009 - 01:00 | |
CVE-2009-1243 | 2.1 |
net/ipv4/udp.c in the Linux kernel before 2.6.29.1 performs an unlocking step in certain incorrect circumstances, which allows local users to cause a denial of service (panic) by reading zero bytes from the /proc/net/udp file and unspecified other fi
|
15-02-2024 - 20:41 | 06-04-2009 - 14:30 | |
CVE-2004-0174 | 5.0 |
Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multiple listening sockets on certain platforms, allows remote attackers to cause a denial of service (blocked new connections) via a "short-lived connection on a rarely-accessed listeni
|
15-02-2024 - 20:37 | 04-05-2004 - 04:00 | |
CVE-2008-4302 | 4.9 |
fs/splice.c in the splice subsystem in the Linux kernel before 2.6.22.2 does not properly handle a failure of the add_to_page_cache_lru function, and subsequently attempts to unlock a page that was not locked, which allows local users to cause a deni
|
15-02-2024 - 20:24 | 29-09-2008 - 17:17 | |
CVE-2006-5158 | 3.3 |
The nlmclnt_mark_reclaim in clntlock.c in NFS lockd in Linux kernel before 2.6.16 allows remote attackers to cause a denial of service (process crash) and deny access to NFS exports via unspecified vectors that trigger a kernel oops (null dereference
|
15-02-2024 - 20:23 | 05-10-2006 - 04:04 | |
CVE-2009-1388 | 4.9 |
The ptrace_start function in kernel/ptrace.c in the Linux kernel 2.6.18 does not properly handle simultaneous execution of the do_coredump function, which allows local users to cause a denial of service (deadlock) via vectors involving the ptrace sys
|
15-02-2024 - 19:19 | 05-07-2009 - 16:30 | |
CVE-2006-5969 | 4.6 |
CRLF injection vulnerability in the evalFolderLine function in fvwm 2.5.18 and earlier allows local users to execute arbitrary commands via carriage returns in a directory name, which is not properly handled by fvwm-menu-directory, a variant of CVE-2
|
14-02-2024 - 01:17 | 17-11-2006 - 23:07 | |
CVE-2009-0265 | 5.0 |
Internet Systems Consortium (ISC) BIND 9.6.0 and earlier does not properly check the return value from the OpenSSL EVP_VerifyFinal function, which allows remote attackers to bypass validation of the certificate chain via a malformed SSL/TLS signature
|
13-02-2024 - 17:43 | 26-01-2009 - 15:30 | |
CVE-2009-3231 | 6.8 |
The core server component in PostgreSQL 8.3 before 8.3.8 and 8.2 before 8.2.14, when using LDAP authentication with anonymous binds, allows remote attackers to bypass authentication via an empty password.
|
13-02-2024 - 17:41 | 17-09-2009 - 10:30 | |
CVE-2006-6143 | 9.3 |
The RPC library in Kerberos 5 1.4 through 1.4.4, and 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, calls an uninitialized function pointer in freed memory, which allows remote attacke
|
09-02-2024 - 03:26 | 31-12-2006 - 05:00 | |
CVE-2009-2768 | 7.2 |
The load_flat_shared_library function in fs/binfmt_flat.c in the flat subsystem in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecified other impac
|
09-02-2024 - 03:22 | 14-08-2009 - 15:16 | |
CVE-2009-1415 | 4.3 |
lib/pk-libgcrypt.c in libgnutls in GnuTLS before 2.6.6 does not properly handle invalid DSA signatures, which allows remote attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a malformed DSA key
|
09-02-2024 - 03:22 | 30-04-2009 - 20:30 | |
CVE-2005-2946 | 5.0 |
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signatur
|
09-02-2024 - 03:13 | 16-09-2005 - 22:03 | |
CVE-2006-1058 | 2.1 |
BusyBox 1.1.1 does not use a salt when generating passwords, which makes it easier for local users to guess passwords from a stolen password file using techniques such as rainbow tables.
|
09-02-2024 - 03:05 | 04-04-2006 - 10:04 | |
CVE-2009-0935 | 4.7 |
The inotify_read function in the Linux kernel 2.6.27 to 2.6.27.13, 2.6.28 to 2.6.28.2, and 2.6.29-rc3 allows local users to cause a denial of service (OOPS) via a read with an invalid address to an inotify instance, which causes the device's event li
|
09-02-2024 - 00:39 | 18-03-2009 - 02:00 | |
CVE-2002-1850 | 5.0 |
mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly remote attackers to cause a denial of service (hang and memory consumption) by causing a CGI script to send a large amount of data to stderr, which results in a read/write deadlock b
|
09-02-2024 - 00:29 | 31-12-2002 - 05:00 | |
CVE-2009-2692 | 7.2 |
The Linux kernel 2.6.0 through 2.6.30.4, and 2.4.4 through 2.4.37.4, does not initialize all function pointers for socket operations in proto_ops structures, which allows local users to trigger a NULL pointer dereference and gain privileges by using
|
08-02-2024 - 23:50 | 14-08-2009 - 15:16 | |
CVE-2008-2934 | 6.8 |
Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an uninitialized pointer.
|
08-02-2024 - 23:43 | 18-07-2008 - 16:41 | |
CVE-2005-1306 | 5.0 |
The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 allows remote attackers to determine the existence of files via Javascript containing XML script, aka the "XML External Entity vulnerability."
|
08-02-2024 - 19:55 | 15-06-2005 - 04:00 | |
CVE-2002-0639 | 10.0 |
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
|
08-02-2024 - 18:37 | 03-07-2002 - 04:00 | |
CVE-2004-1002 | 5.0 |
Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attackers to cause a denial of service (daemon crash) via a CBCP packet with an invalid length value that causes pppd to access an incorrect memory location.
|
08-02-2024 - 15:43 | 01-03-2005 - 05:00 | |
CVE-2009-3289 | 4.4 |
The g_file_copy function in glib 2.0 sets the permissions of a target file to the permissions of a symbolic link (777), which allows user-assisted local users to modify files of other users, as demonstrated by using Nautilus to modify the permissions
|
08-02-2024 - 14:56 | 22-09-2009 - 10:30 | |
CVE-2006-6811 | 4.3 |
KsIRC 1.3.12 allows remote attackers to cause a denial of service (crash) via a long PRIVMSG string when connecting to an Internet Relay Chat (IRC) server, which causes an assertion failure and results in a NULL pointer dereference. NOTE: this issue
|
08-02-2024 - 02:22 | 29-12-2006 - 11:28 | |
CVE-2006-5779 | 5.0 |
OpenLDAP before 2.3.29 allows remote attackers to cause a denial of service (daemon crash) via LDAP BIND requests with long authcid names, which triggers an assertion failure.
|
08-02-2024 - 02:20 | 07-11-2006 - 18:07 | |
CVE-2009-1378 | 5.0 |
Multiple memory leaks in the dtls1_process_out_of_seq_message function in ssl/d1_both.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allow remote attackers to cause a denial of service (memory consumption) via DTLS records that (1) are duplicates or
|
07-02-2024 - 18:02 | 19-05-2009 - 19:30 | |
CVE-2009-1377 | 5.0 |
The dtls1_buffer_record function in ssl/d1_pkt.c in OpenSSL 0.9.8k and earlier 0.9.8 versions allows remote attackers to cause a denial of service (memory consumption) via a large series of "future epoch" DTLS records that are buffered in a queue, ak
|
07-02-2024 - 18:01 | 19-05-2009 - 19:30 | |
CVE-2003-0545 | 10.0 |
Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an SSL client certificate with a certain invalid ASN.1 encoding.
|
02-02-2024 - 15:23 | 17-11-2003 - 05:00 | |
CVE-2005-3120 | 7.5 |
Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters.
|
02-02-2024 - 14:00 | 17-10-2005 - 20:06 | |
CVE-2008-0599 | 10.0 |
The init_request_info function in sapi/cgi/cgi_main.c in PHP before 5.2.6 does not properly consider operator precedence when calculating the length of PATH_TRANSLATED, which might allow remote attackers to execute arbitrary code via a crafted URI.
|
02-02-2024 - 13:52 | 05-05-2008 - 17:20 | |
CVE-2005-1111 | 3.7 |
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
|
26-01-2024 - 17:07 | 02-05-2005 - 04:00 | |
CVE-2009-3939 | 6.6 |
The poll_mode_io file for the megaraid_sas driver in the Linux kernel 2.6.31.6 and earlier has world-writable permissions, which allows local users to change the I/O mode of the driver by modifying this file.
|
25-01-2024 - 21:37 | 16-11-2009 - 19:30 | |
CVE-2006-2916 | 6.0 |
artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from droppin
|
21-01-2024 - 01:42 | 15-06-2006 - 10:02 | |
CVE-2007-4465 | 4.3 |
Cross-site scripting (XSS) vulnerability in mod_autoindex.c in the Apache HTTP Server before 2.2.6, when the charset on a server-generated page is not defined, allows remote attackers to inject arbitrary web script or HTML via the P parameter using t
|
19-01-2024 - 15:13 | 14-09-2007 - 00:17 | |
CVE-2008-2939 | 4.3 |
Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary we
|
19-01-2024 - 15:13 | 06-08-2008 - 18:41 | |
CVE-2004-0079 | 5.0 |
The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
|
28-12-2023 - 15:33 | 23-11-2004 - 05:00 | |
CVE-2009-2698 | 7.2 |
The udp_sendmsg function in the UDP implementation in (1) net/ipv4/udp.c and (2) net/ipv6/udp.c in the Linux kernel before 2.6.19 allows local users to gain privileges or cause a denial of service (NULL pointer dereference and system crash) via vecto
|
28-12-2023 - 15:22 | 27-08-2009 - 17:30 | |
CVE-2004-1287 | 10.0 |
Buffer overflow in the error function in preproc.c for NASM 0.98.38 1.2 allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2005-1194.
|
22-12-2023 - 17:15 | 10-01-2005 - 05:00 | |
CVE-2006-0459 | 7.5 |
flex.skl in Will Estes and John Millaway Fast Lexical Analyzer Generator (flex) before 2.5.33 does not allocate enough memory for grammars containing (1) REJECT statements or (2) trailing context rules, which causes flex to generate code that contain
|
06-10-2023 - 17:23 | 29-03-2006 - 23:02 | |
CVE-2005-2975 | 7.8 |
io-xpm.c in the gdk-pixbuf XPM image rendering library in GTK+ before 2.8.7 allows attackers to cause a denial of service (infinite loop) via a crafted XPM image with a large number of colors.
|
11-08-2023 - 20:12 | 18-11-2005 - 06:03 | |
CVE-2005-2976 | 7.5 |
Integer overflow in io-xpm.c in gdk-pixbuf 0.22.0 in GTK+ before 2.8.7 allows attackers to cause a denial of service (crash) or execute arbitrary code via an XPM file with large height, width, and colour values, a different vulnerability than CVE-200
|
03-08-2023 - 17:19 | 18-11-2005 - 06:03 | |
CVE-2007-4965 | 5.8 |
Multiple integer overflows in the imageop module in Python 2.5.1 and earlier allow context-dependent attackers to cause a denial of service (application crash) and possibly obtain sensitive information (memory contents) via crafted arguments to (1) t
|
02-08-2023 - 18:52 | 18-09-2007 - 22:17 | |
CVE-2008-2316 | 7.5 |
Integer overflow in _hashopenssl.c in the hashlib module in Python 2.5.2 and earlier might allow context-dependent attackers to defeat cryptographic digests, related to "partial hashlib hashing of data exceeding 4GB."
|
02-08-2023 - 18:52 | 01-08-2008 - 14:41 | |
CVE-2008-1679 | 6.8 |
Multiple integer overflows in imageop.c in Python before 2.5.3 allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted images that trigger heap-based buffer overflows. NOTE: this issue i
|
02-08-2023 - 18:52 | 22-04-2008 - 04:41 | |
CVE-2006-4980 | 7.5 |
Buffer overflow in the repr function in Python 2.3 through 2.6 before 20060822 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via crafted wide character UTF-32/UCS-4 strings to certain scripts.
|
02-08-2023 - 18:04 | 10-10-2006 - 04:06 | |
CVE-2007-2052 | 5.0 |
Off-by-one error in the PyLocale_strxfrm function in Modules/_localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown m
|
02-08-2023 - 18:04 | 16-04-2007 - 22:19 | |
CVE-2006-1542 | 3.7 |
Stack-based buffer overflow in Python 2.4.2 and earlier, running on Linux 2.6.12.5 under gcc 4.0.3 with libc 2.3.5, allows local users to cause a "stack overflow," and possibly gain privileges, by running a script from a current working directory tha
|
02-08-2023 - 17:25 | 30-03-2006 - 11:02 | |
CVE-2009-4492 | 7.5 |
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify
|
01-08-2023 - 18:59 | 13-01-2010 - 20:30 | |
CVE-2008-1145 | 5.0 |
Directory traversal vulnerability in WEBrick in Ruby 1.8 before 1.8.5-p115 and 1.8.6-p114, and 1.9 through 1.9.0-1, when running on systems that support backslash (\) path separators or case-insensitive file names, allows remote attackers to access a
|
01-08-2023 - 18:58 | 04-03-2008 - 23:44 | |
CVE-2007-3278 | 6.9 |
PostgreSQL 8.1 and probably later versions, when local trust authentication is enabled and the Database Link library (dblink) is installed, allows remote attackers to access arbitrary accounts and execute arbitrary SQL queries via a dblink host param
|
24-02-2023 - 15:35 | 19-06-2007 - 21:30 | |
CVE-2009-4484 | 7.5 |
Multiple stack-based buffer overflows in the CertDecoder::GetName function in src/asn.cpp in TaoCrypt in yaSSL before 1.9.9, as used in mysqld in MySQL 5.0.x before 5.0.90, MySQL 5.1.x before 5.1.43, MySQL 5.5.x through 5.5.0-m2, and other products,
|
14-02-2023 - 21:13 | 30-12-2009 - 21:30 | |
CVE-2010-1157 | 2.6 |
Apache Tomcat 5.5.0 through 5.5.29 and 6.0.0 through 6.0.26 might allow remote attackers to discover the server's hostname or IP address by sending a request for a resource that requires (1) BASIC or (2) DIGEST authentication, and then reading the re
|
13-02-2023 - 04:17 | 23-04-2010 - 14:30 | |
CVE-2010-0740 | 5.0 |
The ssl3_get_record function in ssl/s3_pkt.c in OpenSSL 0.9.8f through 0.9.8m allows remote attackers to cause a denial of service (crash) via a malformed record in a TLS connection that triggers a NULL pointer dereference, related to the minor versi
|
13-02-2023 - 04:16 | 26-03-2010 - 18:30 | |
CVE-2010-0415 | 4.6 |
The do_pages_move function in mm/migrate.c in the Linux kernel before 2.6.33-rc7 does not validate node values, which allows local users to read arbitrary kernel memory locations, cause a denial of service (OOPS), and possibly have unspecified other
|
13-02-2023 - 04:16 | 17-02-2010 - 18:30 | |
CVE-2010-0434 | 4.3 |
The ap_read_request function in server/protocol.c in the Apache HTTP Server 2.2.x before 2.2.15, when a multithreaded MPM is used, does not properly handle headers in subrequests in certain circumstances involving a parent request that has a body, wh
|
13-02-2023 - 04:16 | 05-03-2010 - 19:30 | |
CVE-2010-0424 | 3.3 |
The edit_cmd function in crontab.c in (1) cronie before 1.4.4 and (2) Vixie cron (vixie-cron) allows local users to change the modification times of arbitrary files, and consequently cause a denial of service, via a symlink attack on a temporary file
|
13-02-2023 - 04:16 | 25-02-2010 - 19:30 | |
CVE-2010-0437 | 7.8 |
The ip6_dst_lookup_tail function in net/ipv6/ip6_output.c in the Linux kernel before 2.6.27 does not properly handle certain circumstances involving an IPv6 TUN network interface and a large number of neighbors, which allows attackers to cause a deni
|
13-02-2023 - 04:16 | 24-03-2010 - 13:34 | |
CVE-2010-0410 | 4.9 |
drivers/connector/connector.c in the Linux kernel before 2.6.32.8 allows local users to cause a denial of service (memory consumption and system crash) by sending the kernel many NETLINK_CONNECTOR messages.
|
13-02-2023 - 04:16 | 22-02-2010 - 13:00 | |
CVE-2010-0307 | 4.7 |
The load_elf_binary function in fs/binfmt_elf.c in the Linux kernel before 2.6.32.8 on the x86_64 platform does not ensure that the ELF interpreter is available before a call to the SET_PERSONALITY macro, which allows local users to cause a denial of
|
13-02-2023 - 04:15 | 17-02-2010 - 18:30 | |
CVE-2010-0299 | 4.6 |
openSUSE 11.2 installs the devtmpfs root directory with insecure permissions (1777), which allows local users to gain privileges via unspecified vectors.
|
13-02-2023 - 02:21 | 22-02-2010 - 18:30 | |
CVE-2009-4141 | 7.2 |
Use-after-free vulnerability in the fasync_helper function in fs/fcntl.c in the Linux kernel before 2.6.33-rc4-git1 allows local users to gain privileges via vectors that include enabling O_ASYNC (aka FASYNC or FIOASYNC) on a locked file, and then cl
|
13-02-2023 - 02:20 | 19-01-2010 - 16:30 | |
CVE-2009-4026 | 7.8 |
The mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (panic) via a crafted Delete Block ACK (aka DELBA) packet, related to an erroneous "code shuffling patch."
|
13-02-2023 - 02:20 | 02-12-2009 - 16:30 | |
CVE-2009-4021 | 4.9 |
The fuse_direct_io function in fs/fuse/file.c in the fuse subsystem in the Linux kernel before 2.6.32-rc7 might allow attackers to cause a denial of service (invalid pointer dereference and OOPS) via vectors possibly related to a memory-consumption a
|
13-02-2023 - 02:20 | 25-11-2009 - 16:30 | |
CVE-2009-3895 | 6.8 |
Heap-based buffer overflow in the exif_entry_fix function (aka the tag fixup routine) in libexif/exif-entry.c in libexif 0.6.18 allows remote attackers to cause a denial of service or possibly execute arbitrary code via an invalid EXIF image. NOTE: s
|
13-02-2023 - 02:20 | 20-11-2009 - 18:30 | |
CVE-2009-4131 | 7.2 |
The EXT4_IOC_MOVE_EXT (aka move extents) ioctl implementation in the ext4 filesystem in the Linux kernel before 2.6.32-git6 allows local users to overwrite arbitrary files via a crafted request, related to insufficient checks for file permissions.
|
13-02-2023 - 02:20 | 13-12-2009 - 01:30 | |
CVE-2009-4027 | 7.1 |
Race condition in the mac80211 subsystem in the Linux kernel before 2.6.32-rc8-next-20091201 allows remote attackers to cause a denial of service (system crash) via a Delete Block ACK (aka DELBA) packet that triggers a certain state change in the abs
|
13-02-2023 - 02:20 | 02-12-2009 - 16:30 | |
CVE-2009-1897 | 6.9 |
The tun_chr_poll function in drivers/net/tun.c in the tun subsystem in the Linux kernel 2.6.30 and 2.6.30.1, when the -fno-delete-null-pointer-checks gcc option is omitted, allows local users to gain privileges via vectors involving a NULL pointer de
|
13-02-2023 - 02:20 | 20-07-2009 - 17:30 | |
CVE-2009-3621 | 4.9 |
net/unix/af_unix.c in the Linux kernel 2.6.31.4 and earlier allows local users to cause a denial of service (system hang) by creating an abstract-namespace AF_UNIX listening socket, performing a shutdown operation on this socket, and then performing
|
13-02-2023 - 02:20 | 22-10-2009 - 16:00 | |
CVE-2009-2406 | 6.9 |
Stack-based buffer overflow in the parse_tag_11_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vec
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2009-2901 | 4.3 |
The autodeployment process in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20, when autoDeploy is enabled, deploys appBase files that remain from a failed undeploy, which might allow remote attackers to bypass intended authentication requ
|
13-02-2023 - 02:20 | 28-01-2010 - 20:30 | |
CVE-2009-4135 | 4.4 |
The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp.
|
13-02-2023 - 02:20 | 11-12-2009 - 16:30 | |
CVE-2009-3889 | 6.6 |
The dbg_lvl file for the megaraid_sas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the (1) behavior and (2) logging level of the driver by modifying this file.
|
13-02-2023 - 02:20 | 16-11-2009 - 19:30 | |
CVE-2009-3638 | 7.2 |
Integer overflow in the kvm_dev_ioctl_get_supported_cpuid function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.31.4 allows local users to have an unspecified impact via a KVM_GET_SUPPORTED_CPUID request to the kvm_arch_d
|
13-02-2023 - 02:20 | 29-10-2009 - 14:30 | |
CVE-2009-3555 | 5.8 |
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS 2.8.5 and earlier, Mozilla Network Secu
|
13-02-2023 - 02:20 | 09-11-2009 - 17:30 | |
CVE-2009-3551 | 5.0 |
Off-by-one error in the dissect_negprot_response function in packet-smb.c in the SMB dissector in Wireshark 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
|
13-02-2023 - 02:20 | 30-10-2009 - 20:30 | |
CVE-2009-2908 | 4.9 |
The d_delete function in fs/ecryptfs/inode.c in eCryptfs in the Linux kernel 2.6.31 allows local users to cause a denial of service (kernel OOPS) and possibly execute arbitrary code via unspecified vectors that cause a "negative dentry" and trigger a
|
13-02-2023 - 02:20 | 13-10-2009 - 10:30 | |
CVE-2009-4138 | 4.7 |
drivers/firewire/ohci.c in the Linux kernel before 2.6.32-git9, when packet-per-buffer mode is used, allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unknown other impact via an unspecified
|
13-02-2023 - 02:20 | 16-12-2009 - 19:30 | |
CVE-2009-2909 | 4.9 |
Integer signedness error in the ax25_setsockopt function in net/ax25/af_ax25.c in the ax25 subsystem in the Linux kernel before 2.6.31.2 allows local users to cause a denial of service (OOPS) via a crafted optlen value in an SO_BINDTODEVICE operation
|
13-02-2023 - 02:20 | 20-10-2009 - 17:30 | |
CVE-2009-3726 | 7.8 |
The nfs4_proc_lock function in fs/nfs/nfs4proc.c in the NFSv4 client in the Linux kernel before 2.6.31-rc4 allows remote NFS servers to cause a denial of service (NULL pointer dereference and panic) by sending a certain response containing incorrect
|
13-02-2023 - 02:20 | 09-11-2009 - 19:30 | |
CVE-2009-3607 | 9.3 |
Integer overflow in the create_surface_from_thumbnail_data function in glib/poppler-page.cc in Poppler 0.x allows remote attackers to cause a denial of service (memory corruption) or possibly execute arbitrary code via a crafted PDF document that tri
|
13-02-2023 - 02:20 | 21-10-2009 - 17:30 | |
CVE-2009-3556 | 1.9 |
A certain Red Hat configuration step for the qla2xxx driver in the Linux kernel 2.6.18 on Red Hat Enterprise Linux (RHEL) 5, when N_Port ID Virtualization (NPIV) hardware is used, sets world-writable permissions for the (1) vport_create and (2) vport
|
13-02-2023 - 02:20 | 27-01-2010 - 17:30 | |
CVE-2009-2407 | 6.9 |
Heap-based buffer overflow in the parse_tag_3_packet function in fs/ecryptfs/keystore.c in the eCryptfs subsystem in the Linux kernel before 2.6.30.4 allows local users to cause a denial of service (system crash) or possibly gain privileges via vecto
|
13-02-2023 - 02:20 | 31-07-2009 - 19:00 | |
CVE-2009-4020 | 7.8 |
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
|
13-02-2023 - 02:20 | 04-12-2009 - 21:30 | |
CVE-2009-2910 | 2.1 |
arch/x86/ia32/ia32entry.S in the Linux kernel before 2.6.31.4 on the x86_64 platform does not clear certain kernel registers before a return to user mode, which allows local users to read register values from an earlier process by switching an ia32 p
|
13-02-2023 - 02:20 | 20-10-2009 - 17:30 | |
CVE-2009-1379 | 5.0 |
Use-after-free vulnerability in the dtls1_retrieve_buffered_fragment function in ssl/d1_both.c in OpenSSL 1.0.0 Beta 2 allows remote attackers to cause a denial of service (openssl s_client crash) and possibly have unspecified other impact via a DTLS
|
13-02-2023 - 02:20 | 19-05-2009 - 19:30 | |
CVE-2009-3888 | 4.9 |
The do_mmap_pgoff function in mm/nommu.c in the Linux kernel before 2.6.31.6, when the CPU lacks a memory management unit, allows local users to cause a denial of service (OOPS) via an application that attempts to allocate a large amount of memory.
|
13-02-2023 - 02:20 | 16-11-2009 - 19:30 | |
CVE-2009-3640 | 4.9 |
The update_cr8_intercept function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc1 does not properly handle the absence of an Advanced Programmable Interrupt Controller (APIC), which allows local users to cause a denia
|
13-02-2023 - 02:20 | 29-10-2009 - 14:30 | |
CVE-2009-3550 | 4.3 |
The DCERPC/NT dissector in Wireshark 0.10.10 through 1.0.9 and 1.2.0 through 1.2.2 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a file that records a malformed packet trace. NOTE: some of t
|
13-02-2023 - 02:20 | 30-10-2009 - 20:30 | |
CVE-2009-1381 | 6.8 |
The map_yp_alias function in functions/imap_general.php in SquirrelMail before 1.4.19-1 on Debian GNU/Linux, and possibly other operating systems and versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a userna
|
13-02-2023 - 02:20 | 22-05-2009 - 20:30 | |
CVE-2010-0006 | 7.1 |
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.32.4, when network namespaces are enabled, allows remote attackers to cause a denial of service (NULL pointer dereference) via an invalid IPv6 jumbogram, a related issue
|
13-02-2023 - 02:20 | 26-01-2010 - 18:30 | |
CVE-2010-0008 | 7.8 |
The sctp_rcv_ootb function in the SCTP implementation in the Linux kernel before 2.6.23 allows remote attackers to cause a denial of service (infinite loop) via (1) an Out Of The Blue (OOTB) chunk or (2) a chunk of zero length.
|
13-02-2023 - 02:20 | 19-03-2010 - 19:30 | |
CVE-2010-0007 | 2.1 |
net/bridge/netfilter/ebtables.c in the ebtables module in the netfilter framework in the Linux kernel before 2.6.33-rc4 does not require the CAP_NET_ADMIN capability for setting or modifying rules, which allows local users to bypass intended access r
|
13-02-2023 - 02:20 | 19-01-2010 - 16:30 | |
CVE-2010-0003 | 5.4 |
The print_fatal_signal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and t
|
13-02-2023 - 02:20 | 26-01-2010 - 18:30 | |
CVE-2008-4580 | 7.2 |
fence_manual, as used in fence 2.02.00-r1 and possibly cman, allows local users to modify arbitrary files via a symlink attack on the fence_manual.fifo temporary file.
|
13-02-2023 - 02:19 | 15-10-2008 - 20:08 | |
CVE-2008-4579 | 1.9 |
The (1) fence_apc and (2) fence_apc_snmp programs, as used in (a) fence 2.02.00-r1 and possibly (b) cman, when running in verbose mode, allows local users to append to arbitrary files via a symlink attack on the apclog temporary file.
|
13-02-2023 - 02:19 | 15-10-2008 - 20:08 | |
CVE-2008-3832 | 4.9 |
A certain Fedora patch for the utrace subsystem in the Linux kernel before 2.6.26.5-28 on Fedora 8, and before 2.6.26.5-45 on Fedora 9, allows local users to cause a denial of service (NULL pointer dereference and system crash or hang) via a call to
|
13-02-2023 - 02:19 | 03-10-2008 - 17:41 | |
CVE-2008-3833 | 4.9 |
The generic_file_splice_write function in fs/splice.c in the Linux kernel before 2.6.19 does not properly strip setuid and setgid bits when there is a write to a file, which allows local users to gain the privileges of a different group, and obtain s
|
13-02-2023 - 02:19 | 03-10-2008 - 17:41 | |
CVE-2008-1720 | 7.5 |
Buffer overflow in rsync 2.6.9 to 3.0.1, with extended attribute (xattr) support enabled, might allow remote attackers to execute arbitrary code via unknown vectors.
|
13-02-2023 - 02:19 | 10-04-2008 - 19:05 | |
CVE-2008-3526 | 7.8 |
Integer overflow in the sctp_setsockopt_auth_key function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel 2.6.24-rc1 through 2.6.26.3 allows remote attackers to cause a denial of service (pan
|
13-02-2023 - 02:19 | 27-08-2008 - 20:41 | |
CVE-2008-2050 | 10.0 |
Stack-based buffer overflow in the FastCGI SAPI (fastcgi.c) in PHP before 5.2.6 has unknown impact and attack vectors.
|
13-02-2023 - 02:19 | 05-05-2008 - 17:20 | |
CVE-2008-3527 | 4.6 |
arch/i386/kernel/sysenter.c in the Virtual Dynamic Shared Objects (vDSO) implementation in the Linux kernel before 2.6.21 does not properly check boundaries, which allows local users to gain privileges or cause a denial of service via unspecified vec
|
13-02-2023 - 02:19 | 05-11-2008 - 15:00 | |
CVE-2008-2931 | 7.2 |
The do_change_type function in fs/namespace.c in the Linux kernel before 2.6.22 does not verify that the caller has the CAP_SYS_ADMIN capability, which allows local users to gain privileges or cause a denial of service by modifying the properties of
|
13-02-2023 - 02:19 | 09-07-2008 - 18:41 | |
CVE-2008-1926 | 7.5 |
Argument injection vulnerability in login (login-utils/login.c) in util-linux-ng 2.14 and earlier makes it easier for remote attackers to hide activities by modifying portions of log events, as demonstrated by appending an "addr=" statement to the lo
|
13-02-2023 - 02:19 | 24-04-2008 - 05:05 | |
CVE-2008-2364 | 5.0 |
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service
|
13-02-2023 - 02:19 | 13-06-2008 - 18:41 | |
CVE-2009-0781 | 4.3 |
Cross-site scripting (XSS) vulnerability in jsp/cal/cal2.jsp in the calendar application in the examples web application in Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18 allows remote attackers to inject arbitrary
|
13-02-2023 - 02:19 | 09-03-2009 - 21:30 | |
CVE-2009-1185 | 7.2 |
udev before 1.4.1 does not verify whether a NETLINK message originates from kernel space, which allows local users to gain privileges by sending a NETLINK message from user space.
|
13-02-2023 - 02:19 | 17-04-2009 - 14:30 | |
CVE-2009-1186 | 2.1 |
Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
|
13-02-2023 - 02:19 | 17-04-2009 - 14:30 | |
CVE-2009-0778 | 7.1 |
The icmp_send function in net/ipv4/icmp.c in the Linux kernel before 2.6.25, when configured as a router with a REJECT route, does not properly manage the Protocol Independent Destination Cache (aka DST) in some situations involving transmission of a
|
13-02-2023 - 02:19 | 12-03-2009 - 15:20 | |
CVE-2009-0029 | 7.2 |
The ABI in the Linux kernel 2.6.28 and earlier on s390, powerpc, sparc64, and mips 64-bit platforms requires that a 32-bit argument in a 64-bit register was properly sign extended when sent from a user-mode application, but cannot verify this, which
|
13-02-2023 - 02:19 | 15-01-2009 - 17:30 | |
CVE-2009-0787 | 4.9 |
The ecryptfs_write_metadata_to_contents function in the eCryptfs functionality in the Linux kernel 2.6.28 before 2.6.28.9 uses an incorrect size when writing kernel memory to an eCryptfs file header, which triggers an out-of-bounds read and allows lo
|
13-02-2023 - 02:19 | 25-03-2009 - 01:30 | |
CVE-2009-0796 | 2.6 |
Cross-site scripting (XSS) vulnerability in Status.pm in Apache::Status and Apache2::Status in mod_perl1 and mod_perl2 for the Apache HTTP Server, when /perl-status is accessible, allows remote attackers to inject arbitrary web script or HTML via the
|
13-02-2023 - 02:19 | 07-04-2009 - 23:30 | |
CVE-2007-5333 | 5.0 |
Apache Tomcat 6.0.0 through 6.0.14, 5.5.0 through 5.5.25, and 4.1.0 through 4.1.36 does not properly handle (1) double quote (") characters or (2) %5C (encoded backslash) sequences in a cookie value, which might cause sensitive information such as se
|
13-02-2023 - 02:18 | 12-02-2008 - 01:00 | |
CVE-2007-5501 | 7.8 |
The tcp_sacktag_write_queue function in net/ipv4/tcp_input.c in Linux kernel 2.6.21 through 2.6.23.7, and 2.6.24-rc through 2.6.24-rc2, allows remote attackers to cause a denial of service (crash) via crafted ACK responses that trigger a NULL pointer
|
13-02-2023 - 02:18 | 15-11-2007 - 20:46 | |
CVE-2007-5966 | 7.2 |
Integer overflow in the hrtimer_start function in kernel/hrtimer.c in the Linux kernel before 2.6.23.10 allows local users to execute arbitrary code or cause a denial of service (panic) via a large relative timeout value. NOTE: some of these details
|
13-02-2023 - 02:18 | 20-12-2007 - 00:46 | |
CVE-2007-4568 | 6.8 |
Integer overflow in the build_range function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values, which triggers
|
13-02-2023 - 02:18 | 05-10-2007 - 21:17 | |
CVE-2007-4567 | 7.8 |
The ipv6_hop_jumbo function in net/ipv6/exthdrs.c in the Linux kernel before 2.6.22 does not properly validate the hop-by-hop IPv6 extended header, which allows remote attackers to cause a denial of service (NULL pointer dereference and kernel panic)
|
13-02-2023 - 02:18 | 21-12-2007 - 00:46 | |
CVE-2007-4571 | 2.1 |
The snd_mem_proc_read function in sound/core/memalloc.c in the Advanced Linux Sound Architecture (ALSA) in the Linux kernel before 2.6.22.8 does not return the correct write size, which allows local users to obtain sensitive information (kernel memor
|
13-02-2023 - 02:18 | 26-09-2007 - 10:17 | |
CVE-2007-3731 | 4.9 |
The Linux kernel 2.6.20 and 2.6.21 does not properly handle an invalid LDT segment selector in %cs (the xcs field) during ptrace single-step operations, which allows local users to cause a denial of service (NULL dereference and OOPS) via certain cod
|
13-02-2023 - 02:18 | 17-09-2007 - 17:17 | |
CVE-2008-1673 | 10.0 |
The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, wh
|
13-02-2023 - 02:18 | 10-06-2008 - 00:32 | |
CVE-2007-3845 | 9.3 |
Mozilla Firefox before 2.0.0.6, Thunderbird before 1.5.0.13 and 2.x before 2.0.0.6, and SeaMonkey before 1.1.4 allow remote attackers to execute arbitrary commands via certain vectors associated with launching "a file handling program based on the fi
|
13-02-2023 - 02:18 | 08-08-2007 - 01:17 | |
CVE-2008-1678 | 5.0 |
Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client hand
|
13-02-2023 - 02:18 | 10-07-2008 - 17:41 | |
CVE-2007-3852 | 4.4 |
The init script (sysstat.in) in sysstat 5.1.2 up to 7.1.6 creates /tmp/sysstat.run insecurely, which allows local users to execute arbitrary code.
|
13-02-2023 - 02:18 | 14-08-2007 - 18:17 | |
CVE-2008-0600 | 7.2 |
The vmsplice_to_pipe function in Linux kernel 2.6.17 through 2.6.24.1 does not validate a certain userspace pointer before dereference, which allows local users to gain root privileges via crafted arguments in a vmsplice system call, a different vuln
|
13-02-2023 - 02:18 | 12-02-2008 - 21:00 | |
CVE-2008-0414 | 4.3 |
Mozilla Firefox before 2.0.0.12 and SeaMonkey before 1.1.8 allows user-assisted remote attackers to trick the user into uploading arbitrary files via label tags that shift focus to a file input field, aka "focus spoofing."
|
13-02-2023 - 02:18 | 08-02-2008 - 22:00 | |
CVE-2008-1078 | 7.2 |
expn in the am-utils and net-fs packages for Gentoo, rPath Linux, and other distributions, allows local users to overwrite arbitrary files via a symlink attack on the expn[PID] temporary file. NOTE: this is the same issue as CVE-2003-0308.1.
|
13-02-2023 - 02:18 | 29-02-2008 - 02:44 | |
CVE-2008-0891 | 4.3 |
Double free vulnerability in OpenSSL 0.9.8f and 0.9.8g, when the TLS server name extensions are enabled, allows remote attackers to cause a denial of service (crash) via a malformed Client Hello packet. NOTE: some of these details are obtained from t
|
13-02-2023 - 02:18 | 29-05-2008 - 16:32 | |
CVE-2007-2872 | 6.8 |
Multiple integer overflows in the chunk_split function in PHP 5 before 5.2.3 and PHP 4 before 4.4.8 allow remote attackers to cause a denial of service (crash) or execute arbitrary code via the (1) chunks, (2) srclen, and (3) chunklen arguments.
|
13-02-2023 - 02:17 | 04-06-2007 - 17:30 | |
CVE-2007-3105 | 4.6 |
Stack-based buffer overflow in the random number generator (RNG) implementation in the Linux kernel before 2.6.22 might allow local root users to cause a denial of service or gain privileges by setting the default wakeup threshold to a value greater
|
13-02-2023 - 02:17 | 27-07-2007 - 21:30 | |
CVE-2007-2348 | 6.8 |
mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands via a malicious script. NOTE: it is not clear whether this issue crosses security boundaries
|
13-02-2023 - 02:17 | 27-04-2007 - 18:19 | |
CVE-2007-1742 | 3.7 |
suexec in Apache HTTP Server (httpd) 2.2.3 uses a partial comparison for verifying whether the current directory is within the document root, which might allow local users to perform unauthorized operations on incorrect directories, as demonstrated u
|
13-02-2023 - 02:17 | 13-04-2007 - 17:19 | |
CVE-2007-1743 | 4.4 |
suexec in Apache HTTP Server (httpd) 2.2.3 does not verify combinations of user and group IDs on the command line, which might allow local users to leverage other vulnerabilities to create arbitrary UID/GID owned files if /proc is mounted. NOTE: the
|
13-02-2023 - 02:17 | 13-04-2007 - 17:19 | |
CVE-2007-0493 | 7.8 |
Use-after-free vulnerability in ISC BIND 9.3.0 up to 9.3.3, 9.4.0a1 up to 9.4.0a6, 9.4.0b1 up to 9.4.0b4, 9.4.0rc1, and 9.5.0a1 (Bind Forum only) allows remote attackers to cause a denial of service (named daemon crash) via unspecified vectors that c
|
13-02-2023 - 02:17 | 25-01-2007 - 20:28 | |
CVE-2006-5749 | 1.7 |
The isdn_ppp_ccp_reset_alloc_state function in drivers/isdn/isdn_ppp.c in the Linux 2.4 kernel before 2.4.34-rc4 does not call the init_timer function for the ISDN PPP CCP reset state timer, which has unknown attack vectors and results in a system cr
|
13-02-2023 - 02:16 | 31-12-2006 - 05:00 | |
CVE-2006-5753 | 7.2 |
Unspecified vulnerability in the listxattr system call in Linux kernel, when a "bad inode" is present, allows local users to cause a denial of service (data corruption) and possibly gain privileges via unknown vectors.
|
13-02-2023 - 02:16 | 30-01-2007 - 19:28 | |
CVE-2006-4572 | 7.5 |
ip6_tables in netfilter in the Linux kernel before 2.6.16.31 allows remote attackers to (1) bypass a rule that disallows a protocol, via a packet with the protocol header not located immediately after the fragment header, aka "ip6_tables protocol byp
|
13-02-2023 - 02:16 | 07-11-2006 - 00:07 | |
CVE-2006-3467 | 7.5 |
Integer overflow in FreeType before 2.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PCF file, as demonstrated by the Red Hat bad1.pcf test file, due to a partial fix of CVE-2006-1861.
|
13-02-2023 - 02:16 | 21-07-2006 - 14:03 | |
CVE-2006-3747 | 7.6 |
Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (applica
|
13-02-2023 - 02:16 | 28-07-2006 - 18:02 | |
CVE-2006-2656 | 7.5 |
Stack-based buffer overflow in the tiffsplit command in libtiff 3.8.2 and earlier might might allow attackers to execute arbitrary code via a long filename. NOTE: tiffsplit is not setuid. If there is not a common scenario under which tiffsplit is cal
|
13-02-2023 - 02:16 | 30-05-2006 - 18:02 | |
CVE-2006-0903 | 4.6 |
MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysql_real_query function. NOTE: this issue was originally reported for the mysql_query fu
|
13-02-2023 - 02:16 | 27-02-2006 - 23:02 | |
CVE-2009-4274 | 7.5 |
Stack-based buffer overflow in converter/ppm/xpmtoppm.c in netpbm before 10.47.07 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an XPM image file that contains a crafted hea
|
13-02-2023 - 01:18 | 12-02-2010 - 21:30 | |
CVE-2009-2903 | 7.1 |
Memory leak in the appletalk subsystem in the Linux kernel 2.4.x through 2.4.37.6 and 2.6.x through 2.6.31, when the appletalk and ipddp modules are loaded but the ipddp"N" device is not found, allows remote attackers to cause a denial of service (me
|
13-02-2023 - 01:17 | 15-09-2009 - 22:30 | |
CVE-2009-3612 | 2.1 |
The tcf_fill_node function in net/sched/cls_api.c in the netlink subsystem in the Linux kernel 2.6.x before 2.6.32-rc5, and 2.4.37.6 and earlier, does not initialize a certain tcm__pad2 structure member, which might allow local users to obtain sensit
|
13-02-2023 - 01:17 | 19-10-2009 - 20:00 | |
CVE-2009-3623 | 7.8 |
The lookup_cb_cred function in fs/nfsd/nfs4callback.c in the nfsd4 subsystem in the Linux kernel before 2.6.31.2 attempts to access a credentials cache even when a client specifies the AUTH_NULL authentication flavor, which allows remote attackers to
|
13-02-2023 - 01:17 | 30-10-2009 - 20:30 | |
CVE-2009-3624 | 4.6 |
The get_instantiation_keyring function in security/keys/keyctl.c in the KEYS subsystem in the Linux kernel before 2.6.32-rc5 does not properly maintain the reference count of a keyring, which allows local users to gain privileges or cause a denial of
|
13-02-2023 - 01:17 | 02-11-2009 - 15:30 | |
CVE-2009-2902 | 4.3 |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to delete work-directory files via directory traversal sequences in a WAR filename, as demonstrated by the ...war filename.
|
13-02-2023 - 01:17 | 28-01-2010 - 20:30 | |
CVE-2009-3722 | 7.1 |
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of servi
|
13-02-2023 - 01:17 | 30-10-2009 - 20:30 | |
CVE-2009-0793 | 4.3 |
cmsxform.c in LittleCMS (aka lcms or liblcms) 1.18, as used in OpenJDK and other products, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted image that triggers execution of incorrect
|
13-02-2023 - 01:17 | 09-04-2009 - 15:08 | |
CVE-2009-0024 | 7.2 |
The sys_remap_file_pages function in mm/fremap.c in the Linux kernel before 2.6.24.1 allows local users to cause a denial of service or gain privileges via unspecified vectors, related to the vm_file structure member, and the mmap_region and do_munma
|
13-02-2023 - 01:16 | 13-01-2009 - 17:00 | |
CVE-2004-0687 | 7.5 |
Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c, (2) ParseAndPutPixels in create.c, and (3) ParsePixels in parse.c for libXpm before 6.8.1 allow remote attackers to execute arbitrary code via a malformed XPM image file.
|
20-01-2023 - 19:15 | 20-10-2004 - 04:00 | |
CVE-2009-2687 | 4.3 |
The exif_read_data function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service (crash) via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353.
|
19-01-2023 - 16:38 | 05-08-2009 - 19:30 | |
CVE-2006-7204 | 2.1 |
The imap_body function in PHP before 4.4.4 does not implement safemode or open_basedir checks, which allows local users to read arbitrary files or list arbitrary directory contents.
|
19-01-2023 - 16:26 | 22-05-2007 - 19:30 | |
CVE-2008-4609 | 7.1 |
The TCP implementation in (1) Linux, (2) platforms based on BSD Unix, (3) Microsoft Windows, (4) Cisco products, and probably other operating systems allows remote attackers to cause a denial of service (connection queue exhaustion) via multiple vect
|
14-12-2022 - 16:40 | 20-10-2008 - 17:59 | |
CVE-2003-1562 | 7.6 |
sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use t
|
13-12-2022 - 12:15 | 31-12-2003 - 05:00 | |
CVE-1999-0524 | 2.1 |
ICMP information such as (1) netmask and (2) timestamp is allowed from arbitrary hosts.
|
14-11-2022 - 19:33 | 01-08-1997 - 04:00 | |
CVE-2007-2727 | 2.6 |
The mcrypt_create_iv function in ext/mcrypt/mcrypt.c in PHP before 4.4.7, 5.2.1, and possibly 5.0.x and other PHP 5 versions, calls php_rand_r with an uninitialized seed variable and therefore always generates the same initialization vector (IV), whi
|
07-11-2022 - 15:05 | 16-05-2007 - 22:30 | |
CVE-2008-3789 | 2.1 |
Samba 3.2.0 uses weak permissions (0666) for the (1) group_mapping.tdb and (2) group_mapping.ldb files, which allows local users to modify the membership of Unix groups.
|
31-10-2022 - 15:04 | 27-08-2008 - 20:41 | |
CVE-2008-0455 | 4.3 |
Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated use
|
21-09-2022 - 19:09 | 25-01-2008 - 01:00 | |
CVE-2008-0456 | 2.6 |
CRLF injection vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject
|
21-09-2022 - 19:08 | 25-01-2008 - 01:00 | |
CVE-2009-3095 | 5.0 |
The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as
|
19-09-2022 - 19:50 | 08-09-2009 - 18:30 | |
CVE-2009-3094 | 2.6 |
The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a mal
|
19-09-2022 - 19:49 | 08-09-2009 - 18:30 | |
CVE-2009-3294 | 5.0 |
The popen API function in TSRM/tsrm_win32.c in PHP before 5.2.11 and 5.3.x before 5.3.1, when running on certain Windows operating systems, allows context-dependent attackers to cause a denial of service (crash) via a crafted (1) "e" or (2) "er" stri
|
01-09-2022 - 16:32 | 22-09-2009 - 10:30 | |
CVE-2007-2444 | 7.2 |
Logic error in the SID/Name translation functionality in smbd in Samba 3.0.23d through 3.0.25pre2 allows local users to gain temporary privileges and execute SMB/CIFS protocol operations via unspecified vectors that cause the daemon to transition to
|
29-08-2022 - 20:19 | 14-05-2007 - 21:19 | |
CVE-2007-3007 | 5.0 |
PHP 5 before 5.2.3 does not enforce the open_basedir or safe_mode restriction in certain cases, which allows context-dependent attackers to determine the existence of arbitrary files by checking if the readfile function returns a string. NOTE: this
|
29-08-2022 - 20:07 | 04-06-2007 - 17:30 | |
CVE-2009-1888 | 5.8 |
The acl_group_override function in smbd/posix_acls.c in smbd in Samba 3.0.x before 3.0.35, 3.1.x and 3.2.x before 3.2.13, and 3.3.x before 3.3.6, when dos filemode is enabled, allows remote attackers to modify access control lists for files via vecto
|
29-08-2022 - 19:43 | 25-06-2009 - 01:30 | |
CVE-1999-0523 | 0.0 |
ICMP echo (ping) is allowed from arbitrary hosts.
|
17-08-2022 - 10:15 | 01-01-1999 - 05:00 | |
CVE-2009-1724 | 4.3 |
Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms, allows remote attackers to inject arbitrary web script or HTML via vectors r
|
09-08-2022 - 13:48 | 09-07-2009 - 17:30 | |
CVE-2009-1725 | 9.3 |
WebKit in Apple Safari before 4.0.2, as used on iPhone OS before 3.1, iPhone OS before 3.1.1 for iPod touch, and other platforms; KHTML in kdelibs in KDE; QtWebKit (aka Qt toolkit); and possibly other products do not properly handle numeric character
|
09-08-2022 - 13:48 | 09-07-2009 - 17:30 | |
CVE-2008-1586 | 7.1 |
ImageIO in Apple iPhone OS 1.0 through 2.1 and iPhone OS for iPod touch 1.1 through 2.1 allow remote attackers to cause a denial of service (memory consumption and device reset) via a crafted TIFF image.
|
09-08-2022 - 13:48 | 25-11-2008 - 23:30 | |
CVE-2008-2371 | 7.5 |
Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible Regular Expression (PCRE) library 7.7 allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a regular expression that begins
|
01-08-2022 - 15:54 | 07-07-2008 - 23:41 | |
CVE-2007-0455 | 7.5 |
Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded
|
21-07-2022 - 15:17 | 30-01-2007 - 17:28 | |
CVE-2007-1887 | 7.5 |
Buffer overflow in the sqlite_decode_binary function in the bundled sqlite library in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter, as demonstrated by ca
|
21-07-2022 - 15:12 | 06-04-2007 - 01:19 | |
CVE-2008-1721 | 7.5 |
Integer signedness error in the zlib extension module in Python 2.5.2 and earlier allows remote attackers to execute arbitrary code via a negative signed integer, which triggers insufficient memory allocation and a buffer overflow.
|
05-07-2022 - 18:43 | 10-04-2008 - 19:05 | |
CVE-2005-2096 | 7.5 |
zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted
|
22-06-2022 - 16:40 | 06-07-2005 - 04:00 | |
CVE-2006-2450 | 7.5 |
auth.c in LibVNCServer 0.7.1 allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is accepted even if it is not offered by the server, a different issue
|
13-05-2022 - 18:15 | 18-07-2006 - 15:40 | |
CVE-2006-2369 | 7.5 |
RealVNC 4.1.1, and other products that use RealVNC such as AdderLink IP and Cisco CallManager, allows remote attackers to bypass authentication via a request in which the client specifies an insecure security type such as "Type 1 - None", which is ac
|
13-05-2022 - 18:15 | 15-05-2006 - 16:06 | |
CVE-2007-6283 | 4.9 |
Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named.
|
25-02-2022 - 19:06 | 18-12-2007 - 01:46 | |
CVE-2007-3126 | 5.0 |
Gimp before 2.8.22 allows context-dependent attackers to cause a denial of service (crash) via an ICO file with an InfoHeader containing a Height of zero, a similar issue to CVE-2007-2237.
|
07-02-2022 - 17:28 | 08-06-2007 - 00:30 | |
CVE-2007-0010 | 2.1 |
The GdkPixbufLoader function in GIMP ToolKit (GTK+) in GTK 2 (gtk2) before 2.4.13 allows context-dependent attackers to cause a denial of service (crash) via a malformed image file.
|
07-02-2022 - 17:28 | 24-01-2007 - 19:28 | |
CVE-2010-0136 | 9.3 |
OpenOffice.org (OOo) 2.0.4, 2.4.1, and 3.1.1 does not properly enforce Visual Basic for Applications (VBA) macro security settings, which allows remote attackers to run arbitrary macros via a crafted document.
|
07-02-2022 - 17:04 | 16-02-2010 - 19:30 | |
CVE-2008-1198 | 7.1 |
The default IPSec ifup script in Red Hat Enterprise Linux 3 through 5 configures racoon to use aggressive IKE mode instead of main IKE mode, which makes it easier for remote attackers to conduct brute force attacks by sniffing an unencrypted preshare
|
03-02-2022 - 19:56 | 06-03-2008 - 21:44 | |
CVE-2008-1672 | 4.3 |
OpenSSL 0.9.8f and 0.9.8g allows remote attackers to cause a denial of service (crash) via a TLS handshake that omits the Server Key Exchange message and uses "particular cipher suites," which triggers a NULL pointer dereference.
|
02-02-2022 - 15:03 | 29-05-2008 - 16:32 | |
CVE-2008-3964 | 4.3 |
Multiple off-by-one errors in libpng before 1.2.32beta01, and 1.4 before 1.4.0beta34, allow context-dependent attackers to cause a denial of service (crash) or have unspecified other impact via a PNG image with crafted zTXt chunks, related to (1) the
|
31-01-2022 - 14:18 | 11-09-2008 - 01:13 | |
CVE-2007-2583 | 4.0 |
The in_decimal::set function in item_cmpfunc.cc in MySQL before 5.0.40, and 5.1 before 5.1.18-beta, allows context-dependent attackers to cause a denial of service (crash) via a crafted IF clause that results in a divide-by-zero error and a NULL poin
|
08-11-2021 - 21:47 | 10-05-2007 - 00:19 | |
CVE-2008-2711 | 4.3 |
fetchmail 6.3.8 and earlier, when running in -v -v (aka verbose) mode, allows remote attackers to cause a denial of service (crash and persistent mail failure) via a malformed mail message with long headers, which triggers an erroneous dereference wh
|
09-08-2021 - 21:15 | 16-06-2008 - 21:41 | |
CVE-2008-2841 | 6.8 |
Argument injection vulnerability in XChat 2.8.7b and earlier on Windows, when Internet Explorer is used, allows remote attackers to execute arbitrary commands via the --command parameter in an ircs:// URI.
|
23-07-2021 - 15:12 | 24-06-2008 - 19:41 | |
CVE-2001-1534 | 2.1 |
mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these sess
|
15-07-2021 - 20:37 | 31-12-2001 - 05:00 | |
CVE-2004-0971 | 2.1 |
The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
|
18-06-2021 - 15:15 | 09-02-2005 - 05:00 | |
CVE-2005-2541 | 10.0 |
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
|
18-06-2021 - 15:15 | 10-08-2005 - 04:00 | |
CVE-2006-4811 | 6.8 |
Integer overflow in Qt 3.3 before 3.3.7, 4.1 before 4.1.5, and 4.2 before 4.2.1, as used in the KDE khtml library, kdelibs 3.1.3, and possibly other packages, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary
|
16-06-2021 - 12:43 | 18-10-2006 - 17:07 | |
CVE-2009-2700 | 4.3 |
src/network/ssl/qsslcertificate.cpp in Nokia Trolltech Qt 4.x does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se
|
16-06-2021 - 12:43 | 02-09-2009 - 17:30 | |
CVE-2007-1862 | 5.0 |
The recall_headers function in mod_mem_cache in Apache 2.2.4 does not properly copy all levels of header data, which can cause Apache to return HTTP headers containing previously used data, which could be used by remote attackers to obtain potentiall
|
06-06-2021 - 11:15 | 04-06-2007 - 23:30 | |
CVE-2004-0811 | 7.5 |
Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
|
06-06-2021 - 11:15 | 31-12-2004 - 05:00 | |
CVE-2010-0010 | 6.8 |
Integer overflow in the ap_proxy_send_fb function in proxy/proxy_util.c in mod_proxy in the Apache HTTP Server before 1.3.42 on 64-bit platforms allows remote origin servers to cause a denial of service (daemon crash) or possibly execute arbitrary co
|
06-06-2021 - 11:15 | 02-02-2010 - 16:30 | |
CVE-2003-0192 | 6.4 |
Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3, do not properly handle "certain sequences of per-directory renegotiations and the SSLCipherSuite directive being used to upgrade from a weak ciphersuite to a strong one," which c
|
06-06-2021 - 11:15 | 18-08-2003 - 04:00 | |
CVE-2007-4476 | 7.5 |
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
|
17-05-2021 - 19:55 | 05-09-2007 - 01:17 | |
CVE-2007-2768 | 4.3 |
OpenSSH, when using OPIE (One-Time Passwords in Everything) for PAM, allows remote attackers to determine the existence of certain user accounts, which displays a different response if the user account exists and is configured to use one-time passwor
|
01-04-2021 - 15:32 | 21-05-2007 - 20:30 | |
CVE-2006-6144 | 5.0 |
The "mechglue" abstraction interface of the GSS-API library for Kerberos 5 1.5 through 1.5.1, as used in Kerberos administration daemon (kadmind) and other products that use this library, allows remote attackers to cause a denial of service (crash) v
|
02-02-2021 - 18:13 | 31-12-2006 - 05:00 | |
CVE-2007-4045 | 5.0 |
The CUPS service, as used in SUSE Linux before 20070720 and other Linux distributions, allows remote attackers to cause a denial of service via unspecified vectors related to an incomplete fix for CVE-2007-0720 that introduced a different denial of s
|
23-12-2020 - 15:20 | 27-07-2007 - 22:30 | |
CVE-2007-1322 | 2.1 |
QEMU 0.8.2 allows local users to halt a virtual machine by executing the icebp instruction.
|
15-12-2020 - 23:49 | 02-05-2007 - 17:19 | |
CVE-2007-1366 | 2.1 |
QEMU 0.8.2 allows local users to crash a virtual machine via the divisor operand to the aam instruction, as demonstrated by "aam 0x0," which triggers a divide-by-zero error.
|
15-12-2020 - 23:49 | 02-05-2007 - 17:19 | |
CVE-2007-5730 | 7.2 |
Heap-based buffer overflow in QEMU 0.8.2, as used in Xen and possibly other products, allows local users to execute arbitrary code via crafted data in the "net socket listen" option, aka QEMU "net socket" heap overflow. NOTE: some sources have used
|
15-12-2020 - 23:48 | 30-10-2007 - 22:46 | |
CVE-2007-5729 | 7.2 |
The NE2000 emulator in QEMU 0.8.2 allows local users to execute arbitrary code by writing Ethernet frames with a size larger than the MTU to the EN0_TCNT register, which triggers a heap-based buffer overflow in the slirp library, aka NE2000 "mtu" hea
|
15-12-2020 - 23:48 | 30-10-2007 - 22:46 | |
CVE-2004-1064 | 10.0 |
The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before public
|
08-12-2020 - 18:56 | 10-01-2005 - 05:00 | |
CVE-2004-1063 | 10.0 |
PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters
|
08-12-2020 - 18:54 | 10-01-2005 - 05:00 | |
CVE-2005-2069 | 5.0 |
pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a slave using TLS, does not use TLS for the subsequent connection if the client is referred to a master, which may cause a password to be sent in cleartext and allows remote attackers t
|
16-11-2020 - 19:30 | 30-06-2005 - 04:00 | |
CVE-2007-5191 | 7.2 |
mount and umount in util-linux and loop-aes-utils call the setuid and setgid functions in the wrong order and do not check the return values, which might allow attackers to gain privileges via helpers such as mount.nfs.
|
04-11-2020 - 14:59 | 04-10-2007 - 16:17 | |
CVE-2009-0590 | 5.0 |
The ASN1_STRING_print_ex function in OpenSSL before 0.9.8k allows remote attackers to cause a denial of service (invalid memory access and application crash) via vectors that trigger printing of a (1) BMPString or (2) UniversalString with an invalid
|
03-11-2020 - 17:38 | 27-03-2009 - 16:30 | |
CVE-2008-2382 | 5.0 |
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
|
02-11-2020 - 14:39 | 24-12-2008 - 18:29 | |
CVE-2009-3767 | 4.3 |
libraries/libldap/tls_o.c in OpenLDAP 2.2 and 2.4, and possibly other versions, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-
|
14-10-2020 - 17:13 | 23-10-2009 - 19:30 | |
CVE-2001-1556 | 5.0 |
The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX
|
14-10-2020 - 16:51 | 31-12-2001 - 05:00 | |
CVE-2007-3378 | 6.8 |
The (1) session_save_path, (2) ini_set, and (3) error_log functions in PHP 4.4.7 and earlier, and PHP 5 5.2.3 and earlier, when invoked from a .htaccess file, allow remote attackers to bypass safe_mode and open_basedir restrictions and possibly execu
|
18-09-2020 - 19:15 | 29-06-2007 - 18:30 | |
CVE-2009-1072 | 4.9 |
nfsd in the Linux kernel before 2.6.28.9 does not drop the CAP_MKNOD capability before handling a user request in a thread, which allows local users to create device nodes, as demonstrated on a filesystem that has been exported with the root_squash o
|
02-09-2020 - 16:01 | 25-03-2009 - 01:30 | |
CVE-2010-1148 | 4.7 |
The cifs_create function in fs/cifs/dir.c in the Linux kernel 2.6.33.2 and earlier allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly have unspecified other impact via a NULL nameidata (aka nd) field in a
|
28-08-2020 - 16:22 | 12-04-2010 - 17:30 | |
CVE-2010-1146 | 6.9 |
The Linux kernel 2.6.33.2 and earlier, when a ReiserFS filesystem exists, does not restrict read or write access to the .reiserfs_priv directory, which allows local users to gain privileges by modifying (1) extended attributes or (2) ACLs, as demonst
|
28-08-2020 - 16:06 | 12-04-2010 - 18:30 | |
CVE-2009-1242 | 4.9 |
The vmx_set_msr function in arch/x86/kvm/vmx.c in the VMX implementation in the KVM subsystem in the Linux kernel before 2.6.29.1 on the i386 platform allows guest OS users to cause a denial of service (OOPS) by setting the EFER_LME (aka "Long mode e
|
27-08-2020 - 16:43 | 06-04-2009 - 14:30 | |
CVE-2009-1527 | 6.9 |
Race condition in the ptrace_attach function in kernel/ptrace.c in the Linux kernel before 2.6.30-rc4 allows local users to gain privileges via a PTRACE_ATTACH ptrace call during an exec system call that is launching a setuid application, related to
|
21-08-2020 - 18:47 | 05-05-2009 - 20:30 | |
CVE-2009-1630 | 4.4 |
The nfs_permission function in fs/nfs/dir.c in the NFS client implementation in the Linux kernel 2.6.29.3 and earlier, when atomic_open is available, does not check execute (aka EXEC or MAY_EXEC) permission bits, which allows local users to bypass pe
|
21-08-2020 - 18:45 | 14-05-2009 - 17:30 | |
CVE-2006-5173 | 2.1 |
Linux kernel does not properly save or restore EFLAGS during a context switch, or reset the flags when creating new threads, which allows local users to cause a denial of service (process crash), as demonstrated using a process that sets the Alignmen
|
19-08-2020 - 19:42 | 17-10-2006 - 22:07 | |
CVE-2009-2287 | 4.9 |
The kvm_arch_vcpu_ioctl_set_sregs function in the KVM in Linux kernel 2.6 before 2.6.30, when running on x86 systems, does not validate the page table root in a KVM_SET_SREGS call, which allows local users to cause a denial of service (crash or hang)
|
19-08-2020 - 19:41 | 01-07-2009 - 13:00 | |
CVE-2010-0623 | 4.9 |
The futex_lock_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly manage a certain reference count, which allows local users to cause a denial of service (OOPS) via vectors involving an unmount of an ext3 filesystem
|
14-08-2020 - 15:45 | 15-02-2010 - 18:30 | |
CVE-2009-3228 | 2.1 |
The tc_fill_tclass function in net/sched/sch_api.c in the tc subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.31-rc9 does not initialize certain (1) tcm__pad1 and (2) tcm__pad2 structure members, which might allow local users
|
13-08-2020 - 12:59 | 19-10-2009 - 20:00 | |
CVE-2009-4004 | 7.2 |
Buffer overflow in the kvm_vcpu_ioctl_x86_setup_mce function in arch/x86/kvm/x86.c in the KVM subsystem in the Linux kernel before 2.6.32-rc7 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via a KVM_X8
|
12-08-2020 - 15:50 | 20-11-2009 - 02:30 | |
CVE-2006-1174 | 3.7 |
useradd in shadow-utils before 4.0.3, and possibly other versions before 4.0.8, does not provide a required argument to the open function when creating a new user mailbox, which causes the mailbox to be created with unpredictable permissions and poss
|
11-08-2020 - 17:09 | 28-05-2006 - 23:02 | |
CVE-2010-0727 | 4.9 |
The gfs2_lock function in the Linux kernel before 2.6.34-rc1-next-20100312, and the gfs_lock function in the Linux kernel on Red Hat Enterprise Linux (RHEL) 5 and 6, does not properly remove POSIX locks on files that are setgid without group-execute
|
07-08-2020 - 15:13 | 16-03-2010 - 19:30 | |
CVE-2010-0205 | 4.3 |
The png_decompress_chunk function in pngrutil.c in libpng 1.0.x before 1.0.53, 1.2.x before 1.2.43, and 1.4.x before 1.4.1 does not properly handle compressed ancillary-chunk data that has a disproportionately large uncompressed representation, which
|
07-08-2020 - 13:26 | 03-03-2010 - 19:30 | |
CVE-2009-3280 | 7.8 |
Integer signedness error in the find_ie function in net/wireless/scan.c in the cfg80211 subsystem in the Linux kernel before 2.6.31.1-rc1 allows remote attackers to cause a denial of service (soft lockup) via malformed packets.
|
06-08-2020 - 14:56 | 21-09-2009 - 19:30 | |
CVE-2008-3534 | 4.9 |
The shmem_delete_inode function in mm/shmem.c in the tmpfs implementation in the Linux kernel before 2.6.26.1 allows local users to cause a denial of service (system crash) via a certain sequence of file create, remove, and overwrite operations, as d
|
31-07-2020 - 21:27 | 08-08-2008 - 19:41 | |
CVE-2008-3535 | 4.9 |
Off-by-one error in the iov_iter_advance function in mm/filemap.c in the Linux kernel before 2.6.27-rc2 allows local users to cause a denial of service (system crash) via a certain sequence of file I/O operations with readv and writev, as demonstrate
|
31-07-2020 - 21:26 | 08-08-2008 - 19:41 | |
CVE-2008-3077 | 4.9 |
arch/x86/kernel/ptrace.c in the Linux kernel before 2.6.25.10 on the x86_64 platform leaks task_struct references into the sys32_ptrace function, which allows local users to cause a denial of service (system crash) or have unspecified other impact vi
|
31-07-2020 - 21:23 | 09-07-2008 - 00:41 | |
CVE-2008-3496 | 10.0 |
Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.
|
28-07-2020 - 18:49 | 06-08-2008 - 18:41 | |
CVE-2007-2893 | 7.2 |
Heap-based buffer overflow in the bx_ne2k_c::rx_frame function in iodev/ne2k.cc in the emulated NE2000 device in Bochs 2.3 allows local users of the guest operating system to write to arbitrary memory locations and gain privileges on the host operati
|
19-05-2020 - 19:56 | 30-05-2007 - 01:30 | |
CVE-2005-4807 | 7.5 |
Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.
|
01-04-2020 - 12:54 | 31-12-2005 - 05:00 | |
CVE-2005-4808 | 7.6 |
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. This vulnerability is addressed in
|
01-04-2020 - 12:53 | 31-12-2005 - 05:00 | |
CVE-2008-1447 | 5.0 |
The DNS protocol, as implemented in (1) BIND 8 and 9 before 9.5.0-P1, 9.4.2-P1, and 9.3.5-P1; (2) Microsoft DNS in Windows 2000 SP4, XP SP2 and SP3, and Server 2003 SP1 and SP2; and other implementations allow remote attackers to spoof DNS traffic vi
|
24-03-2020 - 18:19 | 08-07-2008 - 23:41 | |
CVE-2006-2194 | 7.2 |
The winbind plugin in pppd for ppp 2.4.4 and earlier does not check the return code from the setuid function call, which might allow local users to gain privileges by causing setuid to fail, such as exceeding PAM limits for the maximum number of user
|
24-02-2020 - 15:55 | 05-07-2006 - 18:05 | |
CVE-2007-5972 | 9.0 |
Double free vulnerability in the krb5_def_store_mkey function in lib/kdb/kdb_default.c in MIT Kerberos 5 (krb5) 1.5 has unknown impact and remote authenticated attack vectors. NOTE: the free operations occur in code that stores the krb5kdc master ke
|
21-01-2020 - 15:45 | 06-12-2007 - 02:46 | |
CVE-2006-3083 | 7.2 |
The (1) krshd and (2) v4rcp applications in (a) MIT Kerberos 5 (krb5) up to 1.5, and 1.4.x before 1.4.4, when running on Linux and AIX, and (b) Heimdal 0.7.2 and earlier, do not check return codes for setuid calls, which allows local users to gain pr
|
21-01-2020 - 15:45 | 09-08-2006 - 10:04 | |
CVE-2010-1320 | 4.0 |
Double free vulnerability in do_tgs_req.c in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7.x and 1.8.x before 1.8.2 allows remote authenticated users to cause a denial of service (daemon crash) or possibly execute arbitrary code
|
21-01-2020 - 15:45 | 22-04-2010 - 14:30 | |
CVE-2009-3295 | 5.0 |
The prep_reprocess_req function in kdc/do_tgs_req.c in the cross-realm referral implementation in the Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.1 allows remote attackers to cause a denial of service (NULL pointer deref
|
21-01-2020 - 15:45 | 29-12-2009 - 20:41 | |
CVE-2010-0628 | 5.0 |
The spnego_gss_accept_sec_context function in lib/gssapi/spnego/spnego_mech.c in the SPNEGO GSS-API functionality in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2 and 1.8 before 1.8.1 allows remote attackers to cause a denial of service (assertion failu
|
21-01-2020 - 15:45 | 25-03-2010 - 22:30 | |
CVE-2005-0488 | 5.0 |
Certain BSD-based Telnet clients, including those used on Solaris and SuSE Linux, allow remote malicious Telnet servers to read sensitive environment variables via the NEW-ENVIRON option with a SEND ENV_USERVAR command.
|
21-01-2020 - 15:45 | 14-06-2005 - 04:00 | |
CVE-2010-0283 | 7.8 |
The Key Distribution Center (KDC) in MIT Kerberos 5 (aka krb5) 1.7 before 1.7.2, and 1.8 alpha, allows remote attackers to cause a denial of service (assertion failure and daemon crash) via an invalid (1) AS-REQ or (2) TGS-REQ request.
|
21-01-2020 - 15:45 | 22-02-2010 - 13:00 | |
CVE-2007-5902 | 10.0 |
Integer overflow in the svcauth_gss_get_principal function in lib/rpc/svc_auth_gss.c in MIT Kerberos 5 (krb5) allows remote attackers to have an unknown impact via a large length value for a GSS client name in an RPC request.
|
21-01-2020 - 15:44 | 06-12-2007 - 02:46 | |
CVE-2007-3149 | 7.2 |
sudo, when linked with MIT Kerberos 5 (krb5), does not properly check whether a user can currently authenticate to Kerberos, which allows local users to gain privileges, in a manner unintended by the sudo security model, via certain KRB5_ environment
|
21-01-2020 - 15:44 | 11-06-2007 - 18:30 | |
CVE-2008-7247 | 6.0 |
sql/sql_table.cc in MySQL 5.0.x through 5.0.88, 5.1.x through 5.1.41, and 6.0 before 6.0.9-alpha, when the data home directory contains a symlink to a different filesystem, allows remote authenticated users to bypass intended access restrictions by c
|
17-12-2019 - 20:26 | 30-11-2009 - 17:30 | |
CVE-2008-4098 | 4.6 |
MySQL before 5.0.67 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are originally associated with pathnames without symlinks, and
|
17-12-2019 - 20:26 | 18-09-2008 - 15:04 | |
CVE-2008-3963 | 4.0 |
MySQL 5.0 before 5.0.66, 5.1 before 5.1.26, and 6.0 before 6.0.6 does not properly handle a b'' (b single-quote single-quote) token, aka an empty bit-string literal, which allows remote attackers to cause a denial of service (daemon crash) by using t
|
17-12-2019 - 20:26 | 11-09-2008 - 01:13 | |
CVE-2009-2446 | 8.5 |
Multiple format string vulnerabilities in the dispatch_command function in libmysqld/sql_parse.cc in mysqld in MySQL 4.0.0 through 5.0.83 allow remote authenticated users to cause a denial of service (daemon crash) and possibly have unspecified other
|
17-12-2019 - 20:26 | 13-07-2009 - 17:30 | |
CVE-2008-0226 | 7.5 |
Multiple buffer overflows in yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allow remote attackers to execute arbitrary code via (1) the ProcessOldClientHello function in handshake.cpp or (2) "input_buffer& operator>>" in yass
|
17-12-2019 - 20:26 | 10-01-2008 - 23:46 | |
CVE-2009-0819 | 4.0 |
sql/item_xmlfunc.cc in MySQL 5.1 before 5.1.32 and 6.0 before 6.0.10 allows remote authenticated users to cause a denial of service (crash) via "an XPath expression employing a scalar expression as a FilterExpr with ExtractValue() or UpdateXML()," wh
|
17-12-2019 - 20:23 | 05-03-2009 - 02:30 | |
CVE-2007-6304 | 5.0 |
The federated engine in MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4, when performing a certain SHOW TABLE STATUS query, allows remote MySQL servers to cause a denial of service (federated handler crash and daemon crash) vi
|
17-12-2019 - 20:16 | 10-12-2007 - 21:46 | |
CVE-2007-6303 | 3.5 |
MySQL 5.0.x before 5.0.51a, 5.1.x before 5.1.23, and 6.0.x before 6.0.4 does not update the DEFINER value of a view when the view is altered, which allows remote authenticated users to gain privileges via a sequence of statements including a CREATE S
|
17-12-2019 - 20:16 | 10-12-2007 - 21:46 | |
CVE-2006-4226 | 3.6 |
MySQL before 4.1.21, 5.0 before 5.0.25, and 5.1 before 5.1.12, when run on case-sensitive filesystems, allows remote authenticated users to create or access a database when the database name differs only in case from a database for which they have pe
|
17-12-2019 - 20:16 | 18-08-2006 - 20:04 | |
CVE-2006-3469 | 4.0 |
Format string vulnerability in time.cc in MySQL Server 4.1 before 4.1.21 and 5.0 before 1 April 2006 allows remote authenticated users to cause a denial of service (crash) via a format string instead of a date as the first parameter to the date_forma
|
17-12-2019 - 20:16 | 21-07-2006 - 14:03 | |
CVE-2007-2692 | 6.0 |
The mysql_change_db function in MySQL 5.0.x before 5.0.40 and 5.1.x before 5.1.18 does not restore THD::db_access privileges when returning from SQL SECURITY INVOKER stored routines, which allows remote authenticated users to gain privileges.
|
17-12-2019 - 20:16 | 16-05-2007 - 01:19 | |
CVE-2006-4031 | 2.1 |
MySQL 4.1 before 4.1.21 and 5.0 before 5.0.24 allows a local user to access a table through a previously created MERGE table, even after the user's privileges are revoked for the original table, which might violate intended security policy. This vuln
|
17-12-2019 - 20:16 | 09-08-2006 - 22:04 | |
CVE-2007-1420 | 2.1 |
MySQL 5.x before 5.0.36 allows local users to cause a denial of service (database crash) by performing information_schema table subselects and using ORDER BY to sort a single-row result, which prevents certain structure elements from being initialize
|
17-12-2019 - 20:16 | 12-03-2007 - 23:19 | |
CVE-2007-5970 | 5.8 |
MySQL 5.1.x before 5.1.23 and 6.0.x before 6.0.4 allows remote authenticated users to gain privileges on arbitrary tables via unspecified vectors involving use of table-level DATA DIRECTORY and INDEX DIRECTORY options when creating a partitioned tabl
|
17-12-2019 - 20:06 | 10-12-2007 - 19:46 | |
CVE-2007-2693 | 3.5 |
MySQL before 5.1.18 allows remote authenticated users without SELECT privileges to obtain sensitive information from partitioned tables via an ALTER TABLE statement.
|
17-12-2019 - 20:06 | 16-05-2007 - 01:19 | |
CVE-2006-4227 | 6.5 |
MySQL before 5.0.25 and 5.1 before 5.1.12 evaluates arguments of suid routines in the security context of the routine's definer instead of the routine's caller, which allows remote authenticated users to gain privileges through a routine that has bee
|
17-12-2019 - 20:05 | 18-08-2006 - 20:04 | |
CVE-2008-4456 | 2.6 |
Cross-site scripting (XSS) vulnerability in the command-line client in MySQL 5.0.26 through 5.0.45, and other versions including versions later than 5.0.45, when the --html option is enabled, allows attackers to inject arbitrary web script or HTML by
|
17-12-2019 - 19:56 | 06-10-2008 - 23:25 | |
CVE-2008-2079 | 4.6 |
MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24, and 6.0.x before 6.0.5 allows local users to bypass certain privilege checks by calling CREATE TABLE on a MyISAM table with modified (1) DATA DIRECTORY or (2) INDEX DIRECTORY argume
|
17-12-2019 - 15:25 | 05-05-2008 - 16:20 | |
CVE-2009-3766 | 6.8 |
mutt_ssl.c in mutt 1.5.16 and other versions before 1.5.19, when OpenSSL is used, does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an ar
|
07-11-2019 - 15:35 | 23-10-2009 - 19:30 | |
CVE-2005-0758 | 4.6 |
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
|
16-10-2019 - 20:01 | 13-05-2005 - 04:00 | |
CVE-2008-2829 | 5.0 |
php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete API calls that allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long IMAP request, which triggers an "rfc822.c lega
|
09-10-2019 - 22:55 | 23-06-2008 - 20:41 | |
CVE-2007-4841 | 9.3 |
Mozilla Firefox before 2.0.0.8, Thunderbird before 2.0.0.8, and SeaMonkey before 1.1.5 allows remote attackers to execute arbitrary commands via a (1) mailto, (2) nntp, (3) news, or (4) snews URI with invalid "%" encoding, related to improper file ty
|
09-10-2019 - 22:53 | 12-09-2007 - 20:17 | |
CVE-2007-1701 | 6.8 |
PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when register_globals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling se
|
09-10-2019 - 22:52 | 27-03-2007 - 01:19 | |
CVE-2003-1331 | 4.0 |
Stack-based buffer overflow in the mysql_real_connect function in the MySql client library (libmysqlclient) 4.0.13 and earlier allows local users to execute arbitrary code via a long socket name, a different vulnerability than CVE-2001-1453.
|
07-10-2019 - 16:42 | 31-12-2003 - 05:00 | |
CVE-2008-0122 | 10.0 |
Off-by-one error in the inet_network function in libbind in ISC BIND 9.4.2 and earlier, as used in libc in FreeBSD 6.2 through 7.0-PRERELEASE, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code
|
01-08-2019 - 12:12 | 16-01-2008 - 02:00 | |
CVE-2008-4190 | 4.4 |
The IPSEC livetest tool in Openswan 2.4.12 and earlier, and 2.6.x through 2.6.16, allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack on the (1) ipseclive.conn and (2) ipsec.olts.remote.log temporary files.
|
29-07-2019 - 14:24 | 24-09-2008 - 11:42 | |
CVE-2007-0061 | 10.0 |
The DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build 55017, and Server be
|
16-07-2019 - 12:20 | 21-09-2007 - 19:17 | |
CVE-2007-0063 | 10.0 |
Integer underflow in the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 55017, ACE before 1.0.3 Build 54075 and ACE 2 before 2.0.1 Build
|
16-07-2019 - 12:20 | 21-09-2007 - 19:17 | |
CVE-2003-0367 | 2.1 |
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
23-05-2019 - 14:04 | 02-07-2003 - 04:00 | |
CVE-2009-2693 | 5.8 |
Directory traversal vulnerability in Apache Tomcat 5.5.0 through 5.5.28 and 6.0.0 through 6.0.20 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in an entry in a WAR file, as demonstrated by a ../../bin/catalina.bat
|
25-03-2019 - 11:30 | 28-01-2010 - 20:30 | |
CVE-2007-6286 | 4.3 |
Apache Tomcat 5.5.11 through 5.5.25 and 6.0.0 through 6.0.15, when the native APR connector is used, does not properly handle an empty request to the SSL port, which allows remote attackers to trigger handling of "a duplicate copy of one of the recen
|
25-03-2019 - 11:29 | 12-02-2008 - 01:00 | |
CVE-2006-3835 | 5.0 |
Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon (;) preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do.
|
25-03-2019 - 11:29 | 25-07-2006 - 13:22 | |
CVE-2009-0579 | 4.6 |
Linux-PAM before 1.0.4 does not enforce the minimum password age (MINDAYS) as specified in /etc/shadow, which allows local users to bypass intended security policy and change their passwords sooner than specified.
|
03-01-2019 - 15:01 | 16-04-2009 - 15:12 | |
CVE-2009-0887 | 6.6 |
Integer signedness error in the _pam_StrTok function in libpam/pam_misc.c in Linux-PAM (aka pam) 1.0.3 and earlier, when a configuration file contains non-ASCII usernames, might allow remote attackers to cause a denial of service, and might allow rem
|
03-01-2019 - 15:01 | 12-03-2009 - 15:20 | |
CVE-2010-1087 | 7.8 |
The nfs_wait_on_request function in fs/nfs/pagelist.c in Linux kernel 2.6.x through 2.6.33-rc5 allows attackers to cause a denial of service (Oops) via unknown vectors related to truncating a file and an operation that is not interruptible.
|
16-11-2018 - 16:19 | 06-04-2010 - 22:30 | |
CVE-2010-1086 | 7.8 |
The ULE decapsulation functionality in drivers/media/dvb/dvb-core/dvb_net.c in dvb-core in Linux kernel 2.6.33 and earlier allows attackers to cause a denial of service (infinite loop) via a crafted MPEG2-TS frame, related to an invalid Payload Point
|
16-11-2018 - 16:17 | 06-04-2010 - 22:30 | |
CVE-2010-1085 | 7.1 |
The azx_position_ok function in hda_intel.c in Linux kernel 2.6.33-rc4 and earlier, when running on the AMD780V chip set, allows context-dependent attackers to cause a denial of service (crash) via unknown manipulations that trigger a divide-by-zero
|
16-11-2018 - 16:16 | 06-04-2010 - 22:30 | |
CVE-2009-3725 | 7.2 |
The connector layer in the Linux kernel before 2.6.31.5 does not require the CAP_SYS_ADMIN capability for certain interaction with the (1) uvesafb, (2) pohmelfs, (3) dst, or (4) dm subsystem, which allows local users to bypass intended access restric
|
16-11-2018 - 15:46 | 06-11-2009 - 15:30 | |
CVE-2009-3002 | 4.9 |
The Linux kernel before 2.6.31-rc7 does not initialize certain data structures within getname functions, which allows local users to read the contents of some kernel memory locations by calling getsockname on (1) an AF_APPLETALK socket, related to th
|
16-11-2018 - 15:43 | 28-08-2009 - 15:30 | |
CVE-2009-3001 | 4.9 |
The llc_ui_getname function in net/llc/af_llc.c in the Linux kernel 2.6.31-rc7 and earlier does not initialize a certain data structure, which allows local users to read the contents of some kernel memory locations by calling getsockname on an AF_LLC
|
16-11-2018 - 15:40 | 28-08-2009 - 15:30 | |
CVE-2009-2584 | 7.2 |
Off-by-one error in the options_write function in drivers/misc/sgi-gru/gruprocfs.c in the SGI GRU driver in the Linux kernel 2.6.30.2 and earlier on ia64 and x86 platforms might allow local users to overwrite arbitrary memory locations and gain privi
|
16-11-2018 - 15:35 | 23-07-2009 - 20:30 | |
CVE-2009-1633 | 7.1 |
Multiple buffer overflows in the cifs subsystem in the Linux kernel before 2.6.29.4 allow remote CIFS servers to cause a denial of service (memory corruption) and possibly have unspecified other impact via (1) a malformed Unicode string, related to U
|
08-11-2018 - 20:29 | 28-05-2009 - 20:30 | |
CVE-2008-5907 | 5.0 |
The png_check_keyword function in pngwutil.c in libpng before 1.0.42, and 1.2.x before 1.2.34, might allow context-dependent attackers to set the value of an arbitrary memory location to zero via vectors involving creation of crafted PNG files with k
|
08-11-2018 - 20:18 | 15-01-2009 - 17:30 | |
CVE-2008-5701 | 4.7 |
Array index error in arch/mips/kernel/scall64-o32.S in the Linux kernel before 2.6.28-rc8 on 64-bit MIPS platforms allows local users to cause a denial of service (system crash) via an o32 syscall with a small syscall number, which leads to an attemp
|
08-11-2018 - 20:13 | 22-12-2008 - 15:30 | |
CVE-2008-7177 | 9.3 |
Buffer overflow in the listing module in Netwide Assembler (NASM) before 2.03.01 has unknown impact and attack vectors, a different vulnerability than CVE-2008-2719.
|
31-10-2018 - 18:35 | 08-09-2009 - 10:30 | |
CVE-2008-2719 | 6.8 |
Off-by-one error in the ppscan function (preproc.c) in Netwide Assembler (NASM) 2.02 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted file that triggers a stack-based buffer ove
|
30-10-2018 - 16:28 | 16-06-2008 - 23:41 | |
CVE-2007-2926 | 4.3 |
ISC BIND 9 through 9.5.0a5 uses a weak random number generator during generation of DNS query ids when answering resolver questions or sending NOTIFY messages to slave name servers, which makes it easier for remote attackers to guess the next query i
|
30-10-2018 - 16:27 | 24-07-2007 - 17:30 | |
CVE-2007-2925 | 5.8 |
The default access control lists (ACL) in ISC BIND 9.4.0, 9.4.1, and 9.5.0a1 through 9.5.0a5 do not set the allow-recursion and allow-query-cache ACLs, which allows remote attackers to make recursive queries and query the cache.
|
30-10-2018 - 16:27 | 24-07-2007 - 17:30 | |
CVE-2007-2241 | 7.1 |
Unspecified vulnerability in query.c in ISC BIND 9.4.0, and 9.5.0a1 through 9.5.0a3, when recursion is enabled, allows remote attackers to cause a denial of service (daemon exit) via a sequence of queries processed by the query_addsoa function. Succe
|
30-10-2018 - 16:27 | 02-05-2007 - 10:19 | |
CVE-2007-5236 | 5.4 |
Java Web Start in Sun JDK and JRE 5.0 Update 12 and earlier, and SDK and JRE 1.4.2_15 and earlier, on Windows does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read local files vi
|
30-10-2018 - 16:26 | 06-10-2007 - 00:17 | |
CVE-2008-4107 | 5.1 |
The (1) rand and (2) mt_rand functions in PHP 5.2.6 do not produce cryptographically strong random numbers, which allows attackers to leverage exposures in products that rely on these functions for security-relevant functionality, as demonstrated by
|
30-10-2018 - 16:26 | 18-09-2008 - 17:59 | |
CVE-2008-5395 | 4.9 |
The parisc_show_stack function in arch/parisc/kernel/traps.c in the Linux kernel before 2.6.28-rc7 on PA-RISC allows local users to cause a denial of service (system crash) via vectors associated with an attempt to unwind a stack that contains usersp
|
30-10-2018 - 16:26 | 09-12-2008 - 00:30 | |
CVE-2006-5823 | 4.0 |
The zlib_inflate function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via a malformed filesystem that uses zlib compression that triggers memory corruption, as demonstrated using cramfs.
|
30-10-2018 - 16:26 | 09-11-2006 - 11:07 | |
CVE-2008-7068 | 6.4 |
The dba_replace function in PHP 5.2.6 and 4.x allows context-dependent attackers to cause a denial of service (file truncation) via a key with the NULL byte. NOTE: this might only be a vulnerability in limited circumstances in which the attacker can
|
30-10-2018 - 16:26 | 25-08-2009 - 10:30 | |
CVE-2007-5360 | 7.5 |
Buffer overflow in OpenPegasus Management server, when compiled to use PAM and with PEGASUS_USE_PAM_STANDALONE_PROC defined, as used in VMWare ESX Server 3.0.1 and 3.0.2, might allow remote attackers to execute arbitrary code via vectors related to P
|
30-10-2018 - 16:26 | 08-01-2008 - 20:46 | |
CVE-2006-5751 | 7.2 |
Integer overflow in the get_fdb_entries function in net/bridge/br_ioctl.c in the Linux kernel before 2.6.18.4 allows local users to execute arbitrary code via a large maxnum value in an ioctl request.
|
30-10-2018 - 16:26 | 02-12-2006 - 02:28 | |
CVE-2006-5215 | 2.6 |
The Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060317, and Solaris 8 through 10 before 20061006, allows local users to overwrite arbitrary files, or read another user's Xsession errors file, via a sy
|
30-10-2018 - 16:26 | 10-10-2006 - 04:06 | |
CVE-2009-2626 | 6.4 |
The zend_restore_ini_entry_cb function in zend_ini.c in PHP 5.3.0, 5.2.10, and earlier versions allows context-specific attackers to obtain sensitive information (memory contents) and cause a PHP crash by using the ini_set function to declare a varia
|
30-10-2018 - 16:26 | 01-12-2009 - 16:30 | |
CVE-2009-3293 | 7.5 |
Unspecified vulnerability in the imagecolortransparent function in PHP before 5.2.11 has unknown impact and attack vectors related to an incorrect "sanity check for the color index."
|
30-10-2018 - 16:26 | 22-09-2009 - 10:30 | |
CVE-2009-4143 | 10.0 |
PHP before 5.2.12 does not properly handle session data, which has unspecified impact and attack vectors related to (1) interrupt corruption of the SESSION superglobal array and (2) the session.save_path directive.
|
30-10-2018 - 16:26 | 21-12-2009 - 16:30 | |
CVE-2007-2453 | 1.2 |
The random number feature in Linux kernel 2.6 before 2.6.20.13, and 2.6.21.x before 2.6.21.4, (1) does not properly seed pools when there is no entropy, or (2) uses an incorrect cast when extracting entropy, which might cause the random number genera
|
30-10-2018 - 16:26 | 11-06-2007 - 23:30 | |
CVE-2009-3558 | 6.8 |
The posix_mkfifo function in ext/posix/posix.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass open_basedir restrictions, and create FIFO files, via the pathname and mode arguments, as demonstrated by creating
|
30-10-2018 - 16:26 | 23-11-2009 - 17:30 | |
CVE-2009-3557 | 5.0 |
The tempnam function in ext/standard/file.c in PHP before 5.2.12 and 5.3.x before 5.3.1 allows context-dependent attackers to bypass safe_mode restrictions, and create files in group-writable or world-writable directories, via the dir and prefix argu
|
30-10-2018 - 16:26 | 23-11-2009 - 17:30 | |
CVE-2009-4018 | 7.5 |
The proc_open function in ext/standard/proc_open.c in PHP before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars directives, which allows context-dependent attackers to execute pr
|
30-10-2018 - 16:26 | 29-11-2009 - 13:07 | |
CVE-2004-1307 | 7.5 |
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be a
|
30-10-2018 - 16:26 | 21-12-2004 - 05:00 | |
CVE-2006-5706 | 7.2 |
Unspecified vulnerabilities in PHP, probably before 5.2.0, allow local users to bypass open_basedir restrictions and perform unspecified actions via unspecified vectors involving the (1) chdir and (2) tempnam functions. NOTE: the tempnam vector migh
|
30-10-2018 - 16:25 | 04-11-2006 - 01:07 | |
CVE-2006-7051 | 4.9 |
The sys_timer_create function in posix-timers.c for Linux kernel 2.6.x allows local users to cause a denial of service (memory consumption) and possibly bypass memory limits or cause other processes to be killed by creating a large number of posix ti
|
30-10-2018 - 16:25 | 24-02-2007 - 00:28 | |
CVE-2007-6417 | 7.2 |
The shmem_getpage function (mm/shmem.c) in Linux kernel 2.6.11 through 2.6.23 does not properly clear allocated memory in some rare circumstances related to tmpfs, which might allow local users to read sensitive kernel data or cause a denial of servi
|
30-10-2018 - 16:25 | 18-12-2007 - 00:46 | |
CVE-2009-4418 | 5.0 |
The unserialize function in PHP 5.3.0 and earlier allows context-dependent attackers to cause a denial of service (resource consumption) via a deeply nested serialized variable, as demonstrated by a string beginning with a:1: followed by many {a:1: s
|
30-10-2018 - 16:25 | 24-12-2009 - 17:30 | |
CVE-2006-5465 | 7.5 |
Buffer overflow in PHP before 5.2.0 allows remote attackers to execute arbitrary code via crafted UTF-8 inputs to the (1) htmlentities or (2) htmlspecialchars functions.
|
30-10-2018 - 16:25 | 04-11-2006 - 00:07 | |
CVE-2008-3064 | 10.0 |
Unspecified vulnerability in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 has unknown impact and attack vectors, probably related to accessing local files, aka a "Local resource reference vulnerabili
|
30-10-2018 - 16:25 | 28-07-2008 - 17:41 | |
CVE-2008-3066 | 9.3 |
Stack-based buffer overflow in a certain ActiveX control in rjbdll.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, and RealPlayer 10.5 before build 6.0.12.1675 allows remote attackers to execute arbitrary code by importing a file into a med
|
30-10-2018 - 16:25 | 28-07-2008 - 17:41 | |
CVE-2008-2750 | 7.8 |
The pppol2tp_recvmsg function in drivers/net/pppol2tp.c in the Linux kernel 2.6 before 2.6.26-rc6 allows remote attackers to cause a denial of service (kernel heap memory corruption and system crash) and possibly have unspecified other impact via a c
|
30-10-2018 - 16:25 | 18-06-2008 - 19:41 | |
CVE-2007-2844 | 9.3 |
PHP 4.x and 5.x before 5.2.1, when running on multi-threaded systems, does not ensure thread safety for libc crypt function calls using protection schemes such as a mutex, which creates race conditions that allow remote attackers to overwrite interna
|
30-10-2018 - 16:25 | 24-05-2007 - 18:30 | |
CVE-2006-4481 | 7.2 |
The (1) file_exists and (2) imap_reopen functions in PHP before 5.1.5 do not check for the safe_mode and open_basedir settings, which allows local users to bypass the settings. NOTE: the error_log function is covered by CVE-2006-3011, and the imap_o
|
30-10-2018 - 16:25 | 31-08-2006 - 21:04 | |
CVE-2006-4625 | 3.6 |
PHP 4.x up to 4.4.4 and PHP 5 up to 5.1.6 allows local users to bypass certain Apache HTTP Server httpd.conf options, such as safe_mode and open_basedir, via the ini_restore function, which resets the values to their php.ini (Master Value) defaults.
|
30-10-2018 - 16:25 | 12-09-2006 - 16:07 | |
CVE-2006-5178 | 6.2 |
Race condition in the symlink function in PHP 5.1.6 and earlier allows local users to bypass the open_basedir restriction by using a combination of symlink, mkdir, and unlink functions to change the file path after the open_basedir check and before t
|
30-10-2018 - 16:25 | 10-10-2006 - 04:06 | |
CVE-2007-1888 | 7.5 |
Buffer overflow in the sqlite_decode_binary function in src/encode.c in SQLite 2, as used by PHP 4.x through 5.x and other applications, allows context-dependent attackers to execute arbitrary code via an empty value of the in parameter. NOTE: some
|
30-10-2018 - 16:25 | 06-04-2007 - 01:19 | |
CVE-2006-4433 | 7.5 |
PHP before 4.4.3 and 5.x before 5.1.4 does not limit the character set of the session identifier (PHPSESSID) for third party session handlers, which might make it easier for remote attackers to exploit other vulnerabilities by inserting PHP code into
|
30-10-2018 - 16:25 | 29-08-2006 - 00:04 | |
CVE-2006-4812 | 10.0 |
Integer overflow in PHP 5 up to 5.1.6 and 4 before 4.3.0 allows remote attackers to execute arbitrary code via an argument to the unserialize PHP function with a large value for the number of array elements, which triggers the overflow in the Zend En
|
30-10-2018 - 16:25 | 10-10-2006 - 04:06 | |
CVE-2007-1884 | 6.8 |
Multiple integer signedness errors in the printf function family in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 on 64 bit machines allow context-dependent attackers to execute arbitrary code via (1) certain negative argument numbers that arise in the p
|
30-10-2018 - 16:25 | 06-04-2007 - 01:19 | |
CVE-2006-5214 | 1.2 |
Race condition in the Xsession script, as used by X Display Manager (xdm) in NetBSD before 20060212, X.Org before 20060225, and Solaris 8 through 10 before 20061006, causes a user's Xsession errors file to have weak permissions before a chmod is perf
|
30-10-2018 - 16:25 | 10-10-2006 - 04:06 | |
CVE-2007-2511 | 7.2 |
Buffer overflow in the user_filter_factory_create function in PHP before 5.2.2 has unknown impact and local attack vectors.
|
30-10-2018 - 16:25 | 09-05-2007 - 00:19 | |
CVE-2006-2660 | 2.1 |
Buffer consumption vulnerability in the tempnam function in PHP 5.1.4 and 4.x before 4.4.3 allows local users to bypass restrictions and create PHP files with fixed names in other directories via a pathname argument longer than MAXPATHLEN, which prev
|
30-10-2018 - 16:25 | 13-06-2006 - 18:02 | |
CVE-2007-1885 | 7.5 |
Integer overflow in the str_replace function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1 allows context-dependent attackers to execute arbitrary code via a single character search string in conjunction with a long replacement string, which overflows
|
30-10-2018 - 16:25 | 06-04-2007 - 01:19 | |
CVE-2007-1890 | 7.5 |
Integer overflow in the msg_receive function in PHP 4 before 4.4.5 and PHP 5 before 5.2.1, on FreeBSD and possibly other platforms, allows context-dependent attackers to execute arbitrary code via certain maxsize values, as demonstrated by 0xffffffff
|
30-10-2018 - 16:25 | 06-04-2007 - 01:19 | |
CVE-2007-1835 | 4.6 |
PHP 4 before 4.4.5 and PHP 5 before 5.2.1, when using an empty session save path (session.save_path), uses the TMPDIR default after checking the restrictions, which allows local users to bypass open_basedir restrictions.
|
30-10-2018 - 16:25 | 03-04-2007 - 00:19 | |
CVE-2007-2510 | 5.1 |
Buffer overflow in the make_http_soap_request function in PHP before 5.2.2 has unknown impact and remote attack vectors, possibly related to "/" (slash) characters.
|
30-10-2018 - 16:25 | 09-05-2007 - 00:19 | |
CVE-2008-2168 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache 2.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded URLs that are not properly handled when displaying the 403 Forbidden error page.
|
30-10-2018 - 16:25 | 13-05-2008 - 21:20 | |
CVE-2008-2137 | 4.4 |
The (1) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c and the (2) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel 2.4 before 2.4.36.5 and 2.6 before 2.6.25.3, omit some virtual-address range (aka span)
|
30-10-2018 - 16:25 | 29-05-2008 - 16:32 | |
CVE-2007-1883 | 7.8 |
PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to read arbitrary memory locations via an interruption that triggers a user space error handler that changes a parameter to an arbitrary pointer, as demonstrated via t
|
30-10-2018 - 16:25 | 06-04-2007 - 01:19 | |
CVE-2010-1130 | 5.0 |
session.c in the session extension in PHP before 5.2.13, and 5.3.1, does not properly interpret ; (semicolon) characters in the argument to the session_save_path function, which allows context-dependent attackers to bypass open_basedir and safe_mode
|
30-10-2018 - 16:25 | 26-03-2010 - 20:30 | |
CVE-2007-1380 | 5.0 |
The php_binary serialization handler in the session extension in PHP before 4.4.5, and 5.x before 5.2.1, allows context-dependent attackers to obtain sensitive information (memory contents) via a serialized variable entry with a large length value, w
|
30-10-2018 - 16:25 | 10-03-2007 - 00:19 | |
CVE-2007-1717 | 5.0 |
The mail function in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 truncates e-mail messages at the first ASCIIZ ('\0') byte, which might allow context-dependent attackers to prevent intended information from being delivered in e-mail messages. NO
|
30-10-2018 - 16:25 | 28-03-2007 - 00:19 | |
CVE-2007-1001 | 6.8 |
Multiple integer overflows in the (1) createwbmp and (2) readwbmp functions in wbmp.c in the GD library (libgd) in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allow context-dependent attackers to execute arbitrary code via Wireless Bitmap (WBMP)
|
30-10-2018 - 16:25 | 06-04-2007 - 00:19 | |
CVE-2007-1700 | 7.5 |
The session extension in PHP 4 before 4.4.5, and PHP 5 before 5.2.1, calculates the reference count for the session variables without considering the internal pointer from the session globals, which allows context-dependent attackers to execute arbit
|
30-10-2018 - 16:25 | 27-03-2007 - 01:19 | |
CVE-2003-0860 | 10.0 |
Buffer overflows in PHP before 4.3.3 have unknown impact and unknown attack vectors.
|
30-10-2018 - 16:25 | 17-11-2003 - 05:00 | |
CVE-2007-1582 | 6.8 |
The resource system in PHP 4.0.0 through 4.4.6 and 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting certain functions in the GD (ext/gd) extension and unspecified other extensions via a userspace error
|
30-10-2018 - 16:25 | 21-03-2007 - 23:19 | |
CVE-2003-0861 | 10.0 |
Integer overflows in (1) base64_encode and (2) the GD library for PHP before 4.3.3 have unknown impact and unknown attack vectors.
|
30-10-2018 - 16:25 | 17-11-2003 - 05:00 | |
CVE-2007-1777 | 7.5 |
Integer overflow in the zip_read_entry function in PHP 4 before 4.4.5 allows remote attackers to execute arbitrary code via a ZIP archive that contains an entry with a length value of 0xffffffff, which is incremented before use in an emalloc call, tr
|
30-10-2018 - 16:25 | 30-03-2007 - 01:19 | |
CVE-2006-1017 | 9.3 |
The c-client library 2000, 2001, or 2004 for PHP before 4.4.4 and 5.x before 5.1.5 do not check the (1) safe_mode or (2) open_basedir functions, and when used in applications that accept user-controlled input for the mailbox argument to the imap_open
|
30-10-2018 - 16:25 | 07-03-2006 - 00:02 | |
CVE-2007-1825 | 7.5 |
Buffer overflow in the imap_mail_compose function in PHP 5 before 5.2.1, and PHP 4 before 4.4.5, allows remote attackers to execute arbitrary code via a long boundary string in a type.parameters field. NOTE: as of 20070411, it appears that this issue
|
30-10-2018 - 16:25 | 02-04-2007 - 23:19 | |
CVE-2007-1581 | 9.3 |
The resource system in PHP 5.0.0 through 5.2.1 allows context-dependent attackers to execute arbitrary code by interrupting the hash_update_file function via a userspace (1) error or (2) stream handler, which can then be used to destroy and modify in
|
30-10-2018 - 16:25 | 21-03-2007 - 23:19 | |
CVE-2009-0282 | 9.3 |
Integer overflow in Ralink Technology USB wireless adapter (RT73) 3.08 for Windows, and other wireless card drivers including rt2400, rt2500, rt2570, and rt61, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrar
|
30-10-2018 - 16:25 | 27-01-2009 - 18:30 | |
CVE-2006-1494 | 2.6 |
Directory traversal vulnerability in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass open_basedir restrictions allows remote attackers to create files in arbitrary directories via the tempnam function.
|
30-10-2018 - 16:25 | 10-04-2006 - 19:02 | |
CVE-2007-1378 | 5.1 |
The ovrimos_longreadlen function in the Ovrimos extension for PHP before 4.4.5 allows context-dependent attackers to write to arbitrary memory locations via the result_id and length arguments.
|
30-10-2018 - 16:25 | 10-03-2007 - 00:19 | |
CVE-2005-3392 | 7.5 |
Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2005-3319 | 2.1 |
The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file
|
30-10-2018 - 16:25 | 27-10-2005 - 10:02 | |
CVE-2006-1608 | 2.1 |
The copy function in file.c in PHP 4.4.2 and 5.1.2 allows local users to bypass safe mode and read arbitrary files via a source argument containing a compress.zlib:// URI.
|
30-10-2018 - 16:25 | 10-04-2006 - 19:02 | |
CVE-2007-1379 | 5.1 |
The ovrimos_close function in the Ovrimos extension for PHP before 4.4.5 can trigger efree of an arbitrary address, which might allow context-dependent attackers to execute arbitrary code.
|
30-10-2018 - 16:25 | 10-03-2007 - 00:19 | |
CVE-2004-2546 | 6.4 |
Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a denial of service (memory consumption).
|
30-10-2018 - 16:25 | 31-12-2004 - 05:00 | |
CVE-2003-0863 | 7.5 |
The php_check_safe_mode_include_dir function in fopen_wrappers.c of PHP 4.3.x returns a success value (0) when the safe_mode_include_dir variable is not specified in configuration, which differs from the previous failure value and may allow remote at
|
30-10-2018 - 16:25 | 17-11-2003 - 05:00 | |
CVE-2005-3391 | 7.5 |
Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.
|
30-10-2018 - 16:25 | 01-11-2005 - 12:47 | |
CVE-2008-1294 | 2.1 |
Linux kernel 2.6.17, and other versions before 2.6.22, does not check when a user attempts to set RLIMIT_CPU to 0 until after the change is made, which allows local users to bypass intended resource limits.
|
30-10-2018 - 16:25 | 02-05-2008 - 16:05 | |
CVE-2007-1396 | 6.8 |
The import_request_variables function in PHP 4.0.7 through 4.4.6, and 5.x before 5.2.2, when called without a prefix, does not prevent the (1) GET, (2) POST, (3) COOKIE, (4) FILES, (5) SERVER, (6) SESSION, and other superglobals from being overwritte
|
30-10-2018 - 16:25 | 10-03-2007 - 22:19 | |
CVE-2007-0905 | 7.5 |
PHP before 5.2.1 allows attackers to bypass safe_mode and open_basedir restrictions via unspecified vectors in the session extension. NOTE: it is possible that this issue is a duplicate of CVE-2006-6383.
|
30-10-2018 - 16:25 | 13-02-2007 - 23:28 | |
CVE-2007-1376 | 7.5 |
The shmop functions in PHP before 4.4.5, and before 5.2.1 in the 5.x series, do not verify that their arguments correspond to a shmop resource, which allows context-dependent attackers to read and write arbitrary memory locations via arguments associ
|
30-10-2018 - 16:25 | 10-03-2007 - 00:19 | |
CVE-2006-1015 | 6.4 |
Argument injection vulnerability in certain PHP 3.x, 4.x, and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mail function, allows remote attackers to read and create arbitrary
|
30-10-2018 - 16:25 | 07-03-2006 - 00:02 | |
CVE-2007-5268 | 4.3 |
pngrtran.c in libpng before 1.0.29 and 1.2.x before 1.2.21 use (1) logical instead of bitwise operations and (2) incorrect comparisons, which might allow remote attackers to cause a denial of service (crash) via a crafted PNG image.
|
26-10-2018 - 14:11 | 08-10-2007 - 21:17 | |
CVE-2007-5266 | 4.3 |
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.0.29 beta1 and 1.2.x before 1.2.21 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image that prevents a n
|
26-10-2018 - 14:11 | 08-10-2007 - 21:17 | |
CVE-2007-4657 | 7.5 |
Multiple integer overflows in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to obtain sensitive information (memory contents) or cause a denial of service (thread crash) via a large len value to the (1) strspn or (2) strcspn func
|
26-10-2018 - 14:05 | 04-09-2007 - 22:17 | |
CVE-2007-3998 | 5.0 |
The wordwrap function in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, does not properly use the breakcharlen variable, which allows remote attackers to cause a denial of service (divide-by-zero error and application crash, or infinite loop) via certai
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2007-3997 | 7.5 |
The (1) MySQL and (2) MySQLi extensions in PHP 4 before 4.4.8, and PHP 5 before 5.2.4, allow remote attackers to bypass safe_mode and open_basedir restrictions via MySQL LOCAL INFILE operations, as demonstrated by a query with LOAD DATA LOCAL INFILE.
|
26-10-2018 - 13:59 | 04-09-2007 - 18:17 | |
CVE-2007-2748 | 4.3 |
The substr_count function in PHP 5.2.1 and earlier allows context-dependent attackers to obtain sensitive information via unspecified vectors, a different affected function than CVE-2007-1375.
|
19-10-2018 - 19:03 | 17-05-2007 - 20:30 | |
CVE-2007-2691 | 4.9 |
MySQL before 4.1.23, 5.0.x before 5.0.42, and 5.1.x before 5.1.18 does not require the DROP privilege for RENAME TABLE statements, which allows remote authenticated users to rename arbitrary tables. The vendor has released a product update to address
|
19-10-2018 - 19:00 | 16-05-2007 - 01:19 | |
CVE-2007-1475 | 5.4 |
Multiple buffer overflows in the (1) ibase_connect and (2) ibase_pconnect functions in the interbase extension in PHP 4.4.6 and earlier allow context-dependent attackers to execute arbitrary code via a long argument. Successful exploitation requires
|
19-10-2018 - 18:18 | 16-03-2007 - 21:19 | |
CVE-2007-1411 | 6.8 |
Buffer overflow in PHP 4.4.6 and earlier, and unspecified PHP 5 versions, allows local and possibly remote attackers to execute arbitrary code via long server name arguments to the (1) mssql_connect and (2) mssql_pconnect functions.
|
19-10-2018 - 18:18 | 10-03-2007 - 22:19 | |
CVE-2007-1484 | 4.6 |
The array_user_key_compare function in PHP 4.4.6 and earlier, and 5.x up to 5.2.1, makes erroneous calls to zval_dtor, which triggers memory corruption and allows local users to bypass safe_mode and execute arbitrary code via a certain unset operatio
|
19-10-2018 - 18:18 | 16-03-2007 - 21:19 | |
CVE-2006-0670 | 5.0 |
Buffer overflow in l2cap.c in hcidump 1.29 allows remote attackers to cause a denial of service (crash) through a wireless Bluetooth connection via a malformed Logical Link Control and Adaptation Protocol (L2CAP) packet.
|
19-10-2018 - 15:45 | 13-02-2006 - 22:02 | |
CVE-2006-0553 | 6.5 |
PostgreSQL 8.1.0 through 8.1.2 allows authenticated database users to gain additional privileges via "knowledge of the backend protocol" using a crafted SET ROLE to other database users, a different vulnerability than CVE-2006-0678.
|
19-10-2018 - 15:45 | 14-02-2006 - 19:06 | |
CVE-2006-0576 | 7.2 |
Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious (1) which or (2) dirname programs. NOTE: while opcontrol normally is not ru
|
19-10-2018 - 15:45 | 08-02-2006 - 00:06 | |
CVE-2006-0321 | 5.0 |
fetchmail 6.3.0 and other versions before 6.3.2 allows remote attackers to cause a denial of service (crash) via crafted e-mail messages that cause a free of an invalid pointer when fetchmail bounces the message to the originator or local postmaster.
|
19-10-2018 - 15:44 | 24-01-2006 - 00:03 | |
CVE-2006-0454 | 5.0 |
Linux kernel before 2.6.15.3 down to 2.6.12, while constructing an ICMP response in icmp_send, does not properly handle when the ip_options_echo function in icmp.c fails, which allows remote attackers to cause a denial of service (crash) via vectors
|
19-10-2018 - 15:44 | 07-02-2006 - 18:06 | |
CVE-2006-0236 | 5.1 |
GUI display truncation vulnerability in Mozilla Thunderbird 1.0.2, 1.0.6, and 1.0.7 allows user-assisted attackers to execute arbitrary code via an attachment with a filename containing a large number of spaces ending with a dangerous extension that
|
19-10-2018 - 15:43 | 18-01-2006 - 01:07 | |
CVE-2006-0225 | 4.6 |
scp in OpenSSH 4.2p1 allows attackers to execute arbitrary commands via filenames that contain shell metacharacters or spaces, which are expanded twice.
|
19-10-2018 - 15:43 | 25-01-2006 - 11:03 | |
CVE-2006-0097 | 7.5 |
Stack-based buffer overflow in the create_named_pipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long (1) arg_host or (2) arg_unix_socket argument, as demonstrated by a long
|
19-10-2018 - 15:42 | 06-01-2006 - 11:03 | |
CVE-2005-4667 | 3.7 |
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses
|
19-10-2018 - 15:41 | 31-12-2005 - 05:00 | |
CVE-2005-4348 | 7.8 |
fetchmail before 6.3.1 and before 6.2.5.5, when configured for multidrop mode, allows remote attackers to cause a denial of service (application crash) by sending messages without headers from upstream mail servers.
|
19-10-2018 - 15:40 | 21-12-2005 - 00:03 | |
CVE-2005-3964 | 7.5 |
Multiple buffer overflows in libUil (libUil.so) in OpenMotif 2.2.3, and possibly other versions, allows attackers to execute arbitrary code via the (1) diag_issue_diagnostic function in UilDiags.c and (2) open_source_file function in UilSrcSrc.c.
|
19-10-2018 - 15:39 | 02-12-2005 - 11:03 | |
CVE-2005-3628 | 7.5 |
Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary co
|
19-10-2018 - 15:38 | 31-12-2005 - 05:00 | |
CVE-2005-3624 | 5.0 |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to int
|
19-10-2018 - 15:37 | 31-12-2005 - 05:00 | |
CVE-2005-3625 | 10.0 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and
|
19-10-2018 - 15:37 | 31-12-2005 - 05:00 | |
CVE-2005-3626 | 5.0 |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
|
19-10-2018 - 15:37 | 31-12-2005 - 05:00 | |
CVE-2005-3627 | 7.5 |
Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components"
|
19-10-2018 - 15:37 | 31-12-2005 - 05:00 | |
CVE-2005-3192 | 7.5 |
Heap-based buffer overflow in the StreamPredictor function in Xpdf 3.01, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, and (4) pdftohtml, (5) KOffice KWord, (6) CUPS, and (7) libextractor allows remote attackers to execute arbitra
|
19-10-2018 - 15:35 | 08-12-2005 - 01:03 | |
CVE-2005-3193 | 5.1 |
Heap-based buffer overflow in the JPXStream::readCodestream function in the JPX stream parsing code (JPXStream.c) for xpdf 3.01 and earlier, as used in products such as (1) Poppler, (2) teTeX, (3) KDE kpdf, (4) CUPS, and (5) libextractor allows user-
|
19-10-2018 - 15:35 | 07-12-2005 - 00:03 | |
CVE-2005-3191 | 5.1 |
Multiple heap-based buffer overflows in the (1) DCTStream::readProgressiveSOF and (2) DCTStream::readBaselineSOF functions in the DCT stream parsing code (Stream.cc) in xpdf 3.01 and earlier, as used in products such as (a) Poppler, (b) teTeX, (c) KD
|
19-10-2018 - 15:34 | 07-12-2005 - 01:03 | |
CVE-2005-2929 | 7.5 |
Lynx 2.8.5, and other versions before 2.8.6dev.15, allows remote attackers to execute arbitrary commands via (1) lynxcgi:, (2) lynxexec, and (3) lynxprog links, which are not properly restricted in the default configuration in some environments.
|
19-10-2018 - 15:34 | 18-11-2005 - 06:03 | |
CVE-2005-3186 | 7.5 |
Integer overflow in the GTK+ gdk-pixbuf XPM image rendering library in GTK+ 2.4.0 allows attackers to execute arbitrary code via an XPM file with a number of colors that causes insufficient memory to be allocated, which leads to a heap-based buffer o
|
19-10-2018 - 15:34 | 18-11-2005 - 06:03 | |
CVE-2005-3011 | 1.2 |
The sort_offline function for texindex in texinfo 4.8 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
19-10-2018 - 15:34 | 21-09-2005 - 20:03 | |
CVE-2005-2798 | 5.0 |
sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts.
|
19-10-2018 - 15:33 | 06-09-2005 - 17:03 | |
CVE-2005-1704 | 4.6 |
Integer overflow in the Binary File Descriptor (BFD) library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of sect
|
19-10-2018 - 15:31 | 24-05-2005 - 04:00 | |
CVE-2005-0953 | 3.7 |
Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.
|
19-10-2018 - 15:31 | 02-05-2005 - 04:00 | |
CVE-2004-1170 | 10.0 |
a2ps 4.13 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename.
|
19-10-2018 - 15:30 | 10-01-2005 - 05:00 | |
CVE-2004-0688 | 7.5 |
Multiple integer overflows in (1) the xpmParseColors function in parse.c, (2) XpmCreateImageFromXpmImage, (3) CreateXImage, (4) ParsePixels, and (5) ParseAndPutPixels for libXpm before 6.8.1 may allow remote attackers to execute arbitrary code via a
|
19-10-2018 - 15:30 | 20-10-2004 - 04:00 | |
CVE-2004-2761 | 5.0 |
The MD5 Message-Digest Algorithm is not collision resistant, which makes it easier for context-dependent attackers to conduct spoofing attacks, as demonstrated by attacks on the use of MD5 in the signature algorithm of an X.509 certificate. There are
|
19-10-2018 - 15:30 | 05-01-2009 - 20:30 | |
CVE-2004-1186 | 5.0 |
Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service (application crash).
|
19-10-2018 - 15:30 | 31-12-2004 - 05:00 | |
CVE-2004-0230 | 5.0 |
TCP, when using a large Window Size, makes it easier for remote attackers to guess sequence numbers and cause a denial of service (connection loss) to persistent TCP connections by repeatedly injecting a TCP RST packet, especially in protocols that u
|
19-10-2018 - 15:30 | 18-08-2004 - 04:00 | |
CVE-2004-2680 | 5.0 |
mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.
|
19-10-2018 - 15:30 | 31-12-2004 - 05:00 | |
CVE-2004-1185 | 7.5 |
Enscript 1.6.3 does not sanitize filenames, which allows remote attackers or local users to execute arbitrary commands via crafted filenames.
|
19-10-2018 - 15:30 | 21-01-2005 - 05:00 | |
CVE-2003-1557 | 7.6 |
Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, when using BSMTP mode ("-B"), allows remote attackers to execute arbitrary code via email containing headers with leading "." characters.
|
19-10-2018 - 15:29 | 31-12-2003 - 05:00 | |
CVE-2003-0131 | 7.5 |
The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and 0.9.7a allow remote attackers to perform an unauthorized RSA private key operation via a modified Bleichenbacher attack that uses a large number of SSL or TLS connections using PKC
|
19-10-2018 - 15:29 | 24-03-2003 - 05:00 | |
CVE-2003-0147 | 5.0 |
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the us
|
19-10-2018 - 15:29 | 31-03-2003 - 05:00 | |
CVE-2006-3626 | 6.2 |
Race condition in Linux kernel 2.6.17.4 and earlier allows local users to gain root privileges by using prctl with PR_SET_DUMPABLE in a way that causes /proc/self/environ to become setuid root.
|
18-10-2018 - 16:48 | 18-07-2006 - 15:46 | |
CVE-2006-3376 | 7.5 |
Integer overflow in player.c in libwmf 0.2.8.4, as used in multiple products including (1) wv, (2) abiword, (3) freetype, (4) gimp, (5) libgsf, and (6) imagemagick allows remote attackers to execute arbitrary code via the MaxRecordSize header field i
|
18-10-2018 - 16:47 | 06-07-2006 - 20:05 | |
CVE-2006-3334 | 7.5 |
Buffer overflow in the png_decompress_chunk function in pngrutil.c in libpng before 1.2.12 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors related to "chunk error processing,
|
18-10-2018 - 16:46 | 30-06-2006 - 23:05 | |
CVE-2006-2940 | 7.8 |
OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows attackers to cause a denial of service (CPU consumption) via parasitic public keys with large (1) "public exponent" or (2) "public modulus" values in X.509 certificates tha
|
18-10-2018 - 16:44 | 28-09-2006 - 18:07 | |
CVE-2006-2937 | 7.8 |
OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d allows remote attackers to cause a denial of service (infinite loop and memory consumption) via malformed ASN.1 structures that trigger an improperly handled error condition.
|
18-10-2018 - 16:43 | 28-09-2006 - 18:07 | |
CVE-2006-2754 | 5.0 |
Stack-based buffer overflow in st.c in slurpd for OpenLDAP before 2.3.22 might allow attackers to execute arbitrary code via a long hostname.
|
18-10-2018 - 16:41 | 01-06-2006 - 17:02 | |
CVE-2006-2607 | 7.2 |
do_command.c in Vixie cron (vixie-cron) 4.1 does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or resource limits, as originally demonstrated by a progr
|
18-10-2018 - 16:40 | 25-05-2006 - 20:02 | |
CVE-2006-2414 | 5.0 |
Directory traversal vulnerability in Dovecot 1.0 beta and 1.0 allows remote attackers to list files and directories under the mbox parent directory and obtain mailbox names via ".." sequences in the (1) LIST or (2) DELETE IMAP command.
|
18-10-2018 - 16:39 | 16-05-2006 - 10:02 | |
CVE-2006-2050 | 5.0 |
SQL injection vulnerability in dcboard.cgi in DCScripts DCForumLite 3.0 allows remote attackers to execute arbitrary SQL commands via the az parameter.
|
18-10-2018 - 16:37 | 26-04-2006 - 20:06 | |
CVE-2006-1624 | 7.8 |
The default configuration of syslogd in the Linux sysklogd package does not enable the -x (disable name lookups) option, which allows remote attackers to cause a denial of service (traffic amplification) via messages with spoofed source IP addresses.
|
18-10-2018 - 16:33 | 05-04-2006 - 10:04 | |
CVE-2006-1549 | 2.1 |
PHP 4.4.2 and 5.1.2 allows local users to cause a crash (segmentation fault) by defining and executing a recursive function. NOTE: it has been reported by a reliable third party that some later versions are also affected. Upgrade to PHP 5.1.3-RC3
|
18-10-2018 - 16:33 | 10-04-2006 - 22:58 | |
CVE-2006-1014 | 3.2 |
Argument injection vulnerability in certain PHP 4.x and 5.x applications, when used with sendmail and when accepting remote input for the additional_parameters argument to the mb_send_mail function, allows context-dependent attackers to read and crea
|
18-10-2018 - 16:30 | 07-03-2006 - 00:02 | |
CVE-2006-6628 | 4.3 |
Integer overflow in OpenOffice.org (OOo) 2.1 allows user-assisted remote attackers to cause a denial of service (application crash) via a crafted DOC file, as demonstrated by the 12122006-djtest.doc file, a variant of CVE-2006-6561 in a separate code
|
17-10-2018 - 21:49 | 18-12-2006 - 11:28 | |
CVE-2006-6385 | 7.2 |
Stack-based buffer overflow in Intel PRO 10/100, PRO/1000, and PRO/10GbE PCI, PCI-X, and PCIe network adapter drivers (aka NDIS miniport drivers) before 20061205 allows local users to execute arbitrary code with "kernel-level" privileges via an incor
|
17-10-2018 - 21:48 | 08-12-2006 - 01:28 | |
CVE-2006-6236 | 9.3 |
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the (1) src, (2) setPageMode, (3) setLayoutMode, and (4) setNamedDest methods
|
17-10-2018 - 21:47 | 03-12-2006 - 19:28 | |
CVE-2006-6383 | 4.6 |
PHP 5.2.0 and 4.4 allows local users to bypass safe_mode and open_basedir restrictions via a malicious path and a null byte before a ";" in a session_save_path argument, followed by an allowed path, which causes a parsing inconsistency in which PHP v
|
17-10-2018 - 21:47 | 10-12-2006 - 20:28 | |
CVE-2006-6169 | 6.8 |
Heap-based buffer overflow in the ask_outfile_name function in openfile.c for GnuPG (gpg) 1.4 and 2.0, when running interactively, might allow attackers to execute arbitrary code via messages with "C-escape" expansions, which cause the make_printable
|
17-10-2018 - 21:47 | 29-11-2006 - 18:28 | |
CVE-2006-6235 | 10.0 |
A "stack overwrite" vulnerability in GnuPG (gpg) 1.x before 1.4.6, 2.x before 2.0.2, and 1.9.0 through 1.9.95 allows attackers to execute arbitrary code via crafted OpenPGP packets that cause GnuPG to dereference a function pointer from deallocated s
|
17-10-2018 - 21:47 | 07-12-2006 - 11:28 | |
CVE-2006-6097 | 4.0 |
GNU tar 1.16 and 1.15.1, and possibly other versions, allows user-assisted attackers to overwrite arbitrary files via a tar file that contains a GNUTYPE_NAMES record with a symbolic link, which is not properly handled by the extract_archive function
|
17-10-2018 - 21:46 | 24-11-2006 - 18:07 | |
CVE-2006-5974 | 7.8 |
fetchmail 6.3.5 and 6.3.6 before 6.3.6-rc4, when refusing a message delivered via the mda option, allows remote attackers to cause a denial of service (crash) via unknown vectors that trigger a NULL pointer dereference when calling the (1) ferror or
|
17-10-2018 - 21:46 | 31-12-2006 - 05:00 | |
CVE-2006-6106 | 7.5 |
Multiple buffer overflows in the cmtp_recv_interopmsg function in the Bluetooth driver (net/bluetooth/cmtp/capi.c) in the Linux kernel 2.4.22 up to 2.4.33.4 and 2.6.2 before 2.6.18.6, and 2.6.19.x, allow remote attackers to cause a denial of service
|
17-10-2018 - 21:46 | 19-12-2006 - 19:28 | |
CVE-2006-6015 | 5.0 |
Buffer overflow in the JavaScript implementation in Safari on Apple Mac OS X 10.4 allows remote attackers to cause a denial of service (application crash) via a long argument to the exec method of a regular expression.
|
17-10-2018 - 21:46 | 21-11-2006 - 23:07 | |
CVE-2006-6027 | 9.3 |
Adobe Reader (Adobe Acrobat Reader) 7.0 through 7.0.8 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long argument string to the LoadFile method in an AcroPDF ActiveX control.
|
17-10-2018 - 21:46 | 21-11-2006 - 23:07 | |
CVE-2006-5864 | 5.1 |
Stack-based buffer overflow in the ps_gettext function in ps.c for GNU gv 3.6.2, and possibly earlier versions, allows user-assisted attackers to execute arbitrary code via a PostScript (PS) file with certain headers that contain long comments, as de
|
17-10-2018 - 21:45 | 11-11-2006 - 01:07 | |
CVE-2006-5794 | 7.5 |
Unspecified vulnerability in the sshd Privilege Separation Monitor in OpenSSH before 4.5 causes weaker verification that authentication has been successful, which might allow attackers to bypass authentication. NOTE: as of 20061108, it is believed th
|
17-10-2018 - 21:45 | 08-11-2006 - 20:07 | |
CVE-2006-5870 | 9.3 |
Multiple integer overflows in OpenOffice.org (OOo) 2.0.4 and earlier, and possibly other versions before 2.1.0; and StarOffice 6 through 8; allow user-assisted remote attackers to execute arbitrary code via a crafted (a) WMF or (b) EMF file that trig
|
17-10-2018 - 21:45 | 31-12-2006 - 05:00 | |
CVE-2006-5633 | 5.0 |
Firefox 1.5.0.7 and 2.0, and Seamonkey 1.1b, allows remote attackers to cause a denial of service (crash) by creating a range object using createRange, calling selectNode on a DocType node (DOCUMENT_TYPE_NODE), then calling createContextualFragment o
|
17-10-2018 - 21:44 | 31-10-2006 - 22:07 | |
CVE-2006-5619 | 2.1 |
The seqfile handling (ip6fl_get_n function in ip6_flowlabel.c) in Linux kernel 2.6 up to 2.6.18-stable allows local users to cause a denial of service (hang or oops) via unspecified manipulations that trigger an infinite loop while searching for flow
|
17-10-2018 - 21:43 | 31-10-2006 - 19:07 | |
CVE-2006-5456 | 5.1 |
Multiple buffer overflows in GraphicsMagick before 1.1.7 and ImageMagick 6.0.7 allow user-assisted attackers to cause a denial of service and possibly execute arbitrary code via (1) a DCM image that is not properly handled by the ReadDCMImage functio
|
17-10-2018 - 21:43 | 23-10-2006 - 17:07 | |
CVE-2006-5229 | 2.6 |
OpenSSH portable 4.1 on SUSE Linux, and possibly other platforms and versions, and possibly under limited configurations, allows remote attackers to determine valid usernames via timing discrepancies in which responses take longer for valid usernames
|
17-10-2018 - 21:41 | 10-10-2006 - 23:07 | |
CVE-2006-5052 | 5.0 |
Unspecified vulnerability in portable OpenSSH before 4.4, when running on some platforms, allows remote attackers to determine the validity of usernames via unknown vectors involving a GSSAPI "authentication abort."
|
17-10-2018 - 21:40 | 27-09-2006 - 23:07 | |
CVE-2006-4924 | 7.8 |
sshd in OpenSSH before 4.4, when using the version 1 SSH protocol, allows remote attackers to cause a denial of service (CPU consumption) via an SSH packet that contains duplicate blocks, which is not properly handled by the CRC compensation attack d
|
17-10-2018 - 21:40 | 27-09-2006 - 01:07 | |
CVE-2006-4925 | 5.0 |
packet.c in ssh in OpenSSH allows remote attackers to cause a denial of service (crash) by sending an invalid protocol sequence with USERAUTH_SUCCESS before NEWKEYS, which causes newkeys[mode] to be NULL.
|
17-10-2018 - 21:40 | 29-09-2006 - 00:07 | |
CVE-2006-4810 | 4.6 |
Buffer overflow in the readline function in util/texindex.c, as used by the (1) texi2dvi and (2) texindex commands, in texinfo 4.8 and earlier allows local users to execute arbitrary code via a crafted Texinfo file.
|
17-10-2018 - 21:39 | 08-11-2006 - 21:07 | |
CVE-2006-4842 | 3.6 |
The Netscape Portable Runtime (NSPR) API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrar
|
17-10-2018 - 21:39 | 12-10-2006 - 00:07 | |
CVE-2006-4624 | 2.6 |
CRLF injection vulnerability in Utils.py in Mailman before 2.1.9rc1 allows remote attackers to spoof messages in the error log and possibly trick the administrator into visiting malicious URLs via CRLF sequences in the URI.
|
17-10-2018 - 21:38 | 07-09-2006 - 19:04 | |
CVE-2006-4600 | 2.3 |
slapd in OpenLDAP before 2.3.25 allows remote authenticated users with selfwrite Access Control List (ACL) privileges to modify arbitrary Distinguished Names (DN).
|
17-10-2018 - 21:38 | 07-09-2006 - 00:04 | |
CVE-2006-4623 | 7.8 |
The Unidirectional Lightweight Encapsulation (ULE) decapsulation component in dvb-core/dvb_net.c in the dvb driver in the Linux kernel 2.6.17.8 allows remote attackers to cause a denial of service (crash) via an SNDU length of 0 in a ULE packet. Ther
|
17-10-2018 - 21:38 | 11-09-2006 - 17:04 | |
CVE-2006-4514 | 7.5 |
Heap-based buffer overflow in the ole_info_read_metabat function in Gnome Structured File library (libgsf) 1.14.0, and other versions before 1.14.2, allows context-dependent attackers to execute arbitrary code via a large num_metabat value in an OLE
|
17-10-2018 - 21:37 | 30-11-2006 - 23:28 | |
CVE-2006-4343 | 4.3 |
The get_server_hello function in the SSLv2 client code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions allows remote servers to cause a denial of service (client crash) via unknown vectors that trigger a null pointer derefer
|
17-10-2018 - 21:36 | 28-09-2006 - 18:07 | |
CVE-2006-4339 | 4.3 |
OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8 before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1 padding before generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signed by that RSA key
|
17-10-2018 - 21:35 | 05-09-2006 - 17:04 | |
CVE-2006-4338 | 5.0 |
unlzh.c in the LHZ component in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (infinite loop) via a crafted GZIP archive.
|
17-10-2018 - 21:35 | 19-09-2006 - 21:07 | |
CVE-2006-4337 | 7.5 |
Buffer overflow in the make_table function in the LHZ component in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted decoding table in a GZIP archive.
|
17-10-2018 - 21:34 | 19-09-2006 - 21:07 | |
CVE-2006-4310 | 4.3 |
Mozilla Firefox 1.5.0.6 allows remote attackers to cause a denial of service (crash) via a crafted FTP response, when attempting to connect with a username and password via the FTP URI.
|
17-10-2018 - 21:34 | 23-08-2006 - 19:04 | |
CVE-2006-4335 | 7.5 |
Array index error in the make_table function in unlzh.c in the LZH decompression component in gzip 1.3.5, when running on certain platforms, allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code v
|
17-10-2018 - 21:34 | 19-09-2006 - 21:07 | |
CVE-2006-4336 | 7.5 |
Buffer underflow in the build_tree function in unpack.c in gzip 1.3.5 allows context-dependent attackers to execute arbitrary code via a crafted leaf count table that causes a write to a negative index.
|
17-10-2018 - 21:34 | 19-09-2006 - 21:07 | |
CVE-2006-4334 | 5.0 |
Unspecified vulnerability in gzip 1.3.5 allows context-dependent attackers to cause a denial of service (crash) via a crafted GZIP (gz) archive, which results in a NULL dereference.
|
17-10-2018 - 21:34 | 19-09-2006 - 21:07 | |
CVE-2006-4096 | 5.0 |
BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via a flood of recursive queries, which cause an INSIST failure when the response is received after the recursion queue is empty.
|
17-10-2018 - 21:33 | 06-09-2006 - 00:04 | |
CVE-2006-4144 | 2.6 |
Integer overflow in the ReadSGIImage function in sgi.c in ImageMagick before 6.2.9 allows user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via large (1) bytes_per_pixel, (2) columns, and (3) rows values
|
17-10-2018 - 21:33 | 15-08-2006 - 23:04 | |
CVE-2006-3879 | 5.0 |
Integer overflow in the loadChunk function in loaders/load_gt2.c in libmikmod in Mikmod Sound System 3.2.2 allows remote attackers to cause a denial of service via a GRAOUMF TRACKER (GT2) module file with a large (0xffffffff) comment length value in
|
17-10-2018 - 21:32 | 27-07-2006 - 01:04 | |
CVE-2006-3731 | 2.6 |
Mozilla Firefox 1.5.0.4 and earlier allows remote user-assisted attackers to cause a denial of service (crash) via a form with a multipart/form-data encoding and a user-uploaded file. NOTE: a third party has claimed that this issue might be related
|
17-10-2018 - 21:29 | 21-07-2006 - 14:03 | |
CVE-2006-3738 | 10.0 |
Buffer overflow in the SSL_get_shared_ciphers function in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and earlier versions has unspecified impact and remote attack vectors involving a long list of ciphers. Failed exploit attempts may crash appl
|
17-10-2018 - 21:29 | 28-09-2006 - 18:07 | |
CVE-2006-7232 | 3.5 |
sql_select.cc in MySQL 5.0.x before 5.0.32 and 5.1.x before 5.1.14 allows remote authenticated users to cause a denial of service (crash) via an EXPLAIN SELECT FROM on the INFORMATION_SCHEMA table, as originally demonstrated using ORDER BY.
|
17-10-2018 - 17:59 | 31-12-2006 - 05:00 | |
CVE-2006-5868 | 9.3 |
Multiple buffer overflows in Imagemagick 6.0 before 6.0.6.2, and 6.2 before 6.2.4.5, has unknown impact and user-assisted attack vectors via a crafted SGI image.
|
17-10-2018 - 17:51 | 22-11-2006 - 01:07 | |
CVE-2007-3477 | 5.0 |
The (a) imagearc and (b) imagefilledarc functions in GD Graphics Library (libgd) before 2.0.35 allow attackers to cause a denial of service (CPU consumption) via a large (1) start or (2) end angle degree value.
|
16-10-2018 - 16:50 | 28-06-2007 - 18:30 | |
CVE-2007-3478 | 4.3 |
Race condition in gdImageStringFTEx (gdft_draw_bitmap) in gdft.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors, possibly involving truetype font (TT
|
16-10-2018 - 16:50 | 28-06-2007 - 18:30 | |
CVE-2007-3476 | 4.3 |
Array index error in gd_gif_in.c in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash and heap corruption) via large color index values in crafted image data, which results in a se
|
16-10-2018 - 16:50 | 28-06-2007 - 18:30 | |
CVE-2007-3472 | 4.3 |
Integer overflow in gdImageCreateTrueColor function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to have unspecified attack vectors and impact. An integer overflow exists in the "gdImageCreateTrueColor()" fun
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
CVE-2007-3475 | 4.3 |
The GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via a GIF image that has no global color map.
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
CVE-2007-3473 | 4.3 |
The gdImageCreateXbm function in the GD Graphics Library (libgd) before 2.0.35 allows user-assisted remote attackers to cause a denial of service (crash) via unspecified vectors involving a gdImageCreate failure.
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
CVE-2007-3474 | 2.6 |
Multiple unspecified vulnerabilities in the GIF reader in the GD Graphics Library (libgd) before 2.0.35 have unspecified impact and user-assisted remote attack vectors. An integer overflow exists in the "gdImageCreateTrueColor()" function.
|
16-10-2018 - 16:49 | 28-06-2007 - 18:30 | |
CVE-2007-3279 | 10.0 |
PostgreSQL 8.1 and probably later versions, when the PL/pgSQL (plpgsql) language has been created, grants certain plpgsql privileges to the PUBLIC domain, which allows remote attackers to create and execute functions, as demonstrated by functions tha
|
16-10-2018 - 16:48 | 19-06-2007 - 21:30 | |
CVE-2007-3372 | 2.1 |
The Avahi daemon in Avahi before 0.6.20 allows attackers to cause a denial of service (exit) via empty TXT data over D-Bus, which triggers an assert error.
|
16-10-2018 - 16:48 | 22-06-2007 - 21:30 | |
CVE-2007-3303 | 4.9 |
Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creati
|
16-10-2018 - 16:48 | 20-06-2007 - 22:30 | |
CVE-2007-3280 | 9.0 |
The Database Link library (dblink) in PostgreSQL 8.1 implements functions via CREATE statements that map to arbitrary libraries based on the C programming language, which allows remote authenticated superusers to map and execute a function from any l
|
16-10-2018 - 16:48 | 19-06-2007 - 21:30 | |
CVE-2007-3205 | 5.0 |
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it
|
16-10-2018 - 16:47 | 13-06-2007 - 10:30 | |
CVE-2007-3108 | 1.2 |
The BN_from_montgomery function in crypto/bn/bn_mont.c in OpenSSL 0.9.8e and earlier does not properly perform Montgomery multiplication, which might allow local users to conduct a side-channel attack and retrieve RSA private keys.
|
16-10-2018 - 16:47 | 08-08-2007 - 01:17 | |
CVE-2007-2953 | 6.8 |
Format string vulnerability in the helptags_one function in src/ex_cmds.c in Vim 6.4 and earlier, and 7.x up to 7.1, allows user-assisted remote attackers to execute arbitrary code via format string specifiers in a help-tags tag in a help file, relat
|
16-10-2018 - 16:46 | 31-07-2007 - 10:17 | |
CVE-2007-2930 | 4.3 |
The (1) NSID_SHUFFLE_ONLY and (2) NSID_USE_POOL PRNG algorithms in ISC BIND 8 before 8.4.7-P1 generate predictable DNS query identifiers when sending outgoing queries such as NOTIFY messages when answering questions as a resolver, which allows remote
|
16-10-2018 - 16:46 | 12-09-2007 - 01:17 | |
CVE-2007-2452 | 6.0 |
Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format
|
16-10-2018 - 16:44 | 04-06-2007 - 16:30 | |
CVE-2007-2645 | 9.3 |
Integer overflow in the exif_data_load_data_entry function in exif-data.c in libexif before 0.6.14 allows user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via crafted EXIF data, involving the (1)
|
16-10-2018 - 16:44 | 14-05-2007 - 21:19 | |
CVE-2007-2231 | 4.3 |
Directory traversal vulnerability in index/mbox/mbox-storage.c in Dovecot before 1.0.rc29, when using the zlib plugin, allows remote attackers to read arbitrary gzipped (.gz) mailboxes (mbox files) via a .. (dot dot) sequence in the mailbox name.
|
16-10-2018 - 16:42 | 25-04-2007 - 15:19 | |
CVE-2007-2263 | 9.3 |
Heap-based buffer overflow in RealNetworks RealPlayer 10.0, 10.1, and possibly 10.5, RealOne Player, and RealPlayer Enterprise allows remote attackers to execute arbitrary code via an SWF (Flash) file with malformed record headers.
|
16-10-2018 - 16:42 | 31-10-2007 - 17:46 | |
CVE-2007-2264 | 9.3 |
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a RAM (.ra or .ram) file with a large size value in the RA h
|
16-10-2018 - 16:42 | 31-10-2007 - 17:46 | |
CVE-2007-2026 | 7.8 |
The gnu regular expression code in file 4.20 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted document with a large number of line feed characters, which is not well handled by OS/2 REXX regular expressi
|
16-10-2018 - 16:41 | 13-04-2007 - 18:19 | |
CVE-2007-1734 | 7.2 |
The DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later does not verify the upper bounds of the optlen value, which allows local users running on certain architectures to read kernel memory or cause a
|
16-10-2018 - 16:40 | 28-03-2007 - 22:19 | |
CVE-2007-1709 | 4.3 |
Buffer overflow in the confirm_phpdoc_compiled function in the phpDOC extension (PECL phpDOC) in PHP 5.2.1 allows context-dependent attackers to execute arbitrary code via a long argument string.
|
16-10-2018 - 16:40 | 27-03-2007 - 01:19 | |
CVE-2007-1730 | 6.6 |
Integer signedness error in the DCCP support in the do_dccp_getsockopt function in net/dccp/proto.c in Linux kernel 2.6.20 and later allows local users to read kernel memory or cause a denial of service (oops) via a negative optlen value.
|
16-10-2018 - 16:40 | 28-03-2007 - 10:19 | |
CVE-2007-1401 | 6.9 |
Buffer overflow in the crack extension (CrackLib), as bundled with PHP 4.4.6 and other versions before 5.0.0, might allow local users to gain privileges via a long argument to the crack_opendict function.
|
16-10-2018 - 16:38 | 10-03-2007 - 22:19 | |
CVE-2007-1036 | 7.5 |
The default configuration of JBoss does not restrict access to the (1) console and (2) web management interfaces, which allows remote attackers to bypass authentication and gain administrative access via direct requests.
|
16-10-2018 - 16:36 | 21-02-2007 - 11:28 | |
CVE-2007-1030 | 7.8 |
Niels Provos libevent 1.2 and 1.2a allows remote attackers to cause a denial of service (infinite loop) via a DNS response containing a label pointer that references its own offset.
|
16-10-2018 - 16:36 | 21-02-2007 - 11:28 | |
CVE-2007-0911 | 7.8 |
Off-by-one error in the str_ireplace function in PHP 5.2.1 might allow context-dependent attackers to cause a denial of service (crash).
|
16-10-2018 - 16:35 | 13-02-2007 - 23:28 | |
CVE-2007-0770 | 9.3 |
Buffer overflow in GraphicsMagick and ImageMagick allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a PALM image that is not properly handled by the ReadPALMImage function in coders/palm.c. NOT
|
16-10-2018 - 16:34 | 12-02-2007 - 20:28 | |
CVE-2007-0653 | 9.3 |
Integer overflow in X MultiMedia System (xmms) 1.2.10, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which triggers memory corruption.
|
16-10-2018 - 16:33 | 21-03-2007 - 22:19 | |
CVE-2007-0537 | 2.6 |
The KDE HTML library (kdelibs), as used by Konqueror 3.5.5, does not properly parse HTML comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks and bypass some XSS protection schemes by embedding certain HTML tags withi
|
16-10-2018 - 16:33 | 29-01-2007 - 16:28 | |
CVE-2007-0654 | 9.3 |
Integer underflow in X MultiMedia System (xmms) 1.2.10 allows user-assisted remote attackers to execute arbitrary code via crafted header information in a skin bitmap image, which results in a stack-based buffer overflow.
|
16-10-2018 - 16:33 | 21-03-2007 - 22:19 | |
CVE-2007-0453 | 4.6 |
Buffer overflow in the nss_winbind.so.1 library in Samba 3.0.21 through 3.0.23d, as used in the winbindd daemon on Solaris, allows attackers to execute arbitrary code via the (1) gethostbyname and (2) getipnodebyname functions.
|
16-10-2018 - 16:32 | 06-02-2007 - 02:28 | |
CVE-2007-0454 | 7.5 |
Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during
|
16-10-2018 - 16:32 | 06-02-2007 - 02:28 | |
CVE-2007-0227 | 5.0 |
slocate 3.1 does not properly manage database entries that specify names of files in protected directories, which allows local users to obtain the names of private files. NOTE: another researcher reports that the issue is not present in slocate 2.7.
|
16-10-2018 - 16:31 | 13-01-2007 - 02:28 | |
CVE-2007-0104 | 6.8 |
The Adobe PDF specification 1.3, as implemented by (a) xpdf 3.0.1 patch 2, (b) kpdf in KDE before 3.5.5, (c) poppler before 0.5.4, and other products, allows remote attackers to have an unknown impact, possibly including denial of service (infinite l
|
16-10-2018 - 16:31 | 09-01-2007 - 00:28 | |
CVE-2007-0062 | 10.0 |
Integer overflow in the ISC dhcpd 3.0.x before 3.0.7 and 3.1.x before 3.1.1; and the DHCP server in EMC VMware Workstation before 5.5.5 Build 56455 and 6.x before 6.0.1 Build 55017, Player before 1.0.5 Build 56455 and Player 2 before 2.0.1 Build 5501
|
16-10-2018 - 16:30 | 21-09-2007 - 19:17 | |
CVE-2006-7177 | 7.8 |
MadWifi, when Ad-Hoc mode is used, allows remote attackers to cause a denial of service (system crash) via unspecified vectors that lead to a kernel panic in the ieee80211_input function, related to "packets coming from a 'malicious' WinXP system."
|
16-10-2018 - 16:29 | 30-03-2007 - 01:19 | |
CVE-2006-7180 | 6.8 |
ieee80211_output.c in MadWifi before 0.9.3 sends unencrypted packets before WPA authentication succeeds, which allows remote attackers to obtain sensitive information (related to network structure), and possibly cause a denial of service (disrupted a
|
16-10-2018 - 16:29 | 30-03-2007 - 01:19 | |
CVE-2006-7179 | 7.8 |
ieee80211_input.c in MadWifi before 0.9.3 does not properly process Channel Switch Announcement Information Elements (CSA IEs), which allows remote attackers to cause a denial of service (loss of communication) via a Channel Switch Count less than or
|
16-10-2018 - 16:29 | 30-03-2007 - 01:19 | |
CVE-2006-7139 | 2.6 |
Kmail 1.9.1 on KDE 3.5.2, with "Prefer HTML to Plain Text" enabled, allows remote attackers to cause a denial of service (crash) via an HTML e-mail with certain table and frameset tags that trigger a segmentation fault, possibly involving invalid fre
|
16-10-2018 - 16:29 | 07-03-2007 - 20:19 | |
CVE-2006-7178 | 7.8 |
MadWifi before 0.9.3 does not properly handle reception of an AUTH frame by an IBSS node, which allows remote attackers to cause a denial of service (system crash) via a certain AUTH frame.
|
16-10-2018 - 16:29 | 30-03-2007 - 01:19 | |
CVE-2005-0109 | 4.7 |
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain
|
16-10-2018 - 12:06 | 05-03-2005 - 05:00 | |
CVE-2008-0674 | 7.5 |
Buffer overflow in PCRE before 7.6 allows remote attackers to execute arbitrary code via a regular expression containing a character class with a large number of characters with Unicode code points greater than 255.
|
15-10-2018 - 22:02 | 18-02-2008 - 23:00 | |
CVE-2008-0594 | 5.0 |
Mozilla Firefox before 2.0.0.12 does not always display a web forgery warning dialog if the entire contents of a web page are in a DIV tag that uses absolute positioning, which makes it easier for remote attackers to conduct phishing attacks.
|
15-10-2018 - 22:01 | 09-02-2008 - 01:00 | |
CVE-2008-0564 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mailman before 2.1.10b1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors related to (1) editing templates and (2) the list's "info attribute" in the web admin
|
15-10-2018 - 22:01 | 05-02-2008 - 02:00 | |
CVE-2008-0227 | 7.5 |
yaSSL 1.7.5 and earlier, as used in MySQL and possibly other products, allows remote attackers to cause a denial of service (crash) via a Hello packet containing a large size value, which triggers a buffer over-read in the HASHwithTransform::Update f
|
15-10-2018 - 21:58 | 10-01-2008 - 23:46 | |
CVE-2008-0172 | 5.0 |
The get_repeat_type function in basic_regex_creator.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (NULL dereference and crash) via an invalid regular expression
|
15-10-2018 - 21:58 | 17-01-2008 - 23:00 | |
CVE-2008-0171 | 5.0 |
regex/v4/perl_matcher_non_recursive.hpp in the Boost regex library (aka Boost.Regex) in Boost 1.33 and 1.34 allows context-dependent attackers to cause a denial of service (failed assertion and crash) via an invalid regular expression.
|
15-10-2018 - 21:58 | 17-01-2008 - 23:00 | |
CVE-2008-0009 | 2.1 |
The vmsplice_to_user function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which might allow local users to access arbitrary kernel memory locations.
|
15-10-2018 - 21:57 | 12-02-2008 - 21:00 | |
CVE-2008-0010 | 2.1 |
The copy_from_user_mmap_sem function in fs/splice.c in the Linux kernel 2.6.22 through 2.6.24 does not validate a certain userspace pointer before dereference, which allow local users to read from arbitrary kernel memory locations.
|
15-10-2018 - 21:57 | 12-02-2008 - 21:00 | |
CVE-2007-6598 | 6.8 |
Dovecot before 1.0.10, with certain configuration options including use of %variables, does not properly maintain the LDAP+auth cache, which might allow remote authenticated users to login as a different user who has the same password.
|
15-10-2018 - 21:55 | 04-01-2008 - 02:46 | |
CVE-2007-6591 | 4.3 |
KDE Konqueror 3.5.5 and 3.95.00, when a user accepts an SSL server certificate on the basis of the CN domain name in the DN field, regards the certificate as also accepted for all domain names in subjectAltName:dNSName fields, even though these field
|
15-10-2018 - 21:55 | 28-12-2007 - 21:46 | |
CVE-2007-6514 | 4.3 |
Apache HTTP Server, when running on Linux with a document root on a Windows share mounted using smbfs, allows remote attackers to obtain unprocessed content such as source files for .php programs via a trailing "\" (backslash), which is not handled b
|
15-10-2018 - 21:54 | 21-12-2007 - 22:46 | |
CVE-2007-6348 | 6.8 |
SquirrelMail 1.4.11 and 1.4.12, as distributed on sourceforge.net before 20071213, has been externally modified to create a Trojan Horse that introduces a PHP remote file inclusion vulnerability, which allows remote attackers to execute arbitrary cod
|
15-10-2018 - 21:52 | 14-12-2007 - 19:46 | |
CVE-2007-6279 | 9.3 |
Multiple double free vulnerabilities in Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allow user-assisted remote attackers to execute arbitrary code via malformed (1) Seektable values or (2) Seektable Data Offsets in a .FLAC file.
|
15-10-2018 - 21:51 | 07-12-2007 - 11:46 | |
CVE-2007-6227 | 7.2 |
QEMU 0.9.0 allows local users of a Windows XP SP2 guest operating system to overwrite the TranslationBlock (code_gen_buffer) buffer, and probably have unspecified other impacts related to an "overflow," via certain Windows executable programs, as dem
|
15-10-2018 - 21:51 | 04-12-2007 - 18:46 | |
CVE-2007-6278 | 9.3 |
Free Lossless Audio Codec (FLAC) libFLAC before 1.2.1 allows user-assisted remote attackers to force a client to download arbitrary files via the MIME-Type URL flag (-->) for the FLAC image file in a crafted .FLAC file.
|
15-10-2018 - 21:51 | 07-12-2007 - 11:46 | |
CVE-2007-6203 | 4.3 |
Apache HTTP Server 2.0.x and 2.2.x does not sanitize the HTTP Method specifier header from an HTTP request when it is reflected back in a "413 Request Entity Too Large" error message, which might allow cross-site scripting (XSS) style attacks using w
|
15-10-2018 - 21:50 | 03-12-2007 - 22:46 | |
CVE-2007-6200 | 10.0 |
Unspecified vulnerability in rsync before 3.0.0pre6, when running a writable rsync daemon, allows remote attackers to bypass exclude, exclude_from, and filter and read or write hidden files via (1) symlink, (2) partial-dir, (3) backup-dir, and unspec
|
15-10-2018 - 21:50 | 01-12-2007 - 06:46 | |
CVE-2007-6199 | 9.3 |
rsync before 3.0.0pre6, when running a writable rsync daemon that is not using chroot, allows remote attackers to access restricted files via unknown vectors that cause rsync to create a symlink that points outside of the module's hierarchy.
|
15-10-2018 - 21:50 | 01-12-2007 - 06:46 | |
CVE-2007-6113 | 4.3 |
Integer signedness error in the DNP3 dissector in Wireshark (formerly Ethereal) 0.10.12 to 0.99.6 allows remote attackers to cause a denial of service (long loop) via a malformed DNP3 packet.
|
15-10-2018 - 21:49 | 23-11-2007 - 20:46 | |
CVE-2007-6039 | 2.1 |
PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in (1) the domain parameter to the dgettext function, the message parameter to the (2) dcgettext or (3) gettext function, the
|
15-10-2018 - 21:49 | 20-11-2007 - 19:46 | |
CVE-2007-5971 | 6.9 |
Double free vulnerability in the gss_krb5int_make_seal_token_v3 function in lib/gssapi/krb5/k5sealv3.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. Information from Apple: http://docs.info.apple.com/article.html?artnum=307562
|
15-10-2018 - 21:48 | 06-12-2007 - 02:46 | |
CVE-2007-5937 | 6.8 |
Multiple buffer overflows in dvi2xx.c in dviljk in teTeX and TeXlive 2007 and earlier might allow user-assisted attackers to execute arbitrary code via a crafted DVI input file.
|
15-10-2018 - 21:47 | 13-11-2007 - 22:46 | |
CVE-2007-5900 | 6.9 |
PHP before 5.2.5 allows local users to bypass protection mechanisms configured through php_admin_value or php_admin_flag in httpd.conf by using ini_set to modify arbitrary configuration variables, a different issue than CVE-2006-4625.
|
15-10-2018 - 21:47 | 20-11-2007 - 18:46 | |
CVE-2007-5936 | 3.6 |
dvips in teTeX and TeXlive 2007 and earlier allows local users to obtain sensitive information and modify certain data by creating certain temporary files before they are processed by dviljk, which can then be read or modified in place.
|
15-10-2018 - 21:47 | 13-11-2007 - 22:46 | |
CVE-2007-5935 | 6.8 |
Stack-based buffer overflow in hpc.c in dvips in teTeX and TeXlive 2007 and earlier allows user-assisted attackers to execute arbitrary code via a DVI file with a long href tag.
|
15-10-2018 - 21:47 | 13-11-2007 - 22:46 | |
CVE-2007-5741 | 7.5 |
Plone 2.5 through 2.5.4 and 3.0 through 3.0.2 allows remote attackers to execute arbitrary Python code via network data containing pickled objects for the (1) statusmessages or (2) linkintegrity module, which the module unpickles and executes.
|
15-10-2018 - 21:46 | 07-11-2007 - 21:46 | |
CVE-2007-5898 | 6.4 |
The (1) htmlentities and (2) htmlspecialchars functions in PHP before 5.2.5 accept partial multibyte sequences, which has unknown impact and attack vectors, a different issue than CVE-2006-5465.
|
15-10-2018 - 21:46 | 20-11-2007 - 18:46 | |
CVE-2007-5848 | 7.2 |
Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
|
15-10-2018 - 21:46 | 19-12-2007 - 21:46 | |
CVE-2007-5424 | 7.5 |
The disable_functions feature in PHP 4 and 5 allows attackers to bypass intended restrictions by using an alias, as demonstrated by using ini_alter when ini_set is disabled.
|
15-10-2018 - 21:44 | 12-10-2007 - 23:17 | |
CVE-2007-5378 | 4.3 |
Buffer overflow in the FileReadGIF function in tkImgGIF.c for Tk Toolkit 8.4.12 and earlier, and 8.3.5 and earlier, allows user-assisted attackers to cause a denial of service (segmentation fault) via an animated GIF in which the first subimage is sm
|
15-10-2018 - 21:44 | 12-10-2007 - 01:17 | |
CVE-2007-5267 | 4.3 |
Off-by-one error in ICC profile chunk handling in the png_set_iCCP function in pngset.c in libpng before 1.2.22 beta1 allows remote attackers to cause a denial of service (crash) via a crafted PNG image, due to an incorrect fix for CVE-2007-5266.
|
15-10-2018 - 21:41 | 08-10-2007 - 21:17 | |
CVE-2007-5045 | 9.3 |
Argument injection vulnerability in Apple QuickTime 7.1.5 and earlier, when running on systems with Mozilla Firefox before 2.0.0.7 installed, allows remote attackers to execute arbitrary commands via a QuickTime Media Link (QTL) file with an embed XM
|
15-10-2018 - 21:40 | 24-09-2007 - 00:17 | |
CVE-2007-5020 | 9.3 |
Unspecified vulnerability in Adobe Acrobat and Reader 8.1 on Windows allows remote attackers to execute arbitrary code via a crafted PDF file, related to the mailto: option and Internet Explorer 7 on Windows XP. NOTE: this information is based upon
|
15-10-2018 - 21:40 | 21-09-2007 - 18:17 | |
CVE-2007-4999 | 4.3 |
libpurple in Pidgin 2.1.0 through 2.2.1, when using HTML logging, allows remote attackers to cause a denial of service (NULL dereference and application crash) via a message that contains invalid HTML data, a different vector than CVE-2007-4996.
|
15-10-2018 - 21:39 | 29-10-2007 - 22:46 | |
CVE-2007-4995 | 9.3 |
Off-by-one error in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8f allows remote attackers to execute arbitrary code via unspecified vectors.
|
15-10-2018 - 21:39 | 13-10-2007 - 01:17 | |
CVE-2007-4996 | 4.3 |
libpurple in Pidgin before 2.2.1 does not properly handle MSN nudge messages from users who are not on the receiver's buddy list, which allows remote attackers to cause a denial of service (crash) via a nudge message that triggers an access of "an in
|
15-10-2018 - 21:39 | 01-10-2007 - 20:17 | |
CVE-2007-4990 | 7.5 |
The swap_char2b function in X.Org X Font Server (xfs) before 1.0.5 allows context-dependent attackers to execute arbitrary code via (1) QueryXBitmaps and (2) QueryXExtents protocol requests with crafted size values that specify an arbitrary number of
|
15-10-2018 - 21:39 | 05-10-2007 - 21:17 | |
CVE-2007-4987 | 9.3 |
Off-by-one error in the ReadBlobString function in blob.c in ImageMagick before 6.3.5-9 allows context-dependent attackers to execute arbitrary code via a crafted image file, which triggers the writing of a '\0' character to an out-of-bounds address.
|
15-10-2018 - 21:39 | 24-09-2007 - 22:17 | |
CVE-2007-4782 | 5.0 |
PHP before 5.2.3 allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the pattern parameter to the glob function; or (2) a long string in the string parameter to the fnmatch function, accompanie
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
CVE-2007-4904 | 4.3 |
RealNetworks RealPlayer 10.1.0.3114 and earlier, and Helix Player 1.0.6.778 on Fedora Core 6 (FC6) and possibly other platforms, allow user-assisted remote attackers to cause a denial of service (application crash) via a malformed .au file that trigg
|
15-10-2018 - 21:38 | 17-09-2007 - 16:17 | |
CVE-2007-4840 | 5.0 |
PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via (1) a long string in the out_charset parameter to the iconv function; or a long string in the charset parameter to the (2) iconv_mime_decode
|
15-10-2018 - 21:38 | 12-09-2007 - 20:17 | |
CVE-2007-4784 | 5.0 |
The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service (application crash) via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that su
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
CVE-2007-4889 | 6.8 |
The MySQL extension in PHP 5.2.4 and earlier allows remote attackers to bypass safe_mode and open_basedir restrictions via the MySQL (1) LOAD_FILE, (2) INTO DUMPFILE, and (3) INTO OUTFILE functions, a different issue than CVE-2007-3997.
|
15-10-2018 - 21:38 | 14-09-2007 - 01:17 | |
CVE-2007-4825 | 7.5 |
Directory traversal vulnerability in PHP 5.2.4 and earlier allows attackers to bypass open_basedir restrictions and possibly execute arbitrary code via a .. (dot dot) in the dl function.
|
15-10-2018 - 21:38 | 12-09-2007 - 01:17 | |
CVE-2007-4887 | 4.3 |
The dl function in PHP 5.2.4 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a long string in the library parameter. NOTE: there are limited usage scenarios under which this would be a vulnerabilit
|
15-10-2018 - 21:38 | 14-09-2007 - 00:17 | |
CVE-2007-4850 | 5.0 |
curl/interface.c in the cURL library (aka libcurl) in PHP 5.2.4 and 5.2.5 allows context-dependent attackers to bypass safe_mode and open_basedir restrictions and read arbitrary files via a file:// request containing a \x00 sequence, a different vuln
|
15-10-2018 - 21:38 | 25-01-2008 - 01:00 | |
CVE-2007-4783 | 5.0 |
The iconv_substr function in PHP 5.2.4 and earlier allows context-dependent attackers to cause (1) a denial of service (application crash) via a long string in the charset parameter, probably also requiring a long string in the str parameter; or (2)
|
15-10-2018 - 21:38 | 10-09-2007 - 21:17 | |
CVE-2007-4752 | 7.5 |
ssh in OpenSSH before 4.7 does not properly handle when an untrusted cookie cannot be created and uses a trusted X11 cookie instead, which allows attackers to violate intended policy and gain privileges by causing an X client to be treated as trusted
|
15-10-2018 - 21:37 | 12-09-2007 - 01:17 | |
CVE-2007-4599 | 9.3 |
Stack-based buffer overflow in RealNetworks RealPlayer 10 and possibly 10.5, and RealOne Player 1 and 2, for Windows allows remote attackers to execute arbitrary code via a crafted playlist (PLS) file.
|
15-10-2018 - 21:36 | 31-10-2007 - 17:46 | |
CVE-2007-4573 | 7.2 |
The IA32 system call emulation functionality in Linux kernel 2.4.x and 2.6.x before 2.6.22.7, when running on the x86_64 architecture, does not zero extend the eax register after the 32bit entry path to ptrace is used, which might allow local users t
|
15-10-2018 - 21:36 | 24-09-2007 - 22:17 | |
CVE-2007-4565 | 5.0 |
sink.c in fetchmail before 6.3.9 allows context-dependent attackers to cause a denial of service (NULL dereference and application crash) by refusing certain warning messages that are sent over SMTP.
|
15-10-2018 - 21:36 | 28-08-2007 - 01:17 | |
CVE-2007-4255 | 7.5 |
Buffer overflow in the mSQL extension in PHP 5.2.3 allows context-dependent attackers to execute arbitrary code via a long first argument to the msql_connect function.
|
15-10-2018 - 21:34 | 08-08-2007 - 23:17 | |
CVE-2007-4251 | 4.3 |
OpenOffice.org (OOo) 2.2 does not properly handle files with multiple extensions, which allows user-assisted remote attackers to cause a denial of service.
|
15-10-2018 - 21:34 | 08-08-2007 - 23:17 | |
CVE-2007-4229 | 4.3 |
Unspecified vulnerability in KDE Konqueror 3.5.7 and earlier allows remote attackers to cause a denial of service (failed assertion and application crash) via certain malformed HTML, as demonstrated by a document containing TEXTAREA, BUTTON, BR, BDO,
|
15-10-2018 - 21:34 | 08-08-2007 - 22:17 | |
CVE-2007-4138 | 6.9 |
The Winbind nss_info extension (nsswitch/idmap_ad.c) in idmap_ad.so in Samba 3.0.25 through 3.0.25c, when the "winbind nss info" option is set to rfc2307 or sfu, grants all local users the privileges of gid 0 when the (1) RFC2307 or (2) Services for
|
15-10-2018 - 21:33 | 14-09-2007 - 01:17 | |
CVE-2007-4038 | 4.3 |
Argument injection vulnerability in Mozilla Firefox before 2.0.0.5, when running on systems with Thunderbird 1.5 installed and certain URIs registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands
|
15-10-2018 - 21:33 | 27-07-2007 - 22:30 | |
CVE-2007-4224 | 4.3 |
KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar by calling setInterval with a small interval and changing the window.location property.
|
15-10-2018 - 21:33 | 08-08-2007 - 21:17 | |
CVE-2007-4091 | 6.8 |
Multiple off-by-one errors in the sender.c in rsync 2.6.9 might allow remote attackers to execute arbitrary code via directory names that are not properly handled when calling the f_name function.
|
15-10-2018 - 21:33 | 16-08-2007 - 00:17 | |
CVE-2007-4033 | 7.5 |
Buffer overflow in the intT1_EnvGetCompletePath function in lib/t1lib/t1env.c in t1lib 5.1.1 allows context-dependent attackers to execute arbitrary code via a long FileName parameter. NOTE: this issue was originally reported to be in the imagepsloa
|
15-10-2018 - 21:32 | 27-07-2007 - 22:30 | |
CVE-2007-3844 | 4.3 |
Mozilla Firefox 2.0.0.5, Thunderbird 2.0.0.5 and before 1.5.0.13, and SeaMonkey 1.1.3 allows remote attackers to conduct cross-site scripting (XSS) attacks with chrome privileges via an addon that inserts a (1) javascript: or (2) data: link into an a
|
15-10-2018 - 21:31 | 08-08-2007 - 01:17 | |
CVE-2007-3820 | 2.6 |
konqueror/konq_combo.cc in Konqueror 3.5.7 allows remote attackers to spoof the data: URI scheme in the address bar via a long URI with trailing whitespace, which prevents the beginning of the URI from being displayed.
|
15-10-2018 - 21:31 | 17-07-2007 - 01:30 | |
CVE-2007-3782 | 3.5 |
MySQL Community Server before 5.0.45 allows remote authenticated users to gain update privileges for a table in another database via a view that refers to this external table.
|
15-10-2018 - 21:30 | 15-07-2007 - 22:30 | |
CVE-2007-3781 | 4.0 |
MySQL Community Server before 5.0.45 does not require privileges such as SELECT for the source table in a CREATE TABLE LIKE statement, which allows remote authenticated users to obtain sensitive information such as the table structure.
|
15-10-2018 - 21:30 | 15-07-2007 - 22:30 | |
CVE-2006-3587 | 5.1 |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to execute arbitrary commands via a malformed .swf file that results in "multiple improper memory access" errors.
|
12-10-2018 - 21:40 | 13-07-2006 - 21:05 | |
CVE-2006-3588 | 2.6 |
Unspecified vulnerability in Adobe (Macromedia) Flash Player 8.0.24.0 allows remote attackers to cause a denial of service (browser crash) via a malformed, compressed .swf file, a different issue than CVE-2006-3587.
|
12-10-2018 - 21:40 | 13-07-2006 - 21:05 | |
CVE-2009-0361 | 4.6 |
Russ Allbery pam-krb5 before 3.13, as used by libpam-heimdal, su in Solaris 10, and other software, does not properly handle calls to pam_setcred when running setuid, which allows local users to overwrite and change the ownership of arbitrary files b
|
11-10-2018 - 21:01 | 13-02-2009 - 17:30 | |
CVE-2009-0360 | 6.2 |
Russ Allbery pam-krb5 before 3.13, when linked against MIT Kerberos, does not properly initialize the Kerberos libraries for setuid use, which allows local users to gain privileges by pointing an environment variable to a modified Kerberos configurat
|
11-10-2018 - 21:01 | 13-02-2009 - 17:30 | |
CVE-2009-0478 | 5.0 |
Squid 2.7 to 2.7.STABLE5, 3.0 to 3.0.STABLE12, and 3.1 to 3.1.0.4 allows remote attackers to cause a denial of service via an HTTP request with an invalid version number, which triggers a reachable assertion in (1) HttpMsg.c and (2) HttpStatusLine.c.
|
11-10-2018 - 21:01 | 08-02-2009 - 22:30 | |
CVE-2009-0164 | 6.4 |
The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
|
11-10-2018 - 21:00 | 24-04-2009 - 15:30 | |
CVE-2008-6218 | 7.1 |
Memory leak in the png_handle_tEXt function in pngrutil.c in libpng before 1.2.33 rc02 and 1.4.0 beta36 allows context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted PNG file.
|
11-10-2018 - 20:57 | 20-02-2009 - 17:30 | |
CVE-2008-5658 | 7.5 |
Directory traversal vulnerability in the ZipArchive::extractTo function in PHP 5.2.6 and earlier allows context-dependent attackers to write arbitrary files via a ZIP file with a file whose name contains .. (dot dot) sequences.
|
11-10-2018 - 20:56 | 17-12-2008 - 20:30 | |
CVE-2008-5624 | 7.5 |
PHP 5 before 5.2.7 does not properly initialize the page_uid and page_gid global variables for use by the SAPI php_getuid function, which allows context-dependent attackers to bypass safe_mode restrictions via variable settings that are intended to b
|
11-10-2018 - 20:56 | 17-12-2008 - 17:30 | |
CVE-2008-5715 | 5.0 |
Mozilla Firefox 3.0.5 on Windows Vista allows remote attackers to cause a denial of service (application crash) via JavaScript code with a long string value for the hash property (aka location.hash). NOTE: it was later reported that earlier versions
|
11-10-2018 - 20:56 | 24-12-2008 - 18:29 | |
CVE-2008-5625 | 7.5 |
PHP 5 before 5.2.7 does not enforce the error_log safe_mode restrictions when safe_mode is enabled through a php_admin_flag setting in httpd.conf, which allows context-dependent attackers to write to arbitrary files by placing a "php_value error_log"
|
11-10-2018 - 20:56 | 17-12-2008 - 17:30 | |
CVE-2008-5393 | 10.0 |
UPR-Kernel in Ubuntu Privacy Remix (UPR) before 8.04_r1 includes kernel support for mounting RAID arrays, which might allow remote attackers to bypass intended isolation mechanisms by (1) reading from or (2) writing to these arrays.
|
11-10-2018 - 20:55 | 09-12-2008 - 00:30 | |
CVE-2008-5394 | 7.2 |
/bin/login in shadow 4.0.18.1 in Debian GNU/Linux, and probably other Linux distributions, allows local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp e
|
11-10-2018 - 20:55 | 09-12-2008 - 00:30 | |
CVE-2008-5161 | 2.6 |
Error handling in the SSH protocol in (1) SSH Tectia Client and Server and Connector 4.0 through 4.4.11, 5.0 through 5.2.4, and 5.3 through 5.3.8; Client and Server and ConnectSecure 6.0 through 6.0.4; Server for Linux on IBM System z 6.0.4; Server f
|
11-10-2018 - 20:54 | 19-11-2008 - 17:30 | |
CVE-2008-5303 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5302 | 6.9 |
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, an
|
11-10-2018 - 20:54 | 01-12-2008 - 17:30 | |
CVE-2008-5285 | 5.0 |
Wireshark 1.0.4 and earlier allows remote attackers to cause a denial of service via a long SMTP request, which triggers an infinite loop.
|
11-10-2018 - 20:54 | 01-12-2008 - 15:30 | |
CVE-2008-4552 | 7.5 |
The good_client function in nfs-utils 1.0.9, and possibly other versions before 1.1.3, invokes the hosts_ctl function with the wrong order of arguments, which causes TCP Wrappers to ignore netgroups and allows remote attackers to bypass intended acce
|
11-10-2018 - 20:52 | 14-10-2008 - 20:00 | |
CVE-2008-4685 | 5.0 |
Use-after-free vulnerability in the dissect_q931_cause_ie function in packet-q931.c in the Q.931 dissector in Wireshark 0.10.3 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via certain packets that tr
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4680 | 4.3 |
packet-usb.c in the USB dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a malformed USB Request Block (URB).
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4578 | 5.0 |
The ACL plugin in Dovecot before 1.1.4 allows attackers to bypass intended access restrictions by using the "k" right to create unauthorized "parent/child/child" mailboxes.
|
11-10-2018 - 20:52 | 15-10-2008 - 20:08 | |
CVE-2008-4682 | 5.0 |
wtap.c in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application abort) via a malformed Tamos CommView capture file (aka .ncf file) with an "unknown/unexpected packet type" that triggers a failed assertion.
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4681 | 4.3 |
Unspecified vulnerability in the Bluetooth RFCOMM dissector in Wireshark 0.99.7 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via unknown packets.
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4684 | 4.3 |
packet-frame in Wireshark 0.99.2 through 1.0.3 does not properly handle exceptions thrown by post dissectors, which allows remote attackers to cause a denial of service (application crash) via a certain series of packets, as demonstrated by enabling
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4683 | 5.0 |
The dissect_btacl function in packet-bthci_acl.c in the Bluetooth ACL dissector in Wireshark 0.99.2 through 1.0.3 allows remote attackers to cause a denial of service (application crash or abort) via a packet with an invalid length, related to an err
|
11-10-2018 - 20:52 | 22-10-2008 - 18:00 | |
CVE-2008-4382 | 5.0 |
Konqueror in KDE 3.5.9 allows remote attackers to cause a denial of service (application crash) via Javascript that calls the alert function with a URL-encoded string of a large number of invalid characters.
|
11-10-2018 - 20:51 | 02-10-2008 - 18:18 | |
CVE-2008-4113 | 4.7 |
The sctp_getsockopt_hmac_ident function in net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, relies on an untrusted length value to limit
|
11-10-2018 - 20:50 | 16-09-2008 - 23:00 | |
CVE-2008-3895 | 2.1 |
LILO 22.6.1 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations associ
|
11-10-2018 - 20:50 | 03-09-2008 - 14:12 | |
CVE-2008-3889 | 2.1 |
Postfix 2.4 before 2.4.9, 2.5 before 2.5.5, and 2.6 before 2.6-20080902, when used with the Linux 2.6 kernel, leaks epoll file descriptors during execution of "non-Postfix" commands, which allows local users to cause a denial of service (application
|
11-10-2018 - 20:50 | 12-09-2008 - 16:56 | |
CVE-2008-3896 | 2.1 |
Grub Legacy 0.97 and earlier stores pre-boot authentication passwords in the BIOS Keyboard buffer and does not clear this buffer before and after use, which allows local users to obtain sensitive information by reading the physical memory locations a
|
11-10-2018 - 20:50 | 03-09-2008 - 14:12 | |
CVE-2008-3825 | 4.4 |
pam_krb5 2.2.14 in Red Hat Enterprise Linux (RHEL) 5 and earlier, when the existing_ticket option is enabled, uses incorrect privileges when reading a Kerberos credential cache, which allows local users to gain privileges by setting the KRB5CCNAME en
|
11-10-2018 - 20:49 | 03-10-2008 - 15:07 | |
CVE-2008-3792 | 7.1 |
net/sctp/socket.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4 does not verify that the SCTP-AUTH extension is enabled before proceeding with SCTP-AUTH API functions, which allows attackers to
|
11-10-2018 - 20:49 | 03-09-2008 - 14:12 | |
CVE-2008-3659 | 6.4 |
Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
CVE-2008-3658 | 7.5 |
Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file. Mi
|
11-10-2018 - 20:49 | 15-08-2008 - 00:41 | |
CVE-2008-3663 | 5.0 |
Squirrelmail 1.4.15 does not set the secure flag for the session cookie in an https session, which can cause the cookie to be sent in http requests and make it easier for remote attackers to capture this cookie.
|
11-10-2018 - 20:49 | 24-09-2008 - 14:56 | |
CVE-2008-3139 | 5.0 |
The RTMPT dissector in Wireshark (formerly Ethereal) 0.99.8 through 1.0.0 allows remote attackers to cause a denial of service (crash) via unknown vectors. NOTE: this might be due to a use-after-free error.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3138 | 5.0 |
The (1) PANA and (2) KISMET dissectors in Wireshark (formerly Ethereal) 0.99.3 through 1.0.0 allow remote attackers to cause a denial of service (application stop) via unknown vectors.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3294 | 3.7 |
src/configure.in in Vim 5.0 through 7.1, when used for a build with Python support, does not ensure that the Makefile-conf temporary file has the intended ownership and permissions, which allows local users to execute arbitrary code by modifying this
|
11-10-2018 - 20:47 | 24-07-2008 - 18:41 | |
CVE-2008-3141 | 4.9 |
Unspecified vulnerability in the RMI dissector in Wireshark (formerly Ethereal) 0.9.5 through 1.0.0 allows remote attackers to read system memory via unspecified vectors.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3145 | 5.0 |
The fragment_add_work function in epan/reassemble.c in Wireshark 0.8.19 through 1.0.1 allows remote attackers to cause a denial of service (crash) via a series of fragmented packets with non-sequential fragmentation offset values, which lead to a buf
|
11-10-2018 - 20:47 | 16-07-2008 - 18:41 | |
CVE-2008-3137 | 4.3 |
The GSM SMS dissector in Wireshark (formerly Ethereal) 0.99.2 through 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors.
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-3140 | 5.0 |
The syslog dissector in Wireshark (formerly Ethereal) 1.0.0 allows remote attackers to cause a denial of service (application crash) via unknown vectors, possibly related to an "incomplete SS7 MSU syslog encapsulated packet."
|
11-10-2018 - 20:47 | 10-07-2008 - 23:41 | |
CVE-2008-2950 | 7.5 |
The Page destructor in Page.cc in libpoppler in Poppler 0.8.4 and earlier deletes a pageWidgets object even if it is not initialized by a Page constructor, which allows remote attackers to execute arbitrary code via a crafted PDF document.
|
11-10-2018 - 20:45 | 07-07-2008 - 23:41 | |
CVE-2008-2937 | 1.9 |
Postfix 2.5 before 2.5.4 and 2.6 before 2.6-20080814 delivers to a mailbox file even when this file is not owned by the recipient, which allows local users to read e-mail messages by creating a mailbox file corresponding to another user's account nam
|
11-10-2018 - 20:45 | 18-08-2008 - 19:41 | |
CVE-2008-2666 | 5.0 |
Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safe_mode restrictions by creating a subdirectory named http: and then placing ../ (dot dot slash) sequences in an http URL argument to
|
11-10-2018 - 20:42 | 20-06-2008 - 01:41 | |
CVE-2008-2665 | 5.0 |
Directory traversal vulnerability in the posix_access function in PHP 5.2.6 and earlier allows remote attackers to bypass safe_mode restrictions via a .. (dot dot) in an http URL, which results in the URL being canonicalized to a local filename after
|
11-10-2018 - 20:42 | 20-06-2008 - 01:41 | |
CVE-2008-2357 | 6.8 |
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this
|
11-10-2018 - 20:40 | 21-05-2008 - 13:24 | |
CVE-2008-1675 | 7.2 |
The bdx_ioctl_priv function in the tehuti driver (tehuti.c) in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading
|
11-10-2018 - 20:36 | 02-05-2008 - 16:05 | |
CVE-2008-1657 | 6.5 |
OpenSSH 4.4 up to versions before 4.9 allows remote authenticated users to bypass the sshd_config ForceCommand directive by modifying the .ssh/rc session file.
|
11-10-2018 - 20:35 | 02-04-2008 - 18:44 | |
CVE-2008-1561 | 5.0 |
Multiple unspecified vulnerabilities in Wireshark (formerly Ethereal) 0.99.5 through 0.99.8 allow remote attackers to cause a denial of service (application crash) via a malformed packet to the (1) X.509sat or (2) Roofnet dissectors. NOTE: Vector 2
|
11-10-2018 - 20:35 | 31-03-2008 - 22:44 | |
CVE-2008-1552 | 6.8 |
The silc_pkcs1_decode function in the silccrypt library (silcpkcs1.c) in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.7, SILC Client before 1.1.4, and SILC Server before 1.1.2 allows remote attackers to execute arbitrary code via a cra
|
11-10-2018 - 20:35 | 31-03-2008 - 17:44 | |
CVE-2008-1562 | 5.0 |
The LDAP dissector in Wireshark (formerly Ethereal) 0.99.2 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet, a different vulnerability than CVE-2006-5740.
|
11-10-2018 - 20:35 | 31-03-2008 - 22:44 | |
CVE-2008-1563 | 4.3 |
The "decode as" feature in packet-bssap.c in the SCCP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.8 allows remote attackers to cause a denial of service (application crash) via a malformed packet.
|
11-10-2018 - 20:35 | 31-03-2008 - 22:44 | |
CVE-2008-1483 | 6.9 |
OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 (IPv4) and
|
11-10-2018 - 20:35 | 24-03-2008 - 23:44 | |
CVE-2008-1391 | 7.5 |
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to
|
11-10-2018 - 20:33 | 27-03-2008 - 17:44 | |
CVE-2008-1384 | 5.0 |
Integer overflow in PHP 5.2.5 and earlier allows context-dependent attackers to cause a denial of service and possibly have unspecified other impact via a printf format parameter with a large width specifier, related to the php_sprintf_appendstring f
|
11-10-2018 - 20:33 | 27-03-2008 - 17:44 | |
CVE-2008-1382 | 7.5 |
libpng 1.0.6 through 1.0.32, 1.2.0 through 1.2.26, and 1.4.0beta01 through 1.4.0beta19 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a PNG file with zero length "unknown" chunks, which
|
11-10-2018 - 20:32 | 14-04-2008 - 16:05 | |
CVE-2008-1372 | 4.3 |
bzlib.c in bzip2 before 1.0.5 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted file that triggers a buffer over-read, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
|
11-10-2018 - 20:32 | 18-03-2008 - 21:44 | |
CVE-2008-1364 | 7.8 |
Unspecified vulnerability in the DHCP service in VMware Workstation 5.5.x before 5.5.6, VMware Player 1.0.x before 1.0.6, VMware ACE 1.0.x before 1.0.5, VMware Server 1.0.x before 1.0.5, and VMware Fusion 1.1.x before 1.1.1 allows attackers to cause
|
11-10-2018 - 20:32 | 20-03-2008 - 00:44 | |
CVE-2008-1309 | 9.3 |
The RealAudioObjects.RealAudio ActiveX control in rmoc3260.dll in RealNetworks RealPlayer Enterprise, RealPlayer 10, RealPlayer 10.5 before build 6.0.12.1675, and RealPlayer 11 before 11.0.3 build 6.0.14.806 does not properly manage memory for the (1
|
11-10-2018 - 20:31 | 12-03-2008 - 17:44 | |
CVE-2008-1218 | 6.8 |
Argument injection vulnerability in Dovecot 1.0.x before 1.0.13, and 1.1.x before 1.1.rc3, when using blocking passdbs, allows remote attackers to bypass the password check via a password containing TAB characters, which are treated as argument delim
|
11-10-2018 - 20:30 | 10-03-2008 - 23:44 | |
CVE-2008-1199 | 4.4 |
Dovecot before 1.0.11, when configured to use mail_extra_groups to allow Dovecot to create dotlocks in /var/mail, might allow local users to read sensitive mail files for other users, or modify files or directories that are writable by group, via a s
|
11-10-2018 - 20:30 | 06-03-2008 - 21:44 | |
CVE-2008-1072 | 4.7 |
The TFTP dissector in Wireshark (formerly Ethereal) 0.6.0 through 0.99.7, when running on Ubuntu 7.10, allows remote attackers to cause a denial of service (crash or memory consumption) via a malformed packet, possibly related to a Cairo library bug.
|
11-10-2018 - 20:29 | 28-02-2008 - 22:44 | |
CVE-2008-1071 | 4.3 |
The SNMP dissector in Wireshark (formerly Ethereal) 0.99.6 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
|
11-10-2018 - 20:29 | 28-02-2008 - 22:44 | |
CVE-2008-1026 | 6.8 |
Integer overflow in the PCRE regular expression compiler (JavaScriptCore/pcre/pcre_compile.cpp) in Apple WebKit, as used in Safari before 3.1.1, allows remote attackers to execute arbitrary code via a regular expression with large, nested repetition
|
11-10-2018 - 20:29 | 17-04-2008 - 19:05 | |
CVE-2008-1070 | 5.0 |
The SCTP dissector in Wireshark (formerly Ethereal) 0.99.5 through 0.99.7 allows remote attackers to cause a denial of service (crash) via a malformed packet.
|
11-10-2018 - 20:29 | 28-02-2008 - 22:44 | |
CVE-2010-1083 | 4.7 |
The processcompl_compat function in drivers/usb/core/devio.c in Linux kernel 2.6.x through 2.6.32, and possibly other versions, does not clear the transfer buffer before returning to userspace when a USB command fails, which might make it easier for
|
10-10-2018 - 19:55 | 06-04-2010 - 22:30 | |
CVE-2010-1088 | 5.4 |
fs/namei.c in Linux kernel 2.6.18 through 2.6.34 does not always follow NFS automount "symlinks," which allows attackers to have an unknown impact, related to LOOKUP_FOLLOW.
|
10-10-2018 - 19:55 | 06-04-2010 - 22:30 | |
CVE-2010-1084 | 7.1 |
Linux kernel 2.6.18 through 2.6.33, and possibly other versions, allows remote attackers to cause a denial of service (memory corruption) via a large number of Bluetooth sockets, related to the size of sysfs files in (1) net/bluetooth/l2cap.c, (2) ne
|
10-10-2018 - 19:55 | 06-04-2010 - 22:30 | |
CVE-2010-1167 | 4.3 |
fetchmail 4.6.3 through 6.3.16, when debug mode is enabled, does not properly handle invalid characters in a multi-character locale, which allows remote attackers to cause a denial of service (memory consumption and application crash) via a crafted (
|
10-10-2018 - 19:55 | 07-05-2010 - 18:24 | |
CVE-2010-0622 | 2.1 |
The wake_futex_pi function in kernel/futex.c in the Linux kernel before 2.6.33-rc7 does not properly handle certain unlock operations for a Priority Inheritance (PI) futex, which allows local users to cause a denial of service (OOPS) and possibly hav
|
10-10-2018 - 19:53 | 15-02-2010 - 18:30 | |
CVE-2010-0426 | 6.9 |
sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges vi
|
10-10-2018 - 19:52 | 24-02-2010 - 18:30 | |
CVE-2010-0427 | 4.4 |
sudo 1.6.x before 1.6.9p21, when the runas_default option is used, does not properly set group memberships, which allows local users to gain privileges via a sudo command.
|
10-10-2018 - 19:52 | 25-02-2010 - 19:30 | |
CVE-2009-4308 | 7.1 |
The ext4_decode_error function in fs/ext4/super.c in the ext4 filesystem in the Linux kernel before 2.6.32 allows user-assisted remote attackers to cause a denial of service (NULL pointer dereference), and possibly have unspecified other impact, via
|
10-10-2018 - 19:48 | 13-12-2009 - 01:30 | |
CVE-2009-4034 | 5.8 |
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 c
|
10-10-2018 - 19:48 | 15-12-2009 - 18:30 | |
CVE-2009-4136 | 6.5 |
PostgreSQL 7.4.x before 7.4.27, 8.0.x before 8.0.23, 8.1.x before 8.1.19, 8.2.x before 8.2.15, 8.3.x before 8.3.9, and 8.4.x before 8.4.2 does not properly manage session-local state during execution of an index function by a database superuser, whic
|
10-10-2018 - 19:48 | 15-12-2009 - 18:30 | |
CVE-2009-4029 | 4.4 |
The (1) dist or (2) distcheck rules in GNU Automake 1.11.1, 1.10.3, and release branches branch-1-4 through branch-1-9, when producing a distribution tarball for a package that uses Automake, assign insecure permissions (777) to directories in the bu
|
10-10-2018 - 19:48 | 20-12-2009 - 02:30 | |
CVE-2009-3229 | 4.0 |
The core server component in PostgreSQL 8.4 before 8.4.1, 8.3 before 8.3.8, and 8.2 before 8.2.14 allows remote authenticated users to cause a denial of service (backend shutdown) by "re-LOAD-ing" libraries from a certain plugins directory.
|
10-10-2018 - 19:43 | 17-09-2009 - 10:30 | |
CVE-2009-2847 | 4.9 |
The do_sigaltstack function in kernel/signal.c in Linux kernel 2.4 through 2.4.37 and 2.6 before 2.6.31-rc5, when running on 64-bit systems, does not clear certain padding bytes from a structure, which allows local users to obtain sensitive informati
|
10-10-2018 - 19:42 | 18-08-2009 - 21:00 | |
CVE-2009-2537 | 4.3 |
KDE Konqueror allows remote attackers to cause a denial of service (memory consumption) via a large integer value for the length property of a Select object, a related issue to CVE-2009-1692.
|
10-10-2018 - 19:40 | 20-07-2009 - 18:30 | |
CVE-2009-1384 | 5.0 |
pam_krb5 2.2.14 through 2.3.4, as used in Red Hat Enterprise Linux (RHEL) 5, generates different password prompts depending on whether the user account exists, which allows remote attackers to enumerate valid usernames.
|
10-10-2018 - 19:36 | 28-05-2009 - 20:30 | |
CVE-2009-1349 | 4.3 |
Cross-site scripting (XSS) vulnerability in C2Net Stronghold 2.3 allows remote attackers to inject arbitrary web script or HTML via the URI.
|
10-10-2018 - 19:36 | 21-04-2009 - 15:30 | |
CVE-2009-1338 | 4.6 |
The kill_something_info function in kernel/signal.c in the Linux kernel before 2.6.28 does not consider PID namespaces when processing signals directed to PID -1, which allows local users to bypass the intended namespace isolation, and send arbitrary
|
10-10-2018 - 19:36 | 22-04-2009 - 15:30 | |
CVE-2009-1267 | 5.0 |
Unspecified vulnerability in the LDAP dissector in Wireshark 0.99.2 through 1.0.6, when running on Windows, allows remote attackers to cause a denial of service (crash) via unknown attack vectors.
|
10-10-2018 - 19:35 | 13-04-2009 - 16:30 | |
CVE-2009-1298 | 7.8 |
The ip_frag_reasm function in net/ipv4/ip_fragment.c in the Linux kernel 2.6.32-rc8, and 2.6.29 and later versions before 2.6.32, calls IP_INC_STATS_BH with an incorrect argument, which allows remote attackers to cause a denial of service (NULL point
|
10-10-2018 - 19:35 | 08-12-2009 - 23:30 | |
CVE-2009-0922 | 4.0 |
PostgreSQL before 8.3.7, 8.2.13, 8.1.17, 8.0.21, and 7.4.25 allows remote authenticated users to cause a denial of service (stack consumption and crash) by triggering a failure in the conversion of a localized error message to a client-specified enco
|
10-10-2018 - 19:32 | 17-03-2009 - 17:30 | |
CVE-2009-0847 | 4.3 |
The asn1buf_imbed function in the ASN.1 decoder in MIT Kerberos 5 (aka krb5) 1.6.3, when PK-INIT is used, allows remote attackers to cause a denial of service (application crash) via a crafted length value that triggers an erroneous malloc call, rela
|
10-10-2018 - 19:32 | 09-04-2009 - 00:30 | |
CVE-2009-0745 | 4.9 |
The ext4_group_add function in fs/ext4/resize.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not properly initialize the group descriptor during a resize (aka resize2fs) operation, which might allow local users to cause
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0675 | 2.1 |
The skfp_ioctl function in drivers/net/skfp/skfddi.c in the Linux kernel before 2.6.28.6 permits SKFP_CLR_STATS requests only when the CAP_NET_ADMIN capability is absent, instead of when this capability is present, which allows local users to reset t
|
10-10-2018 - 19:30 | 22-02-2009 - 22:30 | |
CVE-2009-0746 | 4.9 |
The make_indexed_dir function in fs/ext4/namei.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate a certain rec_len field, which allows local users to cause a denial of service (OOPS) by attempting to mount a c
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0747 | 4.9 |
The ext4_isize function in fs/ext4/ext4.h in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 uses the i_size_high structure member during operations on arbitrary types of files, which allows local users to cause a denial of servic
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-0755 | 5.0 |
The FormWidgetChoice::loadDefaults function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file with an invalid Form Opt entry.
|
10-10-2018 - 19:30 | 03-03-2009 - 16:30 | |
CVE-2009-0756 | 5.0 |
The JBIG2Stream::readSymbolDictSeg function in Poppler before 0.10.4 allows remote attackers to cause a denial of service (crash) via a PDF file that triggers a parsing error, which is not properly handled by JBIG2SymbolDict::~JBIG2SymbolDict and tri
|
10-10-2018 - 19:30 | 03-03-2009 - 16:30 | |
CVE-2009-0748 | 4.9 |
The ext4_fill_super function in fs/ext4/super.c in the Linux kernel 2.6.27 before 2.6.27.19 and 2.6.28 before 2.6.28.7 does not validate the superblock configuration, which allows local users to cause a denial of service (NULL pointer dereference and
|
10-10-2018 - 19:30 | 27-02-2009 - 17:30 | |
CVE-2009-1271 | 5.0 |
The JSON_parser function (ext/json/JSON_parser.c) in PHP 5.2.x before 5.2.9 allows remote attackers to cause a denial of service (segmentation fault) via a malformed string to the json_decode API function.
|
03-10-2018 - 21:59 | 08-04-2009 - 18:30 | |
CVE-2008-5713 | 4.9 |
The __qdisc_run function in net/sched/sch_generic.c in the Linux kernel before 2.6.25 on SMP machines allows local users to cause a denial of service (soft lockup) by sending a large amount of network traffic, as demonstrated by multiple simultaneous
|
03-10-2018 - 21:57 | 24-12-2008 - 18:29 | |
CVE-2009-0022 | 6.3 |
Samba 3.2.0 through 3.2.6, when registry shares are enabled, allows remote authenticated users to access the root filesystem via a crafted connection request that specifies a blank share name. Patch Information - http://www.samba.org/samba/history/se
|
03-10-2018 - 21:57 | 05-01-2009 - 20:30 | |
CVE-2008-5134 | 10.0 |
Buffer overflow in the lbs_process_bss function in drivers/net/wireless/libertas/scan.c in the libertas subsystem in the Linux kernel before 2.6.27.5 allows remote attackers to have an unknown impact via an "invalid beacon/probe response."
|
03-10-2018 - 21:56 | 18-11-2008 - 16:00 | |
CVE-2008-1694 | 4.6 |
vcdiff in Emacs 20.7 to 22.1.50, when used with SCCS, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
03-10-2018 - 21:54 | 22-04-2008 - 04:41 | |
CVE-2007-6341 | 5.0 |
Net/DNS/RR/A.pm in Net::DNS 0.60 build 654, as used in packages such as SpamAssassin and OTRS, allows remote attackers to cause a denial of service (program "croak") via a crafted DNS response.
|
03-10-2018 - 21:51 | 20-12-2007 - 23:46 | |
CVE-2007-6109 | 10.0 |
Stack-based buffer overflow in emacs allows user-assisted attackers to cause a denial of service (application crash) and possibly have unspecified other impact via a large precision value in an integer format string specifier to the format function,
|
03-10-2018 - 21:51 | 07-12-2007 - 11:46 | |
CVE-2007-4661 | 7.5 |
The chunk_split function in string.c in PHP 5.2.3 does not properly calculate the needed buffer size due to precision loss when performing integer arithmetic with floating point numbers, which has unknown attack vectors and impact, possibly resulting
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4662 | 7.5 |
Buffer overflow in the php_openssl_make_REQ function in PHP before 5.2.4 has unknown impact and attack vectors.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4660 | 7.5 |
Unspecified vulnerability in the chunk_split function in PHP before 5.2.4 has unknown impact and attack vectors, related to an incorrect size calculation.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-4658 | 7.5 |
The money_format function in PHP 5 before 5.2.4, and PHP 4 before 4.4.8, permits multiple (1) %i and (2) %n tokens, which has unknown impact and attack vectors, possibly related to a format string vulnerability.
|
03-10-2018 - 21:48 | 04-09-2007 - 22:17 | |
CVE-2007-3799 | 4.3 |
The session_start function in ext/session in PHP 4.x up to 4.4.7 and 5.x up to 5.2.3 allows remote attackers to insert arbitrary attributes into the session cookie via special characters in a cookie that is obtained from (1) PATH_INFO, (2) the sessio
|
03-10-2018 - 21:47 | 16-07-2007 - 22:30 | |
CVE-2007-4351 | 10.0 |
Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-ba
|
03-10-2018 - 21:47 | 31-10-2007 - 22:46 | |
CVE-2006-7236 | 9.3 |
The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences.
|
03-10-2018 - 21:45 | 02-01-2009 - 18:11 | |
CVE-2006-2906 | 5.4 |
The LZW decoding in the gdImageCreateFromGifPtr function in the Thomas Boutell graphics draw (GD) library (aka libgd) 2.0.33 allows remote attackers to cause a denial of service (CPU consumption) via malformed GIF data that causes an infinite loop.
|
03-10-2018 - 21:43 | 08-06-2006 - 16:06 | |
CVE-2006-2193 | 7.5 |
Buffer overflow in the t2p_write_pdf_string function in tiff2pdf in libtiff 3.8.2 and earlier allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a TIFF file with a DocumentName tag that contains UTF-8 charac
|
03-10-2018 - 21:40 | 08-06-2006 - 19:06 | |
CVE-2006-1057 | 3.7 |
Race condition in daemon/slave.c in gdm before 2.14.1 allows local users to gain privileges via a symlink attack when gdm performs chown and chgrp operations on the .ICEauthority file.
|
03-10-2018 - 21:36 | 25-04-2006 - 01:02 | |
CVE-2005-4268 | 3.7 |
Buffer overflow in cpio 2.6-8.FC4 on 64-bit platforms, when creating a cpio archive, allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a file whose size is represented by more than 8 digits.
|
03-10-2018 - 21:34 | 15-12-2005 - 18:11 | |
CVE-2006-0151 | 7.2 |
sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
|
03-10-2018 - 21:34 | 09-01-2006 - 23:03 | |
CVE-2005-2959 | 4.6 |
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though oth
|
03-10-2018 - 21:31 | 25-10-2005 - 16:02 | |
CVE-2005-3183 | 4.3 |
The HTBoundary_put_block function in HTBound.c for W3C libwww (w3c-libwww) allows remote servers to cause a denial of service (segmentation fault) via a crafted multipart/byteranges MIME message that triggers an out-of-bounds read.
|
03-10-2018 - 21:31 | 12-10-2005 - 22:02 | |
CVE-2005-3054 | 2.1 |
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directori
|
03-10-2018 - 21:31 | 26-09-2005 - 19:03 | |
CVE-2005-0605 | 7.5 |
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
|
03-10-2018 - 21:29 | 02-03-2005 - 05:00 | |
CVE-2006-6772 | 9.3 |
Format string vulnerability in the inputAnswer function in file.c in w3m before 0.5.2, when run with the dump or backend option, allows remote attackers to execute arbitrary code via format string specifiers in the Common Name (CN) field of an SSL ce
|
13-08-2018 - 21:47 | 27-12-2006 - 23:28 | |
CVE-2004-0941 | 10.0 |
Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 and earlier may allow remote attackers to execute arbitrary code via malformed image files that trigger the overflows due to improper calls to the gdMalloc function, a different set
|
03-05-2018 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2000-1137 | 4.6 |
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
|
03-05-2018 - 01:29 | 09-01-2001 - 05:00 | |
CVE-2003-0695 | 7.5 |
Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a differe
|
03-05-2018 - 01:29 | 06-10-2003 - 04:00 | |
CVE-2003-0544 | 5.0 |
OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characters in certain ASN.1 inputs, which allows remote attackers to cause a denial of service (crash) via an SSL client certificate that causes OpenSSL to read past the end of a buffer wh
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2005-2969 | 5.0 |
The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allow
|
03-05-2018 - 01:29 | 18-10-2005 - 21:02 | |
CVE-2005-1751 | 3.7 |
Race condition in shtool 2.0.1 and earlier allows local users to create or modify arbitrary files via a symlink attack on the .shtool.$$ temporary file, a different vulnerability than CVE-2005-1759.
|
03-05-2018 - 01:29 | 25-05-2005 - 04:00 | |
CVE-2003-0682 | 7.5 |
"Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
|
03-05-2018 - 01:29 | 06-10-2003 - 04:00 | |
CVE-2003-0543 | 5.0 |
Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to cause a denial of service (crash) via an SSL client certificate with certain ASN.1 tag values.
|
03-05-2018 - 01:29 | 17-11-2003 - 05:00 | |
CVE-2000-1199 | 4.6 |
PostgreSQL stores usernames and passwords in plaintext in (1) pg_shadow and (2) pg_pwd, which allows attackers with sufficient privileges to gain access to databases.
|
19-12-2017 - 02:29 | 31-08-2001 - 04:00 | |
CVE-2007-6358 | 4.9 |
pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked
|
16-11-2017 - 02:29 | 15-12-2007 - 01:46 | |
CVE-2006-6719 | 5.0 |
The ftp_syst function in ftp-basic.c in Free Software Foundation (FSF) GNU wget 1.10.2 allows remote attackers to cause a denial of service (application crash) via a malicious FTP server with a large number of blank 220 responses to the SYST command.
|
19-10-2017 - 01:29 | 23-12-2006 - 11:28 | |
CVE-2006-4124 | 4.6 |
The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUG_FILE environment variable, which is used to create world-writable files when libXm is run from a setuid program.
|
19-10-2017 - 01:29 | 14-08-2006 - 23:04 | |
CVE-1999-1572 | 2.1 |
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files
|
19-10-2017 - 01:29 | 16-07-1996 - 04:00 | |
CVE-2006-2440 | 7.5 |
Heap-based buffer overflow in the libMagick component of ImageMagick 6.0.6.2 might allow attackers to execute arbitrary code via an image index array that triggers the overflow during filename glob expansion by the ExpandFilenames function.
|
12-10-2017 - 01:29 | 18-05-2006 - 10:02 | |
CVE-2007-2721 | 4.3 |
The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted attackers to cause a denial of service (crash) and possibly corrupt the heap via malformed image files, as origina
|
11-10-2017 - 01:32 | 16-05-2007 - 20:30 | |
CVE-2007-1900 | 5.0 |
CRLF injection vulnerability in the FILTER_VALIDATE_EMAIL filter in ext/filter in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to inject arbitrary e-mail headers via an e-mail address with a '\n' character, which causes a regular expression
|
11-10-2017 - 01:32 | 10-04-2007 - 18:19 | |
CVE-2007-2027 | 4.4 |
Untrusted search path vulnerability in the add_filename_to_string function in intl/gettext/loadmsgcat.c for Elinks 0.11.1 allows local users to cause Elinks to use an untrusted gettext message catalog (.po file) in a "../po" directory, which can be l
|
11-10-2017 - 01:32 | 13-04-2007 - 18:19 | |
CVE-2007-2756 | 4.3 |
The gdPngReadData function in libgd 2.0.34 allows user-assisted attackers to cause a denial of service (CPU consumption) via a crafted PNG image with truncated data, which causes an infinite loop in the png_read_info function in libpng.
|
11-10-2017 - 01:32 | 18-05-2007 - 18:30 | |
CVE-2007-3104 | 4.9 |
The sysfs_readdir function in the Linux kernel 2.6, as used in Red Hat Enterprise Linux (RHEL) 4.5 and other distributions, allows users to cause a denial of service (kernel OOPS) by dereferencing a null pointer to an inode in a dentry.
|
11-10-2017 - 01:32 | 26-06-2007 - 18:30 | |
CVE-2007-3380 | 5.0 |
The Distributed Lock Manager (DLM) in the cluster manager for Linux kernel 2.6.15 allows remote attackers to cause a denial of service (loss of lock services) by connecting to the DLM port, which probably prevents other processes from accessing the s
|
11-10-2017 - 01:32 | 20-07-2007 - 23:30 | |
CVE-2007-3294 | 7.5 |
Multiple buffer overflows in libtidy, as used in the Tidy extension for PHP 5.2.3 and possibly other products, allow context-dependent attackers to execute arbitrary code via (1) a long second argument to the tidy_parse_string function or (2) an unsp
|
11-10-2017 - 01:32 | 20-06-2007 - 21:30 | |
CVE-2007-2878 | 4.9 |
The VFAT compat ioctls in the Linux kernel before 2.6.21.2, when run on a 64-bit system, allow local users to corrupt a kernel_dirent struct and cause a denial of service (system crash) via unknown vectors.
|
11-10-2017 - 01:32 | 29-05-2007 - 20:30 | |
CVE-2007-2683 | 3.5 |
Buffer overflow in Mutt 1.4.2 might allow local users to execute arbitrary code via "&" characters in the GECOS field, which triggers the overflow during alias expansion.
|
11-10-2017 - 01:32 | 15-05-2007 - 21:19 | |
CVE-2006-6053 | 4.9 |
The ext3fs_dirhash function in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext3 stream with malformed data structures.
|
11-10-2017 - 01:31 | 22-11-2006 - 01:07 | |
CVE-2006-6142 | 6.8 |
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.0 through 1.4.9 allow remote attackers to inject arbitrary web script or HTML via the (1) mailto parameter in (a) webmail.php, the (2) session and (3) delete_draft parameters in
|
11-10-2017 - 01:31 | 05-12-2006 - 11:28 | |
CVE-2006-6107 | 1.7 |
Unspecified vulnerability in the match_rule_equal function in bus/signals.c in D-Bus before 1.0.2 allows local applications to remove match rules for other applications and cause a denial of service (lost process messages). This vulnrability is addre
|
11-10-2017 - 01:31 | 14-12-2006 - 00:28 | |
CVE-2006-7108 | 4.1 |
login in util-linux-2.12a skips pam_acct_mgmt and chauth_tok when authentication is skipped, such as when a Kerberos krlogin session has been established, which might allow users to bypass intended access policies that would be enforced by pam_acct_m
|
11-10-2017 - 01:31 | 04-03-2007 - 22:19 | |
CVE-2006-6056 | 4.9 |
Linux kernel 2.6.x up to 2.6.18 and possibly other versions, when SELinux hooks are enabled, allows local users to cause a denial of service (crash) via a malformed file stream that triggers a NULL pointer dereference in the superblock_doinit functio
|
11-10-2017 - 01:31 | 22-11-2006 - 01:07 | |
CVE-2006-6054 | 4.0 |
The ext2 file system code in Linux kernel 2.6.x allows local users to cause a denial of service (crash) via an ext2 stream with malformed data structures that triggers an error in the ext2_check_page due to a length that is smaller than the minimum.
|
11-10-2017 - 01:31 | 22-11-2006 - 01:07 | |
CVE-2006-6921 | 2.1 |
Unspecified versions of the Linux kernel allow local users to cause a denial of service (unrecoverable zombie process) via a program with certain instructions that prevent init from properly reaping a child whose parent has died.
|
11-10-2017 - 01:31 | 12-01-2007 - 23:28 | |
CVE-2006-5757 | 1.2 |
Race condition in the __find_get_block_slow function in the ISO9660 filesystem in Linux 2.6.18 and possibly other versions allows local users to cause a denial of service (infinite loop) by mounting a crafted ISO9660 filesystem containing malformed d
|
11-10-2017 - 01:31 | 06-11-2006 - 20:07 | |
CVE-2006-6102 | 10.0 |
Integer overflow in the ProcDbeGetVisualInfo function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption durin
|
11-10-2017 - 01:31 | 31-12-2006 - 05:00 | |
CVE-2006-6103 | 6.6 |
Integer overflow in the ProcDbeSwapBuffers function in the DBE extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption during
|
11-10-2017 - 01:31 | 31-12-2006 - 05:00 | |
CVE-2006-5467 | 5.0 |
The cgi.rb CGI library for Ruby 1.8 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an HTTP request with a multipart MIME body that contains an invalid boundary specifier, as demonstrated using a specifier
|
11-10-2017 - 01:31 | 27-10-2006 - 18:07 | |
CVE-2006-6303 | 5.0 |
The read_multipart function in cgi.rb in Ruby before 1.8.5-p2 does not properly detect boundaries in MIME multipart content, which allows remote attackers to cause a denial of service (infinite loop) via crafted HTTP requests, a different issue than
|
11-10-2017 - 01:31 | 06-12-2006 - 19:28 | |
CVE-2006-6101 | 6.6 |
Integer overflow in the ProcRenderAddGlyphs function in the Render extension for X.Org 6.8.2, 6.9.0, 7.0, and 7.1, and XFree86 X server, allows local users to execute arbitrary code via a crafted X protocol request that triggers memory corruption dur
|
11-10-2017 - 01:31 | 31-12-2006 - 05:00 | |
CVE-2006-6304 | 7.5 |
The do_coredump function in fs/exec.c in the Linux kernel 2.6.19 sets the flag variable to O_EXCL but does not use it, which allows context-dependent attackers to modify arbitrary files via a rewrite attack during a core dump.
|
11-10-2017 - 01:31 | 14-12-2006 - 20:28 | |
CVE-2006-5989 | 5.0 |
Off-by-one error in the der_get_oid function in mod_auth_kerb 5.0 allows remote attackers to cause a denial of service (crash) via a crafted Kerberos message that triggers a heap-based buffer overflow in the component array.
|
11-10-2017 - 01:31 | 20-11-2006 - 21:07 | |
CVE-2006-4790 | 5.0 |
verify.c in GnuTLS before 1.4.4, when using an RSA key with exponent 3, does not properly handle excess data in the digestAlgorithm.parameters field when generating a hash, which allows remote attackers to forge a PKCS #1 v1.5 signature that is signe
|
11-10-2017 - 01:31 | 14-09-2006 - 19:07 | |
CVE-2006-5297 | 1.2 |
Race condition in the safe_open function in the Mutt mail client 1.5.12 and earlier, when creating temporary files in an NFS filesystem, allows local users to overwrite arbitrary files due to limitations of the use of the O_EXCL flag on NFS filesyste
|
11-10-2017 - 01:31 | 16-10-2006 - 19:07 | |
CVE-2006-3463 | 7.8 |
The EstimateStripByteCounts function in TIFF library (libtiff) before 3.8.2 uses a 16-bit unsigned short when iterating over an unsigned 32-bit value, which allows context-dependent attackers to cause a denial of service via a large td_nstrips value,
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-3465 | 7.5 |
Unspecified vulnerability in the custom tag support for the TIFF library (libtiff) before 3.8.2 allows remote attackers to cause a denial of service (instability or crash) and execute arbitrary code via unknown vectors.
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-3462 | 7.5 |
Heap-based buffer overflow in the NeXT RLE decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors involving decoding large RLE images.
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-3460 | 7.5 |
Heap-based buffer overflow in the JPEG decoder in the TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an encoded JPEG stream that is longer than the scan line
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-4262 | 5.1 |
Multiple buffer overflows in cscope 15.5 and earlier allow user-assisted attackers to cause a denial of service (crash) and possibly execute arbitrary code via multiple vectors including (1) a long pathname that is not properly handled during file li
|
11-10-2017 - 01:31 | 23-08-2006 - 10:04 | |
CVE-2006-3461 | 7.5 |
Heap-based buffer overflow in the PixarLog decoder in the TIFF library (libtiff) before 3.8.2 might allow context-dependent attackers to execute arbitrary code via unknown vectors.
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-4146 | 5.1 |
Buffer overflow in the (1) DWARF (dwarfread.c) and (2) DWARF2 (dwarf2read.c) debugging code in GNU Debugger (GDB) 6.5 allows user-assisted attackers, or restricted users, to execute arbitrary code via a crafted file with a location block (DW_FORM_blo
|
11-10-2017 - 01:31 | 31-08-2006 - 22:04 | |
CVE-2006-3459 | 7.5 |
Multiple stack-based buffer overflows in the TIFF library (libtiff) before 3.8.2, as used in Adobe Reader 9.3.0 and other products, allow context-dependent attackers to execute arbitrary code or cause a denial of service via unspecified vectors, incl
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-3744 | 5.1 |
Multiple integer overflows in ImageMagick before 6.2.9 allows user-assisted attackers to execute arbitrary code via crafted Sun Rasterfile (bitmap) images that trigger heap-based buffer overflows.
|
11-10-2017 - 01:31 | 25-08-2006 - 01:04 | |
CVE-2006-4814 | 4.6 |
The mincore function in the Linux kernel before 2.4.33.6 does not properly lock access to user space, which has unspecified impact and attack vectors, possibly related to a deadlock.
|
11-10-2017 - 01:31 | 20-12-2006 - 02:28 | |
CVE-2006-3619 | 2.6 |
Directory traversal vulnerability in FastJar 0.93, as used in Gnu GCC 4.1.1 and earlier, and 3.4.6 and earlier, allows user-assisted attackers to overwrite arbitrary files via a .jar file containing filenames with "../" sequences.
|
11-10-2017 - 01:31 | 25-07-2006 - 19:17 | |
CVE-2006-3464 | 7.5 |
TIFF library (libtiff) before 3.8.2 allows context-dependent attackers to pass numeric range checks and possibly execute code, and trigger assert errors, via large offset values in a TIFF directory that lead to an integer overflow and other unspecifi
|
11-10-2017 - 01:31 | 03-08-2006 - 01:04 | |
CVE-2006-3743 | 5.1 |
Multiple buffer overflows in ImageMagick before 6.2.9 allow user-assisted attackers to execute arbitrary code via crafted XCF images.
|
11-10-2017 - 01:31 | 25-08-2006 - 01:04 | |
CVE-2007-1218 | 6.8 |
Off-by-one buffer overflow in the parse_elements function in the 802.11 printer code (print-802_11.c) for tcpdump 3.9.5 and earlier allows remote attackers to cause a denial of service (crash) via a crafted 802.11 frame. NOTE: this was originally re
|
11-10-2017 - 01:31 | 02-03-2007 - 21:18 | |
CVE-2007-1412 | 7.8 |
The cpdf_open function in the ClibPDF (cpdf) extension in PHP 4.4.6 allows context-dependent attackers to obtain sensitive information (script source code) via a long string in the second argument.
|
11-10-2017 - 01:31 | 12-03-2007 - 23:19 | |
CVE-2007-1584 | 6.8 |
Buffer underflow in the header function in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by passing an all-whitespace string to this function, which causes it to write '\0' characters in whitespace that precedes the string.
|
11-10-2017 - 01:31 | 21-03-2007 - 23:19 | |
CVE-2007-1716 | 3.4 |
pam_console does not properly restore ownership for certain console devices when there are multiple users logged into the console and one user logs out, which might allow local users to gain privileges.
|
11-10-2017 - 01:31 | 27-03-2007 - 22:19 | |
CVE-2007-1710 | 4.3 |
The readfile function in PHP 4.4.4, 5.1.6, and 5.2.1 allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files by referring to local files with a certain URL syntax instead of a pathname syntax, as demonstrated by a
|
11-10-2017 - 01:31 | 27-03-2007 - 01:19 | |
CVE-2007-1375 | 5.0 |
Integer overflow in the substr_compare function in PHP 5.2.1 and earlier allows context-dependent attackers to read sensitive memory via a large value in the length argument, a different vulnerability than CVE-2006-1991.
|
11-10-2017 - 01:31 | 10-03-2007 - 00:19 | |
CVE-2007-1564 | 6.8 |
The FTP protocol implementation in Konqueror 3.5.5 allows remote servers to force the client to connect to other servers, perform a proxied port scan, or obtain sensitive information by specifying an alternate server address in an FTP PASV response.
|
11-10-2017 - 01:31 | 21-03-2007 - 19:19 | |
CVE-2007-1413 | 7.5 |
Buffer overflow in the snmpget function in the snmp extension in PHP 5.2.3 and earlier, including PHP 4.4.6 and probably other PHP 4 versions, allows context-dependent attackers to execute arbitrary code via a long value in the third argument (object
|
11-10-2017 - 01:31 | 12-03-2007 - 23:19 | |
CVE-2007-0235 | 3.7 |
Stack-based buffer overflow in the glibtop_get_proc_map_s function in libgtop before 2.14.6 (libgtop2) allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a process with a long filename that is mapped in it
|
11-10-2017 - 01:31 | 16-01-2007 - 18:28 | |
CVE-2005-4881 | 4.9 |
The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vec
|
11-10-2017 - 01:30 | 19-10-2009 - 20:00 | |
CVE-2005-1705 | 7.2 |
gdb before 6.3 searches the current working directory to load the .gdbinit configuration file, which allows local users to execute arbitrary commands as the user running gdb.
|
11-10-2017 - 01:30 | 24-05-2005 - 04:00 | |
CVE-2005-2968 | 7.5 |
Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash.
|
11-10-2017 - 01:30 | 20-09-2005 - 22:03 | |
CVE-2005-0988 | 3.7 |
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip af
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-1038 | 2.1 |
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2006-1168 | 7.5 |
The decompress function in compress42.c in (1) ncompress 4.2.4 and (2) liblzw allows remote attackers to cause a denial of service (crash), and possibly execute arbitrary code, via crafted data that leads to a buffer underflow.
|
11-10-2017 - 01:30 | 14-08-2006 - 20:04 | |
CVE-2005-2475 | 1.2 |
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
|
11-10-2017 - 01:30 | 05-08-2005 - 04:00 | |
CVE-2005-1194 | 4.6 |
Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.
|
11-10-2017 - 01:30 | 04-05-2005 - 04:00 | |
CVE-2005-2693 | 4.6 |
cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.
|
11-10-2017 - 01:30 | 26-08-2005 - 15:50 | |
CVE-2005-2666 | 1.2 |
SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate
|
11-10-2017 - 01:30 | 23-08-2005 - 04:00 | |
CVE-2005-1228 | 5.0 |
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file.
|
11-10-2017 - 01:30 | 02-05-2005 - 04:00 | |
CVE-2005-0085 | 6.8 |
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
|
11-10-2017 - 01:29 | 27-04-2005 - 04:00 | |
CVE-2004-0967 | 7.2 |
The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in the ESP Ghostscript (espgs) package in Trustix Secure Linux 1.5 through 2.1, and other operating systems, allow local users to overwrite files via a symlink attack on temporary fi
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2004-0975 | 2.1 |
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2004-0914 | 10.0 |
Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in XFree86 and other packages, include (1) multiple integer overflows, (2) out-of-bounds memory accesses, (3) directory traversal, (4) shell metacharacter, (5) endless loops, and (6) m
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2003-0427 | 7.5 |
Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to execute arbitrary code via an archive file that contains a file with a long filename.
|
11-10-2017 - 01:29 | 24-07-2003 - 04:00 | |
CVE-2004-1392 | 5.0 |
PHP 4.0 with cURL functions allows remote attackers to bypass the open_basedir setting and read arbitrary files via a file: URL argument to the curl_init function.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2005-0469 | 7.5 |
Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0806 | 7.2 |
cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges.
|
11-10-2017 - 01:29 | 31-12-2004 - 05:00 | |
CVE-2005-0468 | 7.5 |
Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers m
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2004-0175 | 4.3 |
Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files. NOTE: this may be a rediscovery of CVE-2000-0992.
|
11-10-2017 - 01:29 | 18-08-2004 - 04:00 | |
CVE-2004-0976 | 2.1 |
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
|
11-10-2017 - 01:29 | 09-02-2005 - 05:00 | |
CVE-2004-1177 | 4.3 |
Cross-site scripting (XSS) vulnerability in the driver script in mailman before 2.1.5 allows remote attackers to inject arbitrary web script or HTML via a URL, which is not properly escaped in the resulting error page.
|
11-10-2017 - 01:29 | 10-01-2005 - 05:00 | |
CVE-2005-0256 | 5.0 |
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir com
|
11-10-2017 - 01:29 | 02-05-2005 - 04:00 | |
CVE-2002-0004 | 7.2 |
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
|
10-10-2017 - 01:30 | 27-02-2002 - 05:00 | |
CVE-2001-0187 | 10.0 |
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
|
10-10-2017 - 01:29 | 26-03-2001 - 05:00 | |
CVE-2009-1758 | 5.0 |
The hypervisor_callback function in Xen, possibly before 3.4.0, as applied to the Linux kernel 2.6.30-rc4, 2.6.18, and probably other versions allows guest user applications to cause a denial of service (kernel oops) of the guest OS by triggering a s
|
29-09-2017 - 01:34 | 22-05-2009 - 11:52 | |
CVE-2009-1883 | 4.4 |
The z90crypt_unlocked_ioctl function in the z90crypt driver in the Linux kernel 2.6.9 does not perform a capability check for the Z90QUIESCE operation, which allows local users to leverage euid 0 privileges to force a driver outage.
|
29-09-2017 - 01:34 | 18-09-2009 - 10:30 | |
CVE-2009-1232 | 4.3 |
Mozilla Firefox 3.0.8 and earlier 3.0.x versions allows remote attackers to cause a denial of service (memory corruption) via an XML document composed of a long series of start-tags with no corresponding end-tags. NOTE: it was later reported that 3.0
|
29-09-2017 - 01:34 | 02-04-2009 - 17:30 | |
CVE-2009-0692 | 10.0 |
Stack-based buffer overflow in the script_write_params method in client/dhclient.c in ISC DHCP dhclient 4.1 before 4.1.0p1, 4.0 before 4.0.1p1, 3.1 before 3.1.2p1, 3.0, and 2.0 allows remote DHCP servers to execute arbitrary code via a crafted subnet
|
29-09-2017 - 01:33 | 14-07-2009 - 20:30 | |
CVE-2009-0688 | 7.5 |
Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 might allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via strings that are used as input to the sasl_encode64 function in lib/sasl
|
29-09-2017 - 01:33 | 15-05-2009 - 15:30 | |
CVE-2009-0071 | 2.6 |
Mozilla Firefox 3.0.5 and earlier 3.0.x versions, when designMode is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a certain (a) replaceChild or (b) removeChild call, followed by a
|
29-09-2017 - 01:33 | 08-01-2009 - 19:30 | |
CVE-2009-0259 | 9.3 |
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as e
|
29-09-2017 - 01:33 | 22-01-2009 - 23:30 | |
CVE-2008-4514 | 5.0 |
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via a font tag with a long color value, which triggers an assertion error.
|
29-09-2017 - 01:32 | 09-10-2008 - 18:00 | |
CVE-2008-5712 | 5.0 |
The HTML parser in KDE Konqueror 3.5.9 allows remote attackers to cause a denial of service (application crash) via (1) a long COLOR attribute in an HR element; or a long (a) BGCOLOR or (b) BORDERCOLOR attribute in a (2) TABLE, (3) TD, or (4) TR elem
|
29-09-2017 - 01:32 | 24-12-2008 - 18:29 | |
CVE-2008-5698 | 4.3 |
HTMLTokenizer::scriptHandler in Konqueror in KDE 3.5.9 and 3.5.10 allows remote attackers to cause a denial of service (application crash) via an invalid document.load call that triggers use of a deleted object. NOTE: some of these details are obtai
|
29-09-2017 - 01:32 | 22-12-2008 - 15:30 | |
CVE-2008-5377 | 6.9 |
pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
|
29-09-2017 - 01:32 | 08-12-2008 - 23:30 | |
CVE-2008-3493 | 5.0 |
vncviewer.exe in RealVNC Windows Client 4.1.2.0 allows remote VNC servers to cause a denial of service (application crash) via a crafted frame buffer update packet.
|
29-09-2017 - 01:31 | 06-08-2008 - 18:41 | |
CVE-2008-2476 | 9.3 |
The IPv6 Neighbor Discovery Protocol (NDP) implementation in (1) FreeBSD 6.3 through 7.1, (2) OpenBSD 4.2 and 4.3, (3) NetBSD, (4) Force10 FTOS before E7.7.1.1, (5) Juniper JUNOS, and (6) Wind River VxWorks 5.x through 6.4 does not validate the origi
|
29-09-2017 - 01:31 | 03-10-2008 - 15:07 | |
CVE-2008-3234 | 6.5 |
sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ (colon slash) sequence, followed by the role name, to the username.
|
29-09-2017 - 01:31 | 18-07-2008 - 16:41 | |
CVE-2008-2358 | 7.2 |
Integer overflow in the dccp_feat_change function in net/dccp/feat.c in the Datagram Congestion Control Protocol (DCCP) subsystem in the Linux kernel 2.6.18, and 2.6.17 through 2.6.20, allows local users to gain privileges via an invalid feature leng
|
29-09-2017 - 01:31 | 10-06-2008 - 00:32 | |
CVE-2008-1514 | 4.9 |
arch/s390/kernel/ptrace.c in Linux kernel 2.6.9, and other versions before 2.6.27-rc6, on s390 platforms allows local users to cause a denial of service (kernel panic) via the user-area-padding test from the ptrace testsuite in 31-bit mode, which tri
|
29-09-2017 - 01:30 | 26-03-2008 - 00:44 | |
CVE-2008-1802 | 9.3 |
Buffer overflow in the process_redirect_pdu (rdp.c) function in rdesktop 1.5.0 allows remote attackers to execute arbitrary code via a Remote Desktop Protocol (RDP) redirect request with modified length fields.
|
29-09-2017 - 01:30 | 12-05-2008 - 16:20 | |
CVE-2008-1668 | 10.0 |
ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remot
|
29-09-2017 - 01:30 | 13-08-2008 - 18:41 | |
CVE-2008-0352 | 7.8 |
The Linux kernel 2.6.20 through 2.6.21.1 allows remote attackers to cause a denial of service (panic) via a certain IPv6 packet, possibly involving the Jumbo Payload hop-by-hop option (jumbogram).
|
29-09-2017 - 01:30 | 18-01-2008 - 00:00 | |
CVE-2008-0053 | 10.0 |
Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
|
29-09-2017 - 01:30 | 18-03-2008 - 23:44 | |
CVE-2007-5081 | 9.3 |
Heap-based buffer overflow in RealNetworks RealPlayer 8, 10, 10.1, and possibly 10.5; RealOne Player 1 and 2; and RealPlayer Enterprise allows remote attackers to execute arbitrary code via a crafted RM file.
|
29-09-2017 - 01:29 | 31-10-2007 - 17:46 | |
CVE-2007-5653 | 9.3 |
The Component Object Model (COM) functions in PHP 5.x on Windows do not follow safe_mode and disable_functions restrictions, which allows context-dependent attackers to bypass intended limitations, as demonstrated by executing objects with the kill b
|
29-09-2017 - 01:29 | 23-10-2007 - 21:47 | |
CVE-2007-4730 | 4.3 |
Buffer overflow in the compNewPixmap function in compalloc.c in the Composite extension for the X.org X11 server before 1.4 allows local users to execute arbitrary code by copying data from a large pixel depth pixmap into a smaller pixel depth pixmap
|
29-09-2017 - 01:29 | 11-09-2007 - 19:17 | |
CVE-2007-5137 | 6.8 |
Buffer overflow in the ReadImage function in generic/tkImgGIF.c in Tcl (Tcl/Tk) 8.4.13 through 8.4.15 allows remote attackers to execute arbitrary code via multi-frame interlaced GIF files in which later frames are smaller than the first. NOTE: this
|
29-09-2017 - 01:29 | 28-09-2007 - 21:17 | |
CVE-2007-4584 | 10.0 |
Stack-based buffer overflow in BitchX 1.1 Final allows remote IRC servers to execute arbitrary code via a long string in a MODE command, related to the p_mode variable.
|
29-09-2017 - 01:29 | 29-08-2007 - 01:17 | |
CVE-2007-5901 | 6.9 |
Use-after-free vulnerability in the gss_indicate_mechs function in lib/gssapi/mechglue/g_initialize.c in MIT Kerberos 5 (krb5) has unknown impact and attack vectors. NOTE: this might be the result of a typo in the source code. Information from Apple
|
29-09-2017 - 01:29 | 06-12-2007 - 02:46 | |
CVE-2007-5237 | 7.1 |
Java Web Start in Sun JDK and JRE 6 Update 2 and earlier does not properly enforce access restrictions for untrusted applications, which allows user-assisted remote attackers to read and modify local files via an untrusted application, aka "two vulne
|
29-09-2017 - 01:29 | 06-10-2007 - 00:17 | |
CVE-2007-3806 | 6.8 |
The glob function in PHP 5.2.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via an invalid value of the flags parameter, probably related to memory corruption or an invalid read on win32 platform
|
29-09-2017 - 01:29 | 17-07-2007 - 00:30 | |
CVE-2007-3843 | 4.3 |
The Linux kernel before 2.6.23-rc1 checks the wrong global variable for the CIFS sec mount option, which might allow remote attackers to spoof CIFS network traffic that the client configured for security signatures, as demonstrated by lack of signing
|
29-09-2017 - 01:29 | 09-08-2007 - 21:17 | |
CVE-2007-4211 | 6.0 |
The ACL plugin in Dovecot before 1.0.3 allows remote authenticated users with the insert right to save certain flags via a (1) COPY or (2) APPEND command.
|
29-09-2017 - 01:29 | 08-08-2007 - 02:17 | |
CVE-2007-3739 | 4.7 |
mm/mmap.c in the hugetlb kernel, when run on PowerPC systems, does not prevent stack expansion from entering into reserved kernel page memory, which allows local users to cause a denial of service (OOPS) via unspecified vectors.
|
29-09-2017 - 01:29 | 14-09-2007 - 01:17 | |
CVE-2007-4133 | 4.7 |
The (1) hugetlb_vmtruncate_list and (2) hugetlb_vmtruncate functions in fs/hugetlbfs/inode.c in the Linux kernel before 2.6.19-rc4 perform certain prio_tree calculations using HPAGE_SIZE instead of PAGE_SIZE units, which allows local users to cause a
|
29-09-2017 - 01:29 | 04-10-2007 - 23:17 | |
CVE-2007-4507 | 6.8 |
Multiple buffer overflows in the php_ntuser component for PHP 5.2.3 allow context-dependent attackers to cause a denial of service or execute arbitrary code via long arguments to the (1) ntuser_getuserlist, (2) ntuser_getuserinfo, (3) ntuser_getuserg
|
29-09-2017 - 01:29 | 23-08-2007 - 19:17 | |
CVE-2007-3919 | 6.0 |
(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.
|
29-09-2017 - 01:29 | 28-10-2007 - 17:08 | |
CVE-2007-3790 | 5.8 |
The com_print_typeinfo function in the bz2 extension in PHP 5.2.3 allows context-dependent attackers to cause a denial of service via a long argument.
|
29-09-2017 - 01:29 | 15-07-2007 - 23:30 | |
CVE-2007-3920 | 6.2 |
GNOME screensaver 2.20 in Ubuntu 7.10, when used with Compiz, does not properly reserve input focus, which allows attackers with physical access to take control of the session after entering an Alt-Tab sequence, a related issue to CVE-2007-3069.
|
29-09-2017 - 01:29 | 29-10-2007 - 21:46 | |
CVE-2007-3513 | 4.9 |
The lcd_write function in drivers/usb/misc/usblcd.c in the Linux kernel before 2.6.22-rc7 does not limit the amount of memory used by a caller, which allows local users to cause a denial of service (memory consumption).
|
29-09-2017 - 01:29 | 03-07-2007 - 10:30 | |
CVE-2007-3740 | 4.4 |
The CIFS filesystem in the Linux kernel before 2.6.22, when Unix extension support is enabled, does not honor the umask of a process, which allows local users to gain privileges.
|
29-09-2017 - 01:29 | 14-09-2007 - 01:17 | |
CVE-2010-1188 | 7.1 |
Use-after-free vulnerability in net/ipv4/tcp_input.c in the Linux kernel 2.6 before 2.6.20, when IPV6_RECVPKTINFO is set on a listening socket, allows remote attackers to cause a denial of service (kernel panic) via a SYN packet while the socket is i
|
19-09-2017 - 01:30 | 31-03-2010 - 18:00 | |
CVE-2010-0729 | 6.9 |
A certain Red Hat patch for the Linux kernel in Red Hat Enterprise Linux (RHEL) 4 on the ia64 platform allows local users to use ptrace on an arbitrary process, and consequently gain privileges, via vectors related to a missing ptrace_check_attach ca
|
19-09-2017 - 01:30 | 16-03-2010 - 19:30 | |
CVE-2010-0423 | 5.0 |
gtkimhtml.c in Pidgin before 2.6.6 allows remote attackers to cause a denial of service (CPU consumption and application hang) by sending many smileys in a (1) IM or (2) chat.
|
19-09-2017 - 01:30 | 24-02-2010 - 18:30 | |
CVE-2010-0308 | 4.0 |
lib/rfc1035.c in Squid 2.x, 3.0 through 3.0.STABLE22, and 3.1 through 3.1.0.15 allows remote attackers to cause a denial of service (assertion failure) via a crafted DNS packet that only contains a header.
|
19-09-2017 - 01:30 | 03-02-2010 - 18:30 | |
CVE-2010-0277 | 5.0 |
slp.c in the MSN protocol plugin in libpurple in Pidgin before 2.6.6, including 2.6.4, and Adium 1.3.8 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly have unspecified other impact via a malf
|
19-09-2017 - 01:30 | 09-01-2010 - 18:30 | |
CVE-2009-4565 | 7.5 |
sendmail before 8.14.4 does not properly handle a '\0' character in a Common Name (CN) field of an X.509 certificate, which (1) allows man-in-the-middle attackers to spoof arbitrary SSL-based SMTP servers via a crafted server certificate issued by a
|
19-09-2017 - 01:29 | 04-01-2010 - 21:30 | |
CVE-2009-3829 | 9.3 |
Integer overflow in wiretap/erf.c in Wireshark before 1.2.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted erf file, related to an "unsigned integer wrap vulnerability."
|
19-09-2017 - 01:29 | 30-10-2009 - 20:30 | |
CVE-2009-3290 | 7.2 |
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to
|
19-09-2017 - 01:29 | 22-09-2009 - 10:30 | |
CVE-2009-3084 | 5.0 |
The msn_slp_process_msg function in libpurple/protocols/msn/slpcall.c in the MSN protocol plugin in libpurple 2.6.0 and 2.6.1, as used in Pidgin before 2.6.2, allows remote attackers to cause a denial of service (application crash) via a handwritten
|
19-09-2017 - 01:29 | 08-09-2009 - 18:30 | |
CVE-2009-3241 | 7.8 |
Unspecified vulnerability in the OpcUa (OPC UA) dissector in Wireshark 0.99.6 through 1.0.8 and 1.2.0 through 1.2.1 allows remote attackers to cause a denial of service (memory and CPU consumption) via malformed OPCUA Service CallRequest packets.
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-2563 | 7.1 |
Unspecified vulnerability in the Infiniband dissector in Wireshark 1.0.6 through 1.2.0, when running on unspecified platforms, allows remote attackers to cause a denial of service (crash) via unknown vectors.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-2849 | 4.7 |
The md driver (drivers/md/md.c) in the Linux kernel before 2.6.30.2 might allow local users to cause a denial of service (NULL pointer dereference) via vectors related to "suspend_* sysfs attributes" and the (1) suspend_lo_store or (2) suspend_hi_sto
|
19-09-2017 - 01:29 | 18-08-2009 - 21:00 | |
CVE-2009-2473 | 4.3 |
neon before 0.28.6, when expat is used, does not properly detect recursion during entity expansion, which allows context-dependent attackers to cause a denial of service (memory and CPU consumption) via a crafted XML document containing a large numbe
|
19-09-2017 - 01:29 | 21-08-2009 - 17:30 | |
CVE-2009-3025 | 4.3 |
Unspecified vulnerability in Pidgin 2.6.0 allows remote attackers to cause a denial of service (crash) via a link in a Yahoo IM.
|
19-09-2017 - 01:29 | 31-08-2009 - 20:30 | |
CVE-2009-2560 | 5.0 |
Multiple unspecified vulnerabilities in Wireshark 1.2.0 allow remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace and is processed by the (1) Bluetooth L2CAP, (2) RADIUS, or (3) MIOP diss
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-3026 | 5.0 |
protocols/jabber/auth.c in libpurple in Pidgin 2.6.0, and possibly other versions, does not follow the "require TLS/SSL" preference when connecting to older Jabber servers that do not follow the XMPP specification, which causes libpurple to connect t
|
19-09-2017 - 01:29 | 31-08-2009 - 20:30 | |
CVE-2009-3245 | 10.0 |
OpenSSL before 0.9.8m does not check for a NULL return value from bn_wexpand function calls in (1) crypto/bn/bn_div.c, (2) crypto/bn/bn_gf2m.c, (3) crypto/ec/ec2_smpl.c, and (4) engines/e_ubsec.c, which has unspecified impact and context-dependent at
|
19-09-2017 - 01:29 | 05-03-2010 - 19:30 | |
CVE-2009-2562 | 5.0 |
Unspecified vulnerability in the AFS dissector in Wireshark 0.9.2 through 1.2.0 allows remote attackers to cause a denial of service (crash) via unknown vectors.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-4307 | 7.1 |
The ext4_fill_flex_info function in fs/ext4/super.c in the Linux kernel before 2.6.32-git6 allows user-assisted remote attackers to cause a denial of service (divide-by-zero error and panic) via a malformed ext4 filesystem containing a super block wi
|
19-09-2017 - 01:29 | 13-12-2009 - 01:30 | |
CVE-2009-4271 | 4.7 |
The Linux kernel 2.6.9 through 2.6.17 on the x86_64 and amd64 platforms allows local users to cause a denial of service (panic) via a 32-bit application that calls mprotect on its Virtual Dynamic Shared Object (VDSO) page and then triggers a segmenta
|
19-09-2017 - 01:29 | 19-03-2010 - 19:30 | |
CVE-2009-3242 | 5.0 |
Unspecified vulnerability in packet.c in the GSM A RR dissector in Wireshark 1.2.0 and 1.2.1 allows remote attackers to cause a denial of service (application crash) via unknown vectors related to "an uninitialized dissector handle," which triggers a
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-2855 | 5.0 |
The strListGetItem function in src/HttpHeaderTools.c in Squid 2.7 allows remote attackers to cause a denial of service via a crafted auth header with certain comma delimiters that trigger an infinite loop of calls to the strcspn function.
|
19-09-2017 - 01:29 | 18-08-2009 - 21:00 | |
CVE-2009-3549 | 5.0 |
packet-paltalk.c in the Paltalk dissector in Wireshark 1.2.0 through 1.2.2, on SPARC and certain other platforms, allows remote attackers to cause a denial of service (application crash) via a file that records a malformed packet trace.
|
19-09-2017 - 01:29 | 30-10-2009 - 20:30 | |
CVE-2009-3286 | 4.6 |
NFSv4 in the Linux kernel 2.6.18, and possibly other versions, does not properly clean up an inode when an O_EXCL create fails, which causes files to be created with insecure settings such as setuid bits, and possibly allows local users to gain privi
|
19-09-2017 - 01:29 | 22-09-2009 - 10:30 | |
CVE-2009-3243 | 5.0 |
Unspecified vulnerability in the TLS dissector in Wireshark 1.2.0 and 1.2.1, when running on Windows, allows remote attackers to cause a denial of service (application crash) via unknown vectors related to TLS 1.2 conversations.
|
19-09-2017 - 01:29 | 18-09-2009 - 10:30 | |
CVE-2009-2559 | 5.0 |
Buffer overflow in the IPMI dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (crash) via unspecified vectors related to an array index error. NOTE: some of these details are obtained from third party information.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2009-4005 | 7.2 |
The collect_rx_frame function in drivers/isdn/hisax/hfc_usb.c in the Linux kernel before 2.6.32-rc7 allows attackers to have an unspecified impact via a crafted HDLC packet that arrives over ISDN and triggers a buffer under-read.
|
19-09-2017 - 01:29 | 20-11-2009 - 02:30 | |
CVE-2009-3389 | 9.3 |
Integer overflow in libtheora in Xiph.Org Theora before 1.1, as used in Mozilla Firefox 3.5 before 3.5.6 and SeaMonkey before 2.0.1, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a vid
|
19-09-2017 - 01:29 | 17-12-2009 - 17:30 | |
CVE-2009-2561 | 5.0 |
Unspecified vulnerability in the sFlow dissector in Wireshark 1.2.0 allows remote attackers to cause a denial of service (CPU and memory consumption) via unspecified vectors.
|
19-09-2017 - 01:29 | 21-07-2009 - 17:30 | |
CVE-2010-1104 | 4.3 |
Cross-site scripting (XSS) vulnerability in Zope 2.8.x before 2.8.12, 2.9.x before 2.9.12, 2.10.x before 2.10.11, 2.11.x before 2.11.6, and 2.12.x before 2.12.3 allows remote attackers to inject arbitrary web script or HTML via vectors related to err
|
17-08-2017 - 01:32 | 25-03-2010 - 17:30 | |
CVE-2010-0789 | 3.3 |
fusermount in FUSE before 2.7.5, and 2.8.x before 2.8.2, allows local users to unmount an arbitrary FUSE filesystem share via a symlink attack on a mountpoint.
|
17-08-2017 - 01:32 | 02-03-2010 - 18:30 | |
CVE-2010-0825 | 4.4 |
lib-src/movemail.c in movemail in emacs 22 and 23 allows local users to read, modify, or delete arbitrary mailbox files via a symlink attack, related to improper file-permission checks.
|
17-08-2017 - 01:32 | 05-04-2010 - 15:30 | |
CVE-2010-0928 | 4.0 |
OpenSSL 0.9.8i on the Gaisler Research LEON3 SoC on the Xilinx Virtex-II Pro FPGA uses a Fixed Width Exponentiation (FWE) algorithm for certain signature calculations, and does not verify the signature before providing it to a caller, which makes it
|
17-08-2017 - 01:32 | 05-03-2010 - 19:30 | |
CVE-2010-0787 | 4.4 |
client/mount.cifs.c in mount.cifs in smbfs in Samba 3.0.22, 3.0.28a, 3.2.3, 3.3.2, 3.4.0, and 3.4.5 allows local users to mount a CIFS share on an arbitrary mountpoint, and gain privileges, via a symlink attack on the mountpoint directory file.
|
17-08-2017 - 01:32 | 02-03-2010 - 18:30 | |
CVE-2009-4411 | 3.7 |
The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or
|
17-08-2017 - 01:31 | 24-12-2009 - 16:30 | |
CVE-2009-3938 | 6.8 |
Buffer overflow in the ABWOutputDev::endWord function in poppler/ABWOutputDev.cc in Poppler (aka libpoppler) 0.10.6, 0.12.0, and possibly other versions, as used by the Abiword pdftoabw utility, allows user-assisted remote attackers to cause a denial
|
17-08-2017 - 01:31 | 13-11-2009 - 16:30 | |
CVE-2009-4227 | 6.8 |
Stack-based buffer overflow in the read_1_3_textobject function in f_readold.c in Xfig 3.2.5b and earlier, and in the read_textobject function in read1_3.c in fig2dev in Transfig 3.2.5a and earlier, allows remote attackers to execute arbitrary code v
|
17-08-2017 - 01:31 | 08-12-2009 - 18:30 | |
CVE-2009-3627 | 4.3 |
The decode_entities function in util.c in HTML-Parser before 3.63 allows context-dependent attackers to cause a denial of service (infinite loop) via an incomplete SGML numeric character reference, which triggers generation of an invalid UTF-8 charac
|
17-08-2017 - 01:31 | 29-10-2009 - 14:30 | |
CVE-2009-4235 | 6.9 |
acpid 1.0.4 sets an unrestrictive umask, which might allow local users to leverage weak permissions on /var/log/acpid, and obtain sensitive information by reading this file or cause a denial of service by overwriting this file, a different vulnerabil
|
17-08-2017 - 01:31 | 08-12-2009 - 19:30 | |
CVE-2009-3626 | 5.0 |
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
|
17-08-2017 - 01:31 | 29-10-2009 - 14:30 | |
CVE-2009-2846 | 7.8 |
The eisa_eeprom_read function in the parisc isa-eeprom component (drivers/parisc/eisa_eeprom.c) in the Linux kernel before 2.6.31-rc6 allows local users to access restricted memory via a negative ppos argument, which bypasses a check that assumes tha
|
17-08-2017 - 01:30 | 18-08-2009 - 21:00 | |
CVE-2009-1572 | 5.0 |
The BGP daemon (bgpd) in Quagga 0.99.11 and earlier allows remote attackers to cause a denial of service (crash) via an AS path containing ASN elements whose string representation is longer than expected, which triggers an assert error.
|
17-08-2017 - 01:30 | 06-05-2009 - 17:30 | |
CVE-2009-1892 | 5.0 |
dhcpd in ISC DHCP 3.0.4 and 3.1.1, when the dhcp-client-identifier and hardware ethernet configuration settings are both used, allows remote attackers to cause a denial of service (daemon crash) via unspecified requests.
|
17-08-2017 - 01:30 | 17-07-2009 - 16:30 | |
CVE-2009-2767 | 7.2 |
The init_posix_timers function in kernel/posix-timers.c in the Linux kernel before 2.6.31-rc6 allows local users to cause a denial of service (OOPS) or possibly gain privileges via a CLOCK_MONOTONIC_RAW clock_nanosleep call that triggers a NULL point
|
17-08-2017 - 01:30 | 14-08-2009 - 15:16 | |
CVE-2009-1885 | 4.3 |
Stack consumption vulnerability in validators/DTD/DTDScanner.cpp in Apache Xerces C++ 2.7.0 and 2.8.0 allows context-dependent attackers to cause a denial of service (application crash) via vectors involving nested parentheses and invalid byte values
|
17-08-2017 - 01:30 | 11-08-2009 - 18:30 | |
CVE-2009-1886 | 9.3 |
Multiple format string vulnerabilities in client/client.c in smbclient in Samba 3.2.0 through 3.2.12 might allow context-dependent attackers to execute arbitrary code via format string specifiers in a filename.
|
17-08-2017 - 01:30 | 25-06-2009 - 01:30 | |
CVE-2009-2691 | 2.1 |
The mm_for_maps function in fs/proc/base.c in the Linux kernel 2.6.30.4 and earlier allows local users to read (1) maps and (2) smaps files under proc/ via vectors related to ELF loading, a setuid process, and a race condition.
|
17-08-2017 - 01:30 | 14-08-2009 - 15:16 | |
CVE-2009-2688 | 10.0 |
Multiple integer overflows in glyphs-eimage.c in XEmacs 21.4.22, when running on Windows, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) the tiff_instantiate function processing a crafted TIFF file, (2)
|
17-08-2017 - 01:30 | 05-08-2009 - 19:30 | |
CVE-2009-2042 | 4.3 |
libpng before 1.2.37 does not properly parse 1-bit interlaced images with width values that are not divisible by 8, which causes libpng to include uninitialized bits in certain rows of a PNG file and might allow remote attackers to read portions of s
|
17-08-2017 - 01:30 | 12-06-2009 - 20:30 | |
CVE-2009-1914 | 4.9 |
The pci_register_iommu_region function in arch/sparc/kernel/pci_common.c in the Linux kernel before 2.6.29 on the sparc64 platform allows local users to cause a denial of service (system crash) by reading the /proc/iomem file, related to uninitialize
|
17-08-2017 - 01:30 | 04-06-2009 - 16:30 | |
CVE-2009-1490 | 5.0 |
Heap-based buffer overflow in Sendmail before 8.13.2 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a long X- header, as demonstrated by an X-Testing header.
|
17-08-2017 - 01:30 | 05-05-2009 - 19:30 | |
CVE-2009-1438 | 7.5 |
Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) in libmodplug before 0.8.6, as used in gstreamer-plugins, TTPlayer, and other products, allows context-dependent attackers to execute arbitrary code via a MED file with a crafted
|
17-08-2017 - 01:30 | 27-04-2009 - 18:00 | |
CVE-2009-1390 | 6.8 |
Mutt 1.5.19, when linked against (1) OpenSSL (mutt_ssl.c) or (2) GnuTLS (mutt_ssl_gnutls.c), allows connections when only one TLS certificate in the chain is accepted instead of verifying the entire chain, which allows remote attackers to spoof trust
|
17-08-2017 - 01:30 | 16-06-2009 - 21:00 | |
CVE-2009-1215 | 1.9 |
Race condition in GNU screen 4.0.3 allows local users to create or overwrite arbitrary files via a symlink attack on the /tmp/screen-exchange temporary file.
|
17-08-2017 - 01:30 | 01-04-2009 - 10:30 | |
CVE-2009-1417 | 5.0 |
gnutls-cli in GnuTLS before 2.6.6 does not verify the activation and expiration times of X.509 certificates, which allows remote attackers to successfully present a certificate that is (1) not yet valid or (2) no longer valid, related to lack of time
|
17-08-2017 - 01:30 | 30-04-2009 - 20:30 | |
CVE-2009-1214 | 4.9 |
GNU screen 4.0.3 creates the /tmp/screen-exchange temporary file with world-readable permissions, which might allow local users to obtain sensitive session information.
|
17-08-2017 - 01:30 | 01-04-2009 - 10:30 | |
CVE-2009-0789 | 5.0 |
OpenSSL before 0.9.8k on WIN64 and certain other platforms does not properly handle a malformed ASN.1 structure, which allows remote attackers to cause a denial of service (invalid memory access and application crash) by placing this structure in the
|
17-08-2017 - 01:30 | 27-03-2009 - 16:30 | |
CVE-2009-0859 | 4.7 |
The shm_get_stat function in ipc/shm.c in the shm subsystem in the Linux kernel before 2.6.28.5, when CONFIG_SHMEM is disabled, misinterprets the data type of an inode, which allows local users to cause a denial of service (system hang) via an SHM_IN
|
17-08-2017 - 01:30 | 09-03-2009 - 21:30 | |
CVE-2009-1296 | 1.9 |
The eCryptfs support utilities (ecryptfs-utils) 73-0ubuntu6.1 on Ubuntu 9.04 stores the mount passphrase in installation logs, which might allow local users to obtain access to the filesystem by reading the log files from disk. NOTE: the log files a
|
17-08-2017 - 01:30 | 09-06-2009 - 20:30 | |
CVE-2008-7159 | 5.8 |
The silc_asn1_encoder function in lib/silcasn1/silcasn1_encode.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.8 allows remote attackers to overwrite a stack location and possibly execute arbitrary code via a crafted OID value, relat
|
17-08-2017 - 01:29 | 10-09-2009 - 21:30 | |
CVE-2008-6560 | 7.8 |
Buffer overflow in CMAN - The Cluster Manager before 2.03.09-1 on Fedora 9 and Red Hat Enterprise Linux (RHEL) 5 allows attackers to cause a denial of service (CPU consumption and memory corruption) via a cluster.conf file with many lines. NOTE: it
|
17-08-2017 - 01:29 | 31-03-2009 - 14:09 | |
CVE-2009-0591 | 2.6 |
The CMS_verify function in OpenSSL 0.9.8h through 0.9.8j, when CMS is enabled, does not properly handle errors associated with malformed signed attributes, which allows remote attackers to repudiate a signature that originally appeared to be valid bu
|
17-08-2017 - 01:29 | 27-03-2009 - 16:30 | |
CVE-2008-5514 | 4.3 |
Off-by-one error in the rfc822_output_char function in the RFC822BUFFER routines in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit before imap-2007e and other applications, allows context-dependent attackers to cau
|
08-08-2017 - 01:33 | 23-12-2008 - 18:30 | |
CVE-2008-5716 | 7.2 |
xend in Xen 3.3.0 does not properly restrict a guest VM's write access within the /local/domain xenstore directory tree, which allows guest OS users to cause a denial of service and possibly have unspecified other impact by writing to (1) console/tty
|
08-08-2017 - 01:33 | 24-12-2008 - 18:29 | |
CVE-2008-5822 | 5.0 |
Memory leak in Libxul, as used in Mozilla Firefox 3.0.5 and other products, allows remote attackers to cause a denial of service (memory consumption and browser hang) via a long CLASS attribute in an HR element in an HTML document.
|
08-08-2017 - 01:33 | 02-01-2009 - 19:30 | |
CVE-2008-5033 | 7.8 |
The chip_command function in drivers/media/video/tvaudio.c in the Linux kernel 2.6.25.x before 2.6.25.19, 2.6.26.x before 2.6.26.7, and 2.6.27.x before 2.6.27.3 allows attackers to cause a denial of service (NULL function pointer dereference and OOPS
|
08-08-2017 - 01:33 | 10-11-2008 - 16:15 | |
CVE-2008-5714 | 7.8 |
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
|
08-08-2017 - 01:33 | 24-12-2008 - 18:29 | |
CVE-2008-5617 | 8.5 |
The ACL handling in rsyslog 3.12.1 to 3.20.0, 4.1.0, and 4.1.1 does not follow $AllowedSender directive, which allows remote attackers to bypass intended access restrictions and spoof log messages or create a large number of spurious messages.
|
08-08-2017 - 01:33 | 17-12-2008 - 02:30 | |
CVE-2008-4937 | 2.6 |
senddoc in OpenOffice.org (OOo) 2.4.1 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/log.obr.##### temporary file.
|
08-08-2017 - 01:33 | 05-11-2008 - 15:00 | |
CVE-2008-5301 | 6.4 |
Directory traversal vulnerability in the ManageSieve implementation in Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and modify arbitrary .sieve files via a ".." (dot dot) in a script name.
|
08-08-2017 - 01:33 | 01-12-2008 - 17:30 | |
CVE-2008-4936 | 6.9 |
faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/faxsp.##### temporary file.
|
08-08-2017 - 01:33 | 05-11-2008 - 15:00 | |
CVE-2008-6107 | 4.9 |
The (1) sys32_mremap function in arch/sparc64/kernel/sys_sparc32.c, the (2) sparc_mmap_check function in arch/sparc/kernel/sys_sparc.c, and the (3) sparc64_mmap_check function in arch/sparc64/kernel/sys_sparc.c, in the Linux kernel before 2.6.25.4, o
|
08-08-2017 - 01:33 | 10-02-2009 - 22:00 | |
CVE-2008-5006 | 5.0 |
smtp.c in the c-client library in University of Washington IMAP Toolkit 2007b allows remote SMTP servers to cause a denial of service (NULL pointer dereference and application crash) by responding to the QUIT command with a close of the TCP connectio
|
08-08-2017 - 01:33 | 10-11-2008 - 14:12 | |
CVE-2009-0032 | 6.9 |
CUPS on Mandriva Linux 2008.0, 2008.1, 2009.0, Corporate Server (CS) 3.0 and 4.0, and Multi Network Firewall (MNF) 2.0 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pdf.log temporary file.
|
08-08-2017 - 01:33 | 27-01-2009 - 20:30 | |
CVE-2008-4410 | 4.9 |
The vmi_write_ldt_entry function in arch/x86/kernel/vmi_32.c in the Virtual Machine Interface (VMI) in the Linux kernel 2.6.26.5 invokes write_idt_entry where write_ldt_entry was intended, which allows local users to cause a denial of service (persis
|
08-08-2017 - 01:32 | 03-10-2008 - 17:41 | |
CVE-2008-4677 | 4.3 |
autoload/netrw.vim (aka the Netrw Plugin) 109, 131, and other versions before 133k for Vim 7.1.266, other 7.1 versions, and 7.2 stores credentials for an FTP session, and sends those credentials when attempting to establish subsequent FTP sessions to
|
08-08-2017 - 01:32 | 22-10-2008 - 18:00 | |
CVE-2008-4163 | 7.8 |
Unspecified vulnerability in ISC BIND 9.3.5-P2-W1, 9.4.2-P2-W1, and 9.5.0-P2-W1 on Windows allows remote attackers to cause a denial of service (UDP client handler termination) via unknown vectors.
|
08-08-2017 - 01:32 | 22-09-2008 - 18:52 | |
CVE-2008-4409 | 5.0 |
libxml2 2.7.0 and 2.7.1 does not properly handle "predefined entities definitions" in entities, which allows context-dependent attackers to cause a denial of service (memory consumption and application crash), as demonstrated by use of xmllint on a c
|
08-08-2017 - 01:32 | 03-10-2008 - 17:41 | |
CVE-2008-3911 | 7.2 |
The proc_do_xprt function in net/sunrpc/sysctl.c in the Linux kernel 2.6.26.3 does not check the length of a certain buffer obtained from userspace, which allows local users to overflow a stack-based buffer and have unspecified other impact via a cra
|
08-08-2017 - 01:32 | 04-09-2008 - 17:41 | |
CVE-2008-4108 | 7.2 |
Tools/faqwiz/move-faqwiz.sh (aka the generic FAQ wizard moving tool) in Python 2.4.5 might allow local users to overwrite arbitrary files via a symlink attack on a tmp$RANDOM.tmp temporary file. NOTE: there may not be common usage scenarios in which
|
08-08-2017 - 01:32 | 18-09-2008 - 17:59 | |
CVE-2008-4191 | 6.6 |
extract-table.pl in Emacspeak 26 and 28 allows local users to overwrite arbitrary files via a symlink attack on the extract-table.csv temporary file.
|
08-08-2017 - 01:32 | 24-09-2008 - 11:42 | |
CVE-2008-4395 | 8.3 |
Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.
|
08-08-2017 - 01:32 | 06-11-2008 - 15:55 | |
CVE-2008-3915 | 9.3 |
Buffer overflow in nfsd in the Linux kernel before 2.6.26.4, when NFSv4 is enabled, allows remote attackers to have an unknown impact via vectors related to decoding an NFSv4 acl.
|
08-08-2017 - 01:32 | 11-09-2008 - 01:13 | |
CVE-2008-4907 | 4.3 |
The message parsing feature in Dovecot 1.1.4 and 1.1.5, when using the FETCH ENVELOPE command in the IMAP client, allows remote attackers to cause a denial of service (persistent crash) via an email with a malformed From address, which triggers an as
|
08-08-2017 - 01:32 | 04-11-2008 - 00:58 | |
CVE-2008-4482 | 7.8 |
The XML parser in Xerces-C++ before 3.0.0 allows context-dependent attackers to cause a denial of service (stack consumption and crash) via an XML schema definition with a large maxOccurs value, which triggers excessive memory consumption during vali
|
08-08-2017 - 01:32 | 08-10-2008 - 02:00 | |
CVE-2008-4799 | 4.3 |
pamperspective in Netpbm before 10.35.48 does not properly calculate a window height, which allows context-dependent attackers to cause a denial of service (crash) via a crafted image file that triggers an out-of-bounds read.
|
08-08-2017 - 01:32 | 31-10-2008 - 00:00 | |
CVE-2008-4212 | 10.0 |
Unspecified vulnerability in rlogind in the rlogin component in Mac OS X 10.4.11 and 10.5.5 applies hosts.equiv entries to root despite what is stated in documentation, which might allow remote attackers to bypass intended access restrictions.
|
08-08-2017 - 01:32 | 10-10-2008 - 10:30 | |
CVE-2008-3746 | 4.3 |
neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of service (NULL pointer dereference and crash) via vectors related to Digest authentication, Digest domain parameter support, and the parse_domain function. Per: http://cwe.mitre.org
|
08-08-2017 - 01:32 | 27-08-2008 - 15:21 | |
CVE-2008-3949 | 7.2 |
emacs/lisp/progmodes/python.el in Emacs 22.1 and 22.2 imports Python script from the current working directory during editing of a Python file, which allows local users to execute arbitrary code via a Trojan horse Python file.
|
08-08-2017 - 01:32 | 22-09-2008 - 18:52 | |
CVE-2008-4192 | 6.9 |
The pserver_shutdown function in fence_egenera in cman 2.20080629 and 2.20080801 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/eglog temporary file.
|
08-08-2017 - 01:32 | 29-09-2008 - 17:17 | |
CVE-2008-3687 | 6.8 |
Heap-based buffer overflow in the flask_security_label function in Xen 3.3, when compiled with the XSM:FLASK module, allows unprivileged domain users (domU) to execute arbitrary code via the flask_op hypercall.
|
08-08-2017 - 01:32 | 14-08-2008 - 22:41 | |
CVE-2008-3686 | 4.9 |
The rt6_fill_node function in net/ipv6/route.c in Linux kernel 2.6.26-rc4, 2.6.26.2, and possibly other 2.6.26 versions, allows local users to cause a denial of service (kernel OOPS) via IPv6 requests when no IPv6 input device is in use, which trigge
|
08-08-2017 - 01:32 | 14-08-2008 - 22:41 | |
CVE-2008-3247 | 7.2 |
The LDT implementation in the Linux kernel 2.6.25.x before 2.6.25.11 on x86_64 platforms uses an incorrect size for ldt_desc, which allows local users to cause a denial of service (system crash) or possibly gain privileges via unspecified vectors.
|
08-08-2017 - 01:31 | 24-07-2008 - 15:41 | |
CVE-2008-3444 | 4.3 |
The content layout component in Mozilla Firefox 3.0 and 3.0.1 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted but well-formed web page that contains "a simple set of legitimate HTML
|
08-08-2017 - 01:31 | 04-08-2008 - 10:59 | |
CVE-2008-2420 | 6.8 |
The OCSP functionality in stunnel before 4.24 does not properly search certificate revocation lists (CRL), which allows remote attackers to bypass intended access restrictions by using revoked certificates.
|
08-08-2017 - 01:31 | 23-05-2008 - 15:32 | |
CVE-2008-3329 | 9.3 |
Unspecified vulnerability in Links before 2.1, when "only proxies" is enabled, has unknown impact and attack vectors related to providing "URLs to external programs."
|
08-08-2017 - 01:31 | 27-07-2008 - 22:41 | |
CVE-2008-3350 | 5.0 |
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vul
|
08-08-2017 - 01:31 | 28-07-2008 - 17:41 | |
CVE-2008-3533 | 10.0 |
Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstr
|
08-08-2017 - 01:31 | 18-08-2008 - 17:41 | |
CVE-2008-3214 | 7.8 |
dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.
|
08-08-2017 - 01:31 | 18-07-2008 - 16:41 | |
CVE-2008-2827 | 4.6 |
The rmtree function in lib/File/Path.pm in Perl 5.10 does not properly check permissions before performing a chmod, which allows local users to modify the permissions of arbitrary files via a symlink attack, a different vulnerability than CVE-2005-04
|
08-08-2017 - 01:31 | 23-06-2008 - 19:41 | |
CVE-2008-3067 | 2.1 |
sudo in SUSE openSUSE 10.3 does not clear the stdin buffer when password entry times out, which might allow local users to obtain a password by reading stdin from the parent process after a sudo child process exits.
|
08-08-2017 - 01:31 | 07-07-2008 - 23:41 | |
CVE-2008-3259 | 1.2 |
OpenSSH before 5.1 sets the SO_REUSEADDR socket option when the X11UseLocalhost configuration setting is disabled, which allows local users on some platforms to hijack the X11 forwarding port via a bind to a single IP address, as demonstrated on the
|
08-08-2017 - 01:31 | 22-07-2008 - 16:41 | |
CVE-2008-3134 | 5.0 |
Multiple unspecified vulnerabilities in GraphicsMagick before 1.2.4 allow remote attackers to cause a denial of service (crash, infinite loop, or memory consumption) via (a) unspecified vectors in the (1) AVI, (2) AVS, (3) DCM, (4) EPT, (5) FITS, (6)
|
08-08-2017 - 01:31 | 10-07-2008 - 23:41 | |
CVE-2008-3076 | 9.3 |
The Netrw plugin 125 in netrw.vim in Vim 7.2a.10 allows user-assisted attackers to execute arbitrary code via shell metacharacters in filenames used by the execute and system functions within the (1) mz and (2) mc commands, as demonstrated by the net
|
08-08-2017 - 01:31 | 21-02-2009 - 22:30 | |
CVE-2008-1671 | 4.6 |
start_kdeinit in KDE 3.5.5 through 3.5.9, when installed setuid root, allows local users to cause a denial of service and possibly execute arbitrary code via "user-influenceable input" (probably command-line arguments) that cause start_kdeinit to sen
|
08-08-2017 - 01:30 | 28-04-2008 - 17:05 | |
CVE-2008-2377 | 7.6 |
Use-after-free vulnerability in the _gnutls_handshake_hash_buffers_clear function in lib/gnutls_handshake.c in libgnutls in GnuTLS 2.3.5 through 2.4.0 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via
|
08-08-2017 - 01:30 | 08-08-2008 - 19:41 | |
CVE-2008-1530 | 9.3 |
GnuPG (gpg) 1.4.8 and 2.0.8 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted duplicate keys that are imported from key servers, which triggers "memory corruption around deduplication of user
|
08-08-2017 - 01:30 | 27-03-2008 - 23:44 | |
CVE-2008-1670 | 9.3 |
Heap-based buffer overflow in the progressive PNG Image loader (decoders/pngloader.cpp) in KHTML in KDE 4.0.x up to 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted image.
|
08-08-2017 - 01:30 | 28-04-2008 - 17:05 | |
CVE-2008-1891 | 5.0 |
Directory traversal vulnerability in WEBrick in Ruby 1.8.4 and earlier, 1.8.5 before 1.8.5-p231, 1.8.6 before 1.8.6-p230, 1.8.7 before 1.8.7-p22, and 1.9.0 before 1.9.0-2, when using NTFS or FAT filesystems, allows remote attackers to read arbitrary
|
08-08-2017 - 01:30 | 18-04-2008 - 22:05 | |
CVE-2008-2310 | 6.8 |
Format string vulnerability in c++filt in Apple Mac OS X 10.5 before 10.5.4 allows user-assisted attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted string in (1) C++ or (2) Java source code.
|
08-08-2017 - 01:30 | 01-07-2008 - 18:41 | |
CVE-2008-1628 | 4.1 |
Stack-based buffer overflow in the audit_log_user_command function in lib/audit_logging.c in Linux Audit before 1.7 might allow remote attackers to execute arbitrary code via a long command argument. NOTE: some of these details are obtained from thir
|
08-08-2017 - 01:30 | 02-04-2008 - 17:44 | |
CVE-2008-1688 | 7.5 |
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boun
|
08-08-2017 - 01:30 | 09-04-2008 - 19:05 | |
CVE-2008-2363 | 9.3 |
The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file t
|
08-08-2017 - 01:30 | 02-06-2008 - 21:30 | |
CVE-2008-1687 | 7.5 |
The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filena
|
08-08-2017 - 01:30 | 09-04-2008 - 19:05 | |
CVE-2008-1033 | 2.1 |
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environmen
|
08-08-2017 - 01:29 | 02-06-2008 - 21:30 | |
CVE-2008-0992 | 5.8 |
Array index error in pax in Apple Mac OS X 10.5.2 allows context-dependent attackers to execute arbitrary code via an archive with a crafted length value.
|
08-08-2017 - 01:29 | 18-03-2008 - 23:44 | |
CVE-2008-0163 | 4.4 |
Linux kernel 2.6, when using vservers, allows local users to access resources of other vservers via a symlink attack in /proc.
|
08-08-2017 - 01:29 | 12-02-2008 - 21:00 | |
CVE-2008-0883 | 3.7 |
acroread in Adobe Acrobat Reader 8.1.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files related to SSL certificate handling.
|
08-08-2017 - 01:29 | 06-03-2008 - 00:44 | |
CVE-2008-0495 | 7.8 |
Unspecified vulnerability in the Pegasus CIM Server in IBM Hardware Management Console (HMC) 7 R3.2.0 allows remote attackers to cause a denial of service via unspecified vectors.
|
08-08-2017 - 01:29 | 30-01-2008 - 22:00 | |
CVE-2008-0145 | 7.5 |
Unspecified vulnerability in glob in PHP before 4.4.8, when open_basedir is enabled, has unknown impact and attack vectors. NOTE: this issue reportedly exists because of a regression related to CVE-2007-4663.
|
08-08-2017 - 01:29 | 08-01-2008 - 19:46 | |
CVE-2007-6209 | 4.6 |
Util/difflog.pl in zsh 4.3.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
29-07-2017 - 01:34 | 04-12-2007 - 00:46 | |
CVE-2007-5896 | 7.1 |
Mozilla Firefox 2.0.0.9 allows remote attackers to cause a denial of service (CPU consumption and crash) via an iframe with Javascript that sets the document.location to contain a leading NULL byte (\x00) and a (1) res://, (2) about:config, or (3) fi
|
29-07-2017 - 01:33 | 08-11-2007 - 20:46 | |
CVE-2007-5795 | 6.3 |
The hack-local-variables function in Emacs before 22.2, when enable-local-variables is set to :safe, does not properly search lists of unsafe or risky variables, which might allow user-assisted attackers to bypass intended restrictions and modify cri
|
29-07-2017 - 01:33 | 02-11-2007 - 22:46 | |
CVE-2007-4826 | 3.5 |
bgpd in Quagga before 0.99.9 allows explicitly configured BGP peers to cause a denial of service (crash) via a malformed (1) OPEN message or (2) a COMMUNITY attribute, which triggers a NULL pointer dereference. NOTE: vector 2 only exists when debuggi
|
29-07-2017 - 01:33 | 12-09-2007 - 10:17 | |
CVE-2007-5849 | 9.3 |
Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
|
29-07-2017 - 01:33 | 19-12-2007 - 21:46 | |
CVE-2007-5079 | 6.0 |
Red Hat Enterprise Linux 4 does not properly compile and link gdm with tcp_wrappers on x86_64 platforms, which might allow remote attackers to bypass intended access restrictions.
|
29-07-2017 - 01:33 | 25-09-2007 - 01:17 | |
CVE-2007-5963 | 4.7 |
Unspecified vulnerability in kdebase allows local users to cause a denial of service (KDM login inaccessible, or resource consumption) via unknown vectors.
|
29-07-2017 - 01:33 | 19-12-2007 - 23:46 | |
CVE-2007-4663 | 7.5 |
Directory traversal vulnerability in PHP before 5.2.4 allows attackers to bypass open_basedir restrictions via unspecified vectors involving the glob function.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
CVE-2007-4659 | 7.5 |
The zend_alter_ini_entry function in PHP before 5.2.4 does not properly handle an interruption to the flow of execution triggered by a memory_limit violation, which has unknown impact and attack vectors.
|
29-07-2017 - 01:33 | 04-09-2007 - 22:17 | |
CVE-2007-5080 | 9.3 |
Integer overflow in RealNetworks RealPlayer 10 and 10.5, RealOne Player 1, and RealPlayer Enterprise for Windows allows remote attackers to execute arbitrary code via a crafted Lyrics3 2.00 tag in an MP3 file, resulting in a heap-based buffer overflo
|
29-07-2017 - 01:33 | 31-10-2007 - 17:46 | |
CVE-2007-4652 | 4.4 |
The session extension in PHP before 5.2.4 might allow local users to bypass open_basedir restrictions via a session file that is a symlink.
|
29-07-2017 - 01:33 | 04-09-2007 - 19:17 | |
CVE-2007-5471 | 7.8 |
libgssapi before 0.6-13.7, as used by the ISC BIND named daemon in SUSE Linux Enterprise Server 10 SP 1, terminates upon an initialization error, which allows remote attackers to cause a denial of service (daemon exit) via a GSS-TSIG request. NOTE:
|
29-07-2017 - 01:33 | 16-10-2007 - 00:17 | |
CVE-2007-4601 | 5.0 |
A regression error in tcp-wrappers 7.6.dbs-10 and 7.6.dbs-11 might allow remote attackers to bypass intended access restrictions when a service uses libwrap but does not specify server connection information.
|
29-07-2017 - 01:33 | 30-08-2007 - 22:17 | |
CVE-2007-5601 | 9.3 |
Stack-based buffer overflow in the Database Component in MPAMedia.dll in RealNetworks RealPlayer 10.5 and 11 beta, and earlier versions including 10, RealOne Player, and RealOne Player 2, allows remote attackers to execute arbitrary code via certain
|
29-07-2017 - 01:33 | 20-10-2007 - 20:17 | |
CVE-2007-5502 | 6.4 |
The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechan
|
29-07-2017 - 01:33 | 01-12-2007 - 06:46 | |
CVE-2007-3564 | 7.5 |
libcurl 7.14.0 through 7.16.3, when built with GnuTLS support, does not check SSL/TLS certificate expiration or activation dates, which allows remote attackers to bypass certain access restrictions.
|
29-07-2017 - 01:32 | 18-07-2007 - 17:30 | |
CVE-2007-3375 | 6.8 |
Stack-based buffer overflow in Lhaca File Archiver before 1.21 allows user-assisted remote attackers to execute arbitrary code via a crafted LZH archive, as exploited by malware such as Trojan.Lhdropper.
|
29-07-2017 - 01:32 | 25-06-2007 - 20:30 | |
CVE-2007-3144 | 6.4 |
Visual truncation vulnerability in Mozilla 1.7.12 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing attac
|
29-07-2017 - 01:32 | 11-06-2007 - 18:30 | |
CVE-2007-3143 | 6.4 |
Visual truncation vulnerability in Konqueror 3.5.5 allows remote attackers to spoof the address bar and possibly conduct phishing attacks via a long hostname, which is truncated after a certain number of characters, as demonstrated by a phishing atta
|
29-07-2017 - 01:32 | 11-06-2007 - 18:30 | |
CVE-2007-4225 | 6.8 |
Visual truncation vulnerability in KDE Konqueror 3.5.7 allows remote attackers to spoof the URL address bar via an http URI with a large amount of whitespace in the user/password portion.
|
29-07-2017 - 01:32 | 08-08-2007 - 21:17 | |
CVE-2007-3568 | 5.0 |
The _LoadBMP function in imlib 1.9.15 and earlier allows context-dependent attackers to cause a denial of service (infinite loop) via a BMP image with a Bits Per Page (BPP) value of 0.
|
29-07-2017 - 01:32 | 05-07-2007 - 19:30 | |
CVE-2007-3728 | 5.0 |
Buffer overflow in lib/silcclient/client_notify.c of SILC Client and SILC Toolkit before 1.1.2 allows remote attackers to cause a denial of service via "NICK_CHANGE" notifications.
|
29-07-2017 - 01:32 | 12-07-2007 - 17:30 | |
CVE-2007-2353 | 5.0 |
Apache Axis 1.0 allows remote attackers to obtain sensitive information by requesting a non-existent WSDL file, which reveals the installation path in the resulting exception message.
|
29-07-2017 - 01:31 | 30-04-2007 - 22:19 | |
CVE-2007-1886 | 6.8 |
Integer overflow in the str_replace function in PHP 4.4.5 and PHP 5.2.1 allows context-dependent attackers to have an unknown impact via a single character search string in conjunction with a single character replacement string, which causes an "off
|
29-07-2017 - 01:31 | 06-04-2007 - 01:19 | |
CVE-2007-1889 | 7.5 |
Integer signedness error in the _zend_mm_alloc_int function in the Zend Memory Manager in PHP 5.2.0 allows remote attackers to execute arbitrary code via a large emalloc request, related to an incorrect signed long cast, as demonstrated via the HTTP
|
29-07-2017 - 01:31 | 06-04-2007 - 01:19 | |
CVE-2007-2030 | 4.9 |
lharc.c in lha does not securely create temporary files, which might allow local users to read or write files by creating a file before LHA is invoked.
|
29-07-2017 - 01:31 | 16-04-2007 - 20:19 | |
CVE-2007-2437 | 5.5 |
The X render (Xrender) extension in X.org X Window System 7.0, 7.1, and 7.2, with Xserver 1.3.0 and earlier, allows remote authenticated users to cause a denial of service (daemon crash) via crafted values to the (1) XRenderCompositeTrapezoids and (2
|
29-07-2017 - 01:31 | 02-05-2007 - 10:19 | |
CVE-2007-3008 | 4.3 |
Mbedthis AppWeb before 2.2.2 enables the HTTP TRACE method, which has unspecified impact probably related to remote information leaks and cross-site tracing (XST) attacks, a related issue to CVE-2004-2320 and CVE-2005-3398.
|
29-07-2017 - 01:31 | 04-06-2007 - 17:30 | |
CVE-2007-2741 | 9.3 |
Stack-based buffer overflow in Little CMS (lcms) before 1.15 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ICC profile in a JPG file.
|
29-07-2017 - 01:31 | 17-05-2007 - 19:30 | |
CVE-2007-2958 | 6.8 |
Format string vulnerability in the inc_put_error function in src/inc.c in Sylpheed 2.4.4, and Sylpheed-Claws (Claws Mail) 1.9.100 and 2.10.0, allows remote POP3 servers to execute arbitrary code via format string specifiers in crafted replies.
|
29-07-2017 - 01:31 | 27-08-2007 - 17:17 | |
CVE-2007-2519 | 6.8 |
Directory traversal vulnerability in the installer in PEAR 1.0 through 1.5.3 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the (1) install-as attribute in the file element in package.xml 1.0 or the
|
29-07-2017 - 01:31 | 22-05-2007 - 19:30 | |
CVE-2007-2243 | 5.0 |
OpenSSH 4.6 and earlier, when ChallengeResponseAuthentication is enabled, allows remote attackers to determine the existence of user accounts by attempting to authenticate via S/KEY, which displays a different response if the user account exists, a s
|
29-07-2017 - 01:31 | 25-04-2007 - 16:19 | |
CVE-2007-2407 | 4.0 |
The Samba server on Apple Mac OS X 10.3.9 and 10.4.10, when Windows file sharing is enabled, does not enforce disk quotas after dropping privileges, which allows remote authenticated users to use disk space in excess of quota.
|
29-07-2017 - 01:31 | 03-08-2007 - 10:17 | |
CVE-2007-1824 | 5.1 |
Buffer overflow in the php_stream_filter_create function in PHP 5 before 5.2.1 allows remote attackers to cause a denial of service (application crash) via a php://filter/ URL that has a name ending in the '.' character.
|
29-07-2017 - 01:31 | 02-04-2007 - 23:19 | |
CVE-2007-0247 | 5.0 |
squid/src/ftp.c in Squid before 2.6.STABLE7 allows remote FTP servers to cause a denial of service (core dump) via crafted FTP directory listing responses, possibly related to the (1) ftpListingFinish and (2) ftpHtmlifyListEntry functions.
|
29-07-2017 - 01:30 | 16-01-2007 - 18:28 | |
CVE-2007-1399 | 10.0 |
Stack-based buffer overflow in the zip:// URL wrapper in PECL ZIP 1.8.3 and earlier, as bundled with PHP 5.2.0 and 5.2.1, allows remote attackers to execute arbitrary code via a long zip:// URL, as demonstrated by actively triggering URL access from
|
29-07-2017 - 01:30 | 10-03-2007 - 22:19 | |
CVE-2007-1741 | 6.2 |
Multiple race conditions in suexec in Apache HTTP Server (httpd) 2.2.3 between directory and file validation, and their usage, allow local users to gain privileges and execute arbitrary code by renaming directories or performing symlink attacks. NOTE
|
29-07-2017 - 01:30 | 13-04-2007 - 16:19 | |
CVE-2007-0650 | 6.8 |
Buffer overflow in the open_sty function in mkind.c for makeindex 2.14 in teTeX might allow user-assisted remote attackers to overwrite files and possibly execute arbitrary code via a long filename. NOTE: other overflows exist but might not be explo
|
29-07-2017 - 01:30 | 01-02-2007 - 19:28 | |
CVE-2007-1649 | 7.8 |
PHP 5.2.1 allows context-dependent attackers to read portions of heap memory by executing certain scripts with a serialized data input string beginning with S:, which does not properly track the number of input bytes being processed.
|
29-07-2017 - 01:30 | 24-03-2007 - 00:19 | |
CVE-2007-1199 | 4.3 |
Adobe Reader and Acrobat Trial allow remote attackers to read arbitrary files via a file:// URI in a PDF document, as demonstrated with <</URI(file:///C:/)/S/URI>>, a different issue than CVE-2007-0045.
|
29-07-2017 - 01:30 | 02-03-2007 - 21:18 | |
CVE-2007-0248 | 5.0 |
The aclMatchExternal function in Squid before 2.6.STABLE7 allows remote attackers to cause a denial of service (crash) by causing an external_acl queue overload, which triggers an infinite loop.
|
29-07-2017 - 01:30 | 16-01-2007 - 18:28 | |
CVE-2007-0240 | 4.3 |
Cross-site scripting (XSS) vulnerability in Zope 2.10.2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors in a HTTP GET request.
|
29-07-2017 - 01:30 | 22-03-2007 - 18:19 | |
CVE-2006-6939 | 4.6 |
GNU ed before 0.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files, possibly in the open_sbuf function.
|
29-07-2017 - 01:29 | 17-01-2007 - 00:28 | |
CVE-2006-6305 | 7.5 |
Unspecified vulnerability in Net-SNMP 5.3 before 5.3.0.1, when configured using the rocommunity or rouser snmpd.conf tokens, causes Net-SNMP to grant write access to users or communities that only have read-only access.
|
29-07-2017 - 01:29 | 06-12-2006 - 22:28 | |
CVE-2006-7098 | 6.6 |
The Debian GNU/Linux 033_-F_NO_SETSID patch for the Apache HTTP Server 1.3.34-4 does not properly disassociate httpd from a controlling tty when httpd is started interactively, which allows local users to gain privileges to that tty via a CGI program
|
29-07-2017 - 01:29 | 03-03-2007 - 19:19 | |
CVE-2006-6332 | 7.5 |
Stack-based buffer overflow in net80211/ieee80211_wireless.c in MadWifi before 0.9.2.1 allows remote attackers to execute arbitrary code via unspecified vectors, related to the encode_ie and giwscan_cb functions.
|
29-07-2017 - 01:29 | 10-12-2006 - 11:28 | |
CVE-2007-0103 | 6.8 |
The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service (infinite loop), arbitrary code execution, or memory corruption, via a PDF file wit
|
29-07-2017 - 01:29 | 09-01-2007 - 00:28 | |
CVE-2007-0003 | 7.2 |
pam_unix.so in Linux-PAM 0.99.7.0 allows context-dependent attackers to log into accounts whose password hash, as stored in /etc/passwd or /etc/shadow, has only two characters.
|
29-07-2017 - 01:29 | 23-01-2007 - 21:28 | |
CVE-2006-5876 | 7.8 |
The soup_headers_parse function in soup-headers.c for libsoup HTTP library before 2.2.99 allows remote attackers to cause a denial of service (crash) via malformed HTTP headers, probably involving missing fields or values.
|
20-07-2017 - 01:34 | 16-01-2007 - 19:28 | |
CVE-2006-6057 | 4.9 |
The Linux kernel 2.6.x up to 2.6.18, and possibly other versions, on Fedora Core 6 and possibly other operating systems, allows local users to cause a denial of service (crash) via a malformed gfs2 file stream that triggers a NULL pointer dereference
|
20-07-2017 - 01:34 | 22-11-2006 - 01:07 | |
CVE-2006-6105 | 4.3 |
Format string vulnerability in the host chooser window (gdmchooser) in GNOME Foundation Display Manager (gdm) allows local users to execute arbitrary code via format string specifiers in a hostname, which are used in an error dialog.
|
20-07-2017 - 01:34 | 15-12-2006 - 02:28 | |
CVE-2006-5701 | 4.9 |
Double free vulnerability in squashfs module in the Linux kernel 2.6.x, as used in Fedora Core 5 and possibly other distributions, allows local users to cause a denial of service by mounting a crafted squashfs filesystem.
|
20-07-2017 - 01:33 | 03-11-2006 - 23:07 | |
CVE-2006-5397 | 2.1 |
The Xinput module (modules/im/ximcp/imLcIm.c) in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE envir
|
20-07-2017 - 01:33 | 03-11-2006 - 00:07 | |
CVE-2006-4513 | 5.1 |
Multiple integer overflows in the WV library in wvWare (formerly mswordview) before 1.2.3, as used by AbiWord, KWord, and possibly other products, allow user-assisted remote attackers to execute arbitrary code via a crafted Microsoft Word (DOC) file
|
20-07-2017 - 01:33 | 28-10-2006 - 00:07 | |
CVE-2006-4809 | 5.1 |
Stack-based buffer overflow in loader_pnm.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PNM image.
|
20-07-2017 - 01:33 | 07-11-2006 - 00:07 | |
CVE-2006-4808 | 2.6 |
Heap-based buffer overflow in loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted TGA image.
|
20-07-2017 - 01:33 | 07-11-2006 - 00:07 | |
CVE-2006-4807 | 2.6 |
loader_tga.c in imlib2 before 1.2.1, and possibly other versions, allows user-assisted remote attackers to cause a denial of service (crash) via a crafted TGA image that triggers an out-of-bounds memory read, a different issue than CVE-2006-4808.
|
20-07-2017 - 01:33 | 07-11-2006 - 00:07 | |
CVE-2006-4806 | 5.1 |
Multiple integer overflows in imlib2 allow user-assisted remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) ARGB (loader_argb.c), (2) PNG (loader_png.c), (3) LBM (loader_lbm.c), (4) JPEG (loade
|
20-07-2017 - 01:33 | 07-11-2006 - 00:07 | |
CVE-2006-3672 | 2.6 |
KDE Konqueror 3.5.1 and earlier allows remote attackers to cause a denial of service (application crash) by calling the replaceChild method on a DOM object, which triggers a null dereference, as demonstrated by calling document.replaceChild with a 0
|
20-07-2017 - 01:32 | 18-07-2006 - 15:47 | |
CVE-2006-3145 | 5.0 |
Buffer overflow in pamtofits of NetPBM 10.30 through 10.33 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code when assembling the header, possibly related to an off-by-one error.
|
20-07-2017 - 01:32 | 22-06-2006 - 22:06 | |
CVE-2006-4181 | 10.0 |
Format string vulnerability in the sqllog function in the SQL accounting code for radiusd in GNU Radius 1.2 and 1.3 allows remote attackers to execute arbitrary code via unknown vectors. This vulnerability is addressed in the following product releas
|
20-07-2017 - 01:32 | 28-11-2006 - 02:07 | |
CVE-2006-3174 | 2.6 |
Cross-site scripting (XSS) vulnerability in search.php in SquirrelMail 1.5.1 and earlier, when register_globals is enabled, allows remote attackers to inject arbitrary HTML via the mailbox parameter.
|
20-07-2017 - 01:32 | 23-06-2006 - 00:02 | |
CVE-2006-3093 | 6.8 |
Multiple unspecified vulnerabilities in Adobe Acrobat Reader (acroread) before 7.0.8 have unknown impact and unknown vectors. This vulnerability is addressed in the following product release:
Adobe, Acrobat Reader, 7.0.8
|
20-07-2017 - 01:32 | 19-06-2006 - 21:02 | |
CVE-2006-3005 | 5.0 |
The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended me
|
20-07-2017 - 01:31 | 13-06-2006 - 10:02 | |
CVE-2006-2563 | 2.1 |
The cURL library (libcurl) in PHP 4.4.2 and 5.1.4 allows attackers to bypass safe mode and read files via a file:// request containing null characters.
|
20-07-2017 - 01:31 | 29-05-2006 - 16:02 | |
CVE-2006-2502 | 5.1 |
Stack-based buffer overflow in pop3d in Cyrus IMAPD (cyrus-imapd) 2.3.2, when the popsubfolders option is enabled, allows remote attackers to execute arbitrary code via a long USER command.
|
20-07-2017 - 01:31 | 22-05-2006 - 16:06 | |
CVE-2006-3011 | 4.6 |
The error_log function in basic_functions.c in PHP before 4.4.4 and 5.x before 5.1.5 allows local users to bypass safe mode and open_basedir restrictions via a "php://" or other scheme in the third argument, which disables safe mode.
|
20-07-2017 - 01:31 | 26-06-2006 - 21:05 | |
CVE-2006-2083 | 7.5 |
Integer overflow in the receive_xattr function in the extended attributes patch (xattr.c) for rsync before 2.6.8 might allow attackers to execute arbitrary code via crafted extended attributes that trigger a buffer overflow.
|
20-07-2017 - 01:31 | 28-04-2006 - 21:02 | |
CVE-2006-2073 | 5.0 |
Unspecified vulnerability in ISC BIND allows remote attackers to cause a denial of service via a crafted DNS message with a "broken" TSIG, as demonstrated by the OUSPG PROTOS DNS test suite.
|
20-07-2017 - 01:31 | 27-04-2006 - 22:02 | |
CVE-2006-0743 | 5.0 |
Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.
|
20-07-2017 - 01:30 | 09-03-2006 - 20:02 | |
CVE-2006-0730 | 5.0 |
Multiple unspecified vulnerabilities in Dovecot before 1.0beta3 allow remote attackers to cause a denial of service (application crash or hang) via unspecified vectors involving (1) "potential hangs" in the APPEND command and "potential crashes" in (
|
20-07-2017 - 01:30 | 16-02-2006 - 11:02 | |
CVE-2006-1095 | 7.2 |
Directory traversal vulnerability in the FileSession object in Mod_python module 3.2.7 for Apache allows local users to execute arbitrary code via a crafted session cookie.
|
20-07-2017 - 01:30 | 09-03-2006 - 13:06 | |
CVE-2006-0883 | 5.0 |
OpenSSH on FreeBSD 5.3 and 5.4, when used with OpenPAM, does not properly handle when a forked child process terminates during PAM authentication, which allows remote attackers to cause a denial of service (client connection refusal) by connecting mu
|
20-07-2017 - 01:30 | 07-03-2006 - 02:02 | |
CVE-2006-1251 | 5.0 |
Argument injection vulnerability in greylistclean.cron in sa-exim 4.2 allows remote attackers to delete arbitrary files via an email with a To field that contains a filename separated by whitespace, which is not quoted when greylistclean.cron provide
|
20-07-2017 - 01:30 | 19-03-2006 - 01:02 | |
CVE-2005-4158 | 4.6 |
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the (1) PERLLIB, (2) PERL5LIB, and (3) PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that
|
20-07-2017 - 01:29 | 11-12-2005 - 02:03 | |
CVE-2006-0405 | 5.0 |
The TIFFFetchShortPair function in tif_dirread.c in libtiff 3.8.0 allows remote attackers to cause a denial of service (application crash) via a crafted TIFF image that triggers a NULL pointer dereference, possibly due to changes in type declarations
|
20-07-2017 - 01:29 | 25-01-2006 - 02:03 | |
CVE-2006-0043 | 4.6 |
Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks.
|
20-07-2017 - 01:29 | 31-01-2006 - 02:03 | |
CVE-2005-1229 | 4.6 |
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
|
11-07-2017 - 01:32 | 02-05-2005 - 04:00 | |
CVE-2005-1544 | 7.5 |
Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.
|
11-07-2017 - 01:32 | 14-05-2005 - 04:00 | |
CVE-2005-0373 | 7.5 |
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
|
11-07-2017 - 01:32 | 07-10-2004 - 04:00 | |
CVE-2004-2320 | 5.8 |
The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tr
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
CVE-2004-2300 | 7.2 |
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there are any standard configurations in which snmpd
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
CVE-2004-1717 | 7.5 |
Multiple buffer overflows in the psscan function in ps.c for gv (ghostview) allow remote attackers to execute arbitrary code via a Postscript file with a long (1) BoundingBox, (2) comment, (3) Orientation, (4) PageOrder, or (5) Pages value.
|
11-07-2017 - 01:31 | 16-08-2004 - 04:00 | |
CVE-2004-1808 | 2.1 |
Extcompose in metamail does not verify the output file before writing to it, which allows local users to overwrite arbitrary files via a symlink attack.
|
11-07-2017 - 01:31 | 31-12-2004 - 05:00 | |
CVE-2004-1653 | 6.4 |
The default configuration for OpenSSH enables AllowTcpForwarding, which could allow remote authenticated users to perform a port bounce, when configured with an anonymous access program such as AnonCVS.
|
11-07-2017 - 01:31 | 31-08-2004 - 04:00 | |
CVE-2004-1296 | 2.1 |
The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
|
11-07-2017 - 01:30 | 31-12-2004 - 05:00 | |
CVE-2004-1051 | 7.2 |
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
|
11-07-2017 - 01:30 | 01-03-2005 - 05:00 | |
CVE-2004-1020 | 5.0 |
The addslashes function in PHP 4.3.9 does not properly escape a NULL (/0) character, which may allow remote attackers to read arbitrary files in PHP applications that contain a directory traversal vulnerability in require or include statements, but a
|
11-07-2017 - 01:30 | 10-01-2005 - 05:00 | |
CVE-2004-0829 | 5.0 |
smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service (daemon crash) by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2.
|
11-07-2017 - 01:30 | 31-12-2004 - 05:00 | |
CVE-2004-1377 | 2.1 |
The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) scripts in a2ps before 4.13 allow local users to overwrite arbitrary files via a symlink attack on temporary files.
|
11-07-2017 - 01:30 | 27-12-2004 - 05:00 | |
CVE-2004-0603 | 10.0 |
gzexe in gzip 1.3.3 and earlier will execute an argument when the creation of a temp file fails instead of exiting the program, which could allow remote attackers or local users to execute arbitrary commands, a different vulnerability than CVE-1999-1
|
11-07-2017 - 01:30 | 06-12-2004 - 05:00 | |
CVE-2004-0996 | 2.1 |
main.c in cscope 15-4 and 15-5 creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.
|
11-07-2017 - 01:30 | 10-01-2005 - 05:00 | |
CVE-2002-1642 | 7.2 |
PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction log (pg_clog) data and cause a denial of service (data loss) via the VACUUM command.
|
11-07-2017 - 01:29 | 03-10-2002 - 04:00 | |
CVE-2002-1648 | 7.5 |
Cross-site request forgery (CSRF) vulnerability in compose.php in SquirrelMail before 1.2.3 allows remote attackers to send email as other users via an IMG URL with modified send_to and subject parameters.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-1650 | 7.5 |
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2002-1649 | 4.3 |
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag.
|
11-07-2017 - 01:29 | 31-12-2002 - 05:00 | |
CVE-2003-0618 | 2.1 |
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions.
|
11-07-2017 - 01:29 | 04-05-2004 - 04:00 | |
CVE-2002-0389 | 2.1 |
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
|
28-12-2016 - 02:59 | 18-06-2002 - 04:00 | |
CVE-2009-0242 | 5.0 |
** REJECT ** gmetad in Ganglia 3.1.1, when supporting multiple requests per connection on an interactive port, allows remote attackers to cause a denial of service via a request to the gmetad service with a path that does not exist, which causes Gan
|
16-12-2016 - 02:59 | 21-01-2009 - 11:30 | |
CVE-2005-2797 | 5.0 |
OpenSSH 4.0, and other versions before 4.2, does not properly handle dynamic port forwarding ("-D" option) when a listen address is not provided, which may cause OpenSSH to enable the GatewayPorts functionality.
|
08-12-2016 - 03:00 | 06-09-2005 - 17:03 | |
CVE-2006-5298 | 1.2 |
The mutt_adv_mktemp function in the Mutt mail client 1.5.12 and earlier does not properly verify that temporary files have been created with restricted permissions, which might allow local users to create files with weak permissions via a race condit
|
18-10-2016 - 03:41 | 16-10-2006 - 19:07 | |
CVE-2005-2991 | 2.1 |
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
|
18-10-2016 - 03:32 | 20-09-2005 - 20:03 | |
CVE-2005-0602 | 6.2 |
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
|
18-10-2016 - 03:12 | 02-05-2005 - 04:00 | |
CVE-2007-6720 | 4.3 |
libmikmod 3.1.9 through 3.2.0, as used by MikMod, SDL-mixer, and possibly other products, relies on the channel count of the last loaded song, rather than the currently playing song, for certain playback calculations, which allows user-assisted attac
|
04-10-2016 - 01:59 | 20-01-2009 - 16:30 | |
CVE-2009-1046 | 4.7 |
The console selection feature in the Linux kernel 2.6.28 before 2.6.28.4, 2.6.25, and possibly earlier versions, when the UTF-8 console is used, allows physically proximate attackers to cause a denial of service (memory corruption) by selecting a sma
|
31-05-2016 - 15:08 | 23-03-2009 - 16:30 | |
CVE-2009-4270 | 9.3 |
Stack-based buffer overflow in the errprintf function in base/gsmisc.c in ghostscript 8.64 through 8.70 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PDF file, as originally reported fo
|
09-01-2015 - 23:42 | 21-12-2009 - 16:30 | |
CVE-2010-1158 | 5.0 |
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string.
|
24-10-2013 - 03:22 | 20-04-2010 - 15:30 | |
CVE-2010-0393 | 6.9 |
The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a fi
|
15-05-2013 - 03:06 | 05-03-2010 - 19:30 | |
CVE-2009-1284 | 5.0 |
Buffer overflow in BibTeX 0.99 allows context-dependent attackers to cause a denial of service (memory corruption and crash) via a long .bib bibliography file.
|
19-04-2013 - 02:49 | 09-04-2009 - 16:27 | |
CVE-2008-5374 | 6.9 |
bash-doc 3.2 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/cb#####.? temporary file, related to the (1) aliasconv.sh, (2) aliasconv.bash, and (3) cshtobash scripts.
|
19-04-2013 - 02:42 | 08-12-2008 - 23:30 | |
CVE-2008-3196 | 7.8 |
skeleton.c in yacc does not properly handle reduction of a rule with an empty right hand side, which allows context-dependent attackers to cause an out-of-bounds stack access when the yacc stack pointer points to the end of the stack.
|
27-11-2012 - 03:48 | 16-07-2008 - 18:41 | |
CVE-2007-2448 | 2.1 |
Subversion 1.4.3 and earlier does not properly implement the "partial access" privilege for users who have access to changed paths but not copied paths, which allows remote authenticated users to obtain sensitive information (revision properties) via
|
06-11-2012 - 03:38 | 14-06-2007 - 23:30 | |
CVE-2007-3642 | 7.8 |
The decode_choice function in net/netfilter/nf_conntrack_h323_asn1.c in the Linux kernel before 2.6.20.15, 2.6.21.x before 2.6.21.6, and before 2.6.22 allows remote attackers to cause a denial of service (crash) via an encoded, out-of-range index val
|
31-10-2012 - 02:39 | 10-07-2007 - 01:30 | |
CVE-2008-4445 | 4.7 |
The sctp_auth_ep_set_hmacs function in net/sctp/auth.c in the Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.26.4, when the SCTP-AUTH extension is enabled, does not verify that the identifier index is within
|
30-10-2012 - 03:17 | 06-10-2008 - 19:54 | |
CVE-2009-3051 | 7.5 |
Multiple format string vulnerabilities in lib/silcclient/client_entry.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client before 1.1.8, allow remote attackers to execute arbitrary code via format string specifiers in
|
23-10-2012 - 03:10 | 10-09-2009 - 18:30 | |
CVE-2009-3163 | 7.5 |
Multiple format string vulnerabilities in lib/silcclient/command.c in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.10, and SILC Client 1.1.8 and earlier, allow remote attackers to execute arbitrary code via format string specifiers in
|
23-10-2012 - 03:10 | 10-09-2009 - 21:30 | |
CVE-2008-7160 | 5.8 |
The silc_http_server_parse function in lib/silchttp/silchttpserver.c in the internal HTTP server in silcd in Secure Internet Live Conferencing (SILC) Toolkit before 1.1.9 allows remote attackers to overwrite a stack location and possibly execute arbi
|
23-10-2012 - 03:01 | 10-09-2009 - 21:30 | |
CVE-2009-1265 | 5.0 |
Integer overflow in rose_sendmsg (sys/net/af_rose.c) in the Linux kernel 2.6.24.4, and other versions before 2.6.30-rc1, might allow remote attackers to obtain sensitive information via a large length value, which causes "garbage" memory to be sent.
|
23-03-2012 - 04:00 | 08-04-2009 - 01:30 | |
CVE-2008-4618 | 7.8 |
The Stream Control Transmission Protocol (sctp) implementation in the Linux kernel before 2.6.27 does not properly handle a protocol violation in which a parameter has an invalid length, which allows attackers to cause a denial of service (panic) via
|
19-03-2012 - 04:00 | 21-10-2008 - 00:10 | |
CVE-2009-4410 | 4.9 |
The fuse_ioctl_copy_user function in the ioctl handler in fs/fuse/file.c in the Linux kernel 2.6.29-rc1 through 2.6.30.y uses the wrong variable in an argument to the kunmap function, which allows local users to cause a denial of service (panic) via
|
19-03-2012 - 04:00 | 24-12-2009 - 16:30 | |
CVE-2009-2844 | 7.8 |
cfg80211 in net/wireless/scan.c in the Linux kernel 2.6.30-rc1 and other versions before 2.6.31-rc6 allows remote attackers to cause a denial of service (crash) via a sequence of beacon frames in which one frame omits an SSID Information Element (IE)
|
19-03-2012 - 04:00 | 18-08-2009 - 21:00 | |
CVE-2009-3234 | 4.9 |
Buffer overflow in the perf_copy_attr function in kernel/perf_counter.c in the Linux kernel 2.6.31-rc1 allows local users to cause a denial of service (crash) and execute arbitrary code via a "big size data" to the perf_counter_open system call.
|
19-03-2012 - 04:00 | 17-09-2009 - 10:30 | |
CVE-2009-3043 | 4.9 |
The tty_ldisc_hangup function in drivers/char/tty_ldisc.c in the Linux kernel 2.6.31-rc before 2.6.31-rc8 allows local users to cause a denial of service (system crash, sometimes preceded by a NULL pointer dereference) or possibly gain privileges via
|
19-03-2012 - 04:00 | 02-09-2009 - 17:30 | |
CVE-2009-1360 | 7.1 |
The __inet6_check_established function in net/ipv6/inet6_hashtables.c in the Linux kernel before 2.6.29, when Network Namespace Support (aka NET_NS) is enabled, allows remote attackers to cause a denial of service (NULL pointer dereference and system
|
19-03-2012 - 04:00 | 22-04-2009 - 15:30 | |
CVE-2009-0835 | 3.6 |
The __secure_computing function in kernel/seccomp.c in the seccomp subsystem in the Linux kernel 2.6.28.7 and earlier on the x86_64 platform, when CONFIG_SECCOMP is enabled, does not properly handle (1) a 32-bit process making a 64-bit syscall or (2)
|
19-03-2012 - 04:00 | 06-03-2009 - 11:30 | |
CVE-2009-0605 | 4.9 |
Stack consumption vulnerability in the do_page_fault function in arch/x86/mm/fault.c in the Linux kernel before 2.6.28.5 allows local users to cause a denial of service (memory corruption) or possibly gain privileges via unspecified vectors that trig
|
19-03-2012 - 04:00 | 17-02-2009 - 17:30 | |
CVE-2009-2702 | 7.5 |
KDE KSSL in kdelibs 3.5.4, 4.2.4, and 4.3 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL servers via a crafted
|
19-01-2012 - 03:40 | 08-09-2009 - 18:30 | |
CVE-2009-3288 | 4.9 |
The sg_build_indirect function in drivers/scsi/sg.c in Linux kernel 2.6.28-rc1 through 2.6.31-rc8 uses an incorrect variable when accessing an array, which allows local users to cause a denial of service (kernel OOPS and NULL pointer dereference), as
|
15-09-2011 - 03:06 | 22-09-2009 - 10:30 | |
CVE-2006-6297 | 5.0 |
Stack consumption vulnerability in the KFILE JPEG (kfile_jpeg) plugin in kdegraphics 3, as used by konqueror, digikam, and other KDE image browsers, allows remote attackers to cause a denial of service (stack consumption) via a crafted EXIF section i
|
04-08-2011 - 04:00 | 05-12-2006 - 11:28 | |
CVE-2007-1461 | 7.8 |
The compress.bzip2:// URL wrapper provided by the bz2 extension in PHP before 4.4.7, and 5.x before 5.2.2, does not implement safemode or open_basedir checks, which allows remote attackers to read bzip2 archives located outside of the intended direct
|
13-07-2011 - 04:00 | 14-03-2007 - 18:19 | |
CVE-2007-1460 | 5.0 |
The zip:// URL wrapper provided by the PECL zip extension in PHP before 4.4.7, and 5.2.0 and 5.2.1, does not implement safemode or open_basedir checks, which allows remote attackers to read ZIP archives located outside of the intended directories.
|
24-05-2011 - 04:00 | 14-03-2007 - 18:19 | |
CVE-2010-0562 | 6.8 |
The sdump function in sdump.c in fetchmail 6.3.11, 6.3.12, and 6.3.13, when running in verbose mode on platforms for which char is signed, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via
|
27-04-2011 - 04:00 | 08-02-2010 - 21:30 | |
CVE-2008-5187 | 7.5 |
The load function in the XPM loader for imlib2 1.4.2, and possibly other versions, allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted XPM file that triggers a "pointer arithmetic error" and a heap-
|
08-03-2011 - 03:14 | 21-11-2008 - 02:30 | |
CVE-2008-4314 | 8.5 |
smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to read arbitrary memory and cause a denial of service via crafted (1) trans, (2) trans2, and (3) nttrans requests, related to a "cut&paste error" that causes an improper bounds check to
|
08-03-2011 - 03:12 | 01-12-2008 - 15:30 | |
CVE-2007-6434 | 2.1 |
Linux kernel 2.6.23 allows local users to create low pages in virtual userspace memory and bypass mmap_min_addr protection via a crafted executable file that calls the do_brk function.
|
08-03-2011 - 03:02 | 18-12-2007 - 20:46 | |
CVE-2007-6313 | 6.5 |
MySQL Server 5.1.x before 5.1.23 and 6.0.x before 6.0.4 does not check the rights of the entity executing BINLOG, which allows remote authorized users to execute arbitrary BINLOG statements.
|
08-03-2011 - 03:02 | 18-02-2008 - 23:00 | |
CVE-2007-5965 | 4.3 |
QSslSocket in Trolltech Qt 4.3.0 through 4.3.2 does not properly verify SSL certificates, which might make it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service, or trick a service into acce
|
08-03-2011 - 03:01 | 08-01-2008 - 01:46 | |
CVE-2007-5797 | 7.5 |
SQLLoginModule in Apache Geronimo 2.0 through 2.1 does not throw an exception for a nonexistent username, which allows remote attackers to bypass authentication via a login attempt with any username not contained in the database.
|
08-03-2011 - 03:01 | 03-11-2007 - 00:46 | |
CVE-2007-5377 | 6.9 |
The (1) tramp-make-temp-file and (2) tramp-make-tramp-temp-file functions in Tramp 2.1.10 extension for Emacs, and possibly earlier 2.1.x versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files.
|
08-03-2011 - 03:00 | 12-10-2007 - 00:17 | |
CVE-2007-5087 | 4.9 |
The ATM module in the Linux kernel before 2.4.35.3, when CLIP support is enabled, allows local users to cause a denial of service (kernel panic) by reading /proc/net/atm/arp before the CLIP module has been loaded.
|
08-03-2011 - 03:00 | 26-09-2007 - 10:17 | |
CVE-2007-5007 | 6.8 |
Stack-based buffer overflow in the ir_fetch_seq function in balsa before 2.3.20 might allow remote IMAP servers to execute arbitrary code via a long response to a FETCH command.
|
08-03-2011 - 02:59 | 12-12-2007 - 22:10 | |
CVE-2007-1522 | 6.8 |
Double free vulnerability in the session extension in PHP 5.2.0 and 5.2.1 allows context-dependent attackers to execute arbitrary code via illegal characters in a session identifier, which is rejected by an internal session storage module, which call
|
08-03-2011 - 02:52 | 20-03-2007 - 20:19 | |
CVE-2007-1521 | 6.8 |
Double free vulnerability in PHP before 4.4.7, and 5.x before 5.2.2, allows context-dependent attackers to execute arbitrary code by interrupting the session_regenerate_id function, as demonstrated by calling a userspace error handler or triggering a
|
08-03-2011 - 02:52 | 20-03-2007 - 20:19 | |
CVE-2007-1287 | 4.3 |
A regression error in the phpinfo function in PHP 4.4.3 to 4.4.6, and PHP 6.0 in CVS, allows remote attackers to conduct cross-site scripting (XSS) attacks via GET, POST, or COOKIE array values, which are not escaped in the phpinfo output, as origina
|
08-03-2011 - 02:51 | 06-03-2007 - 20:19 | |
CVE-2007-0157 | 7.8 |
Array index error in the uri_lookup function in the URI parser for neon 0.26.0 to 0.26.2, possibly only on 64-bit platforms, allows remote malicious servers to cause a denial of service (crash) via a URI with non-ASCII characters, which triggers a bu
|
08-03-2011 - 02:48 | 09-01-2007 - 21:28 | |
CVE-2006-6493 | 5.1 |
Buffer overflow in the krbv4_ldap_auth function in servers/slapd/kerberos.c in OpenLDAP 2.4.3 and earlier, when OpenLDAP is compiled with the --enable-kbind (Kerberos KBIND) option, allows remote attackers to execute arbitrary code via an LDAP bind r
|
08-03-2011 - 02:46 | 13-12-2006 - 00:28 | |
CVE-2006-6698 | 1.9 |
The GConf daemon (gconfd) in GConf 2.14.0 creates temporary files under directories with names based on the username, even when GCONF_GLOBAL_LOCKS is not set, which allows local users to cause a denial of service by creating the directories ahead of
|
08-03-2011 - 02:46 | 22-12-2006 - 18:28 | |
CVE-2006-6660 | 4.3 |
The nodeType function in KDE libkhtml 4.2.0 and earlier, as used by Konquerer, KMail, and other programs, allows remote attackers to cause a denial of service (crash) via malformed HTML tags, possibly involving a COL SPAN tag embedded in a RANGE tag.
|
08-03-2011 - 02:46 | 20-12-2006 - 23:28 | |
CVE-2006-5466 | 5.4 |
Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ru_RU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages. Succ
|
08-03-2011 - 02:43 | 06-11-2006 - 17:07 | |
CVE-2006-4447 | 7.2 |
X.Org and XFree86, including libX11, xdm, xf86dga, xinit, xload, xtrans, and xterm, does not check the return values for setuid and seteuid calls when attempting to drop privileges, which might allow local users to gain privileges by causing those ca
|
08-03-2011 - 02:40 | 30-08-2006 - 01:04 | |
CVE-2005-3258 | 5.0 |
The rfc1738_do_escape function in ftp.c for Squid 2.5 STABLE11 and earlier allows remote FTP servers to cause a denial of service (segmentation fault) via certain "odd" responses.
|
08-03-2011 - 02:26 | 20-10-2005 - 10:02 | |
CVE-2005-3582 | 7.2 |
ImageMagick before 6.2.4.2-r1 allows local users in the portage group to increase privileges via a shared object in the Portage temporary build directory, which is added to the search path allowing objects in it to be loaded at runtime.
|
08-03-2011 - 02:26 | 16-11-2005 - 07:42 | |
CVE-2005-1730 | 9.3 |
Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this
|
08-03-2011 - 02:22 | 31-12-2005 - 05:00 | |
CVE-2007-5708 | 7.1 |
slapo-pcache (overlays/pcache.c) in slapd in OpenLDAP before 2.3.39, when running as a proxy-caching server, allocates memory using a malloc variant instead of calloc, which prevents an array from being initialized properly and might allow attackers
|
07-03-2011 - 05:00 | 30-10-2007 - 19:46 | |
CVE-2009-4228 | 4.3 |
Stack consumption vulnerability in u_bound.c in Xfig 3.2.5b and earlier allows remote attackers to cause a denial of service (application crash) via a long string in a malformed .fig file that uses the 1.3 file format, possibly related to the readfp_
|
20-01-2011 - 06:37 | 08-12-2009 - 18:30 | |
CVE-2010-1128 | 6.4 |
The Linear Congruential Generator (LCG) in PHP before 5.2.13 does not provide the expected entropy, which makes it easier for context-dependent attackers to guess values that were intended to be unpredictable, as demonstrated by session cookies gener
|
10-12-2010 - 06:39 | 26-03-2010 - 20:30 | |
CVE-2010-0397 | 5.0 |
The xmlrpc extension in PHP 5.3.1 does not properly handle a missing methodName element in the first argument to the xmlrpc_decode_request function, which allows context-dependent attackers to cause a denial of service (NULL pointer dereference and a
|
10-12-2010 - 06:37 | 16-03-2010 - 19:30 | |
CVE-2009-2624 | 6.8 |
The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a
|
18-11-2010 - 06:29 | 29-01-2010 - 18:30 | |
CVE-2007-0822 | 1.9 |
umount, when running with the Linux 2.6.15 kernel on Slackware Linux 10.2, allows local users to trigger a NULL dereference and application crash by invoking the program with a pathname for a USB pen drive that was mounted and then physically removed
|
15-09-2010 - 05:43 | 07-02-2007 - 20:28 | |
CVE-2006-3018 | 7.5 |
Unspecified vulnerability in the session extension functionality in PHP before 5.1.3 has unknown impact and attack vectors related to heap corruption.
|
15-09-2010 - 04:54 | 14-06-2006 - 23:02 | |
CVE-2010-1129 | 7.5 |
The safe_mode implementation in PHP before 5.2.13 does not properly handle directory pathnames that lack a trailing / (slash) character, which allows context-dependent attackers to bypass intended access restrictions via vectors related to use of the
|
31-08-2010 - 05:42 | 26-03-2010 - 20:30 | |
CVE-2009-0758 | 7.8 |
The originates_from_local_legacy_unicast_socket function in avahi-core/server.c in avahi-daemon 0.6.23 does not account for the network byte order of a port number when processing incoming multicast packets, which allows remote attackers to cause a d
|
12-08-2010 - 14:13 | 03-03-2009 - 16:30 | |
CVE-2010-0639 | 5.0 |
The htcpHandleTstRequest function in htcp.c in Squid 2.x before 2.6.STABLE24 and 2.7 before 2.7.STABLE8, and htcp.cc in 3.0 before 3.0.STABLE24, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via craf
|
02-08-2010 - 04:00 | 15-02-2010 - 18:30 | |
CVE-2009-2139 | 9.3 |
Heap-based buffer overflow in svtools/source/filter.vcl/wmf/enhwmf.cxx in Go-oo 2.x and 3.x before 3.0.1, previously named ooo-build and related to OpenOffice.org (OOo), allows remote attackers to execute arbitrary code via a crafted EMF file, a simi
|
19-07-2010 - 04:00 | 08-09-2009 - 23:30 | |
CVE-2009-4641 | 7.2 |
gnome-screensaver 2.28.0 does not resume adherence to its activation settings after an inhibiting application becomes unavailable on the session bus, which allows physically proximate attackers to access an unattended workstation on which screen lock
|
07-07-2010 - 04:00 | 11-02-2010 - 21:30 | |
CVE-2009-2260 | 5.0 |
stardict 3.0.1, when Enable Net Dict is configured, sends the contents of the clipboard to a dictionary server, which allows remote attackers to obtain sensitive information by sniffing the network.
|
13-06-2010 - 19:11 | 30-06-2009 - 10:30 | |
CVE-2010-1161 | 3.7 |
Race condition in GNU nano before 2.2.4, when run by root to edit a file that is not owned by root, allows local user-assisted attackers to change the ownership of arbitrary files via vectors related to the creation of backup files.
|
07-06-2010 - 04:00 | 16-04-2010 - 19:30 | |
CVE-2010-1160 | 1.9 |
GNU nano before 2.2.4 does not verify whether a file has been changed before it is overwritten in a file-save operation, which allows local user-assisted attackers to overwrite arbitrary files via a symlink attack on an attacker-owned file that is be
|
07-06-2010 - 04:00 | 16-04-2010 - 19:30 | |
CVE-2009-4835 | 4.3 |
The (1) htk_read_header, (2) alaw_init, (3) ulaw_init, (4) pcm_init, (5) float32_init, and (6) sds_read_header functions in libsndfile 1.0.20 allow context-dependent attackers to cause a denial of service (divide-by-zero error and application crash)
|
11-05-2010 - 04:00 | 06-05-2010 - 12:47 | |
CVE-2006-2789 | 2.6 |
Evolution 2.2.x and 2.3.x in GNOME 2.7 and 2.8, when "load images if sender in addressbook" is enabled, allows remote attackers to cause a denial of service (persistent crash) via a crafted "From" header that triggers an assert error in camel-interne
|
02-04-2010 - 07:56 | 02-06-2006 - 22:02 | |
CVE-2005-4745 | 7.5 |
SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. The vendor released version 1.1.1 to address this issue.
|
02-04-2010 - 06:30 | 31-12-2005 - 05:00 | |
CVE-2005-4746 | 7.8 |
Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".
|
02-04-2010 - 06:30 | 31-12-2005 - 05:00 | |
CVE-2008-5824 | 6.8 |
Heap-based buffer overflow in msadpcm.c in libaudiofile in audiofile 0.2.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted WAV file.
|
26-03-2010 - 05:24 | 02-01-2009 - 19:30 | |
CVE-2010-0728 | 8.5 |
smbd in Samba 3.3.11, 3.4.6, and 3.5.0, when libcap support is enabled, runs with the CAP_DAC_OVERRIDE capability, which allows remote authenticated users to bypass intended file permissions via standard filesystem operations with any client.
|
10-03-2010 - 20:13 | 10-03-2010 - 20:13 | |
CVE-2009-4629 | 5.0 |
Mozilla Necko, as used in Thunderbird 3.0.1, SeaMonkey, and other applications, performs DNS prefetching even when the app type is APP_TYPE_MAIL or APP_TYPE_EDITOR, which makes it easier for remote attackers to determine the network location of the a
|
02-02-2010 - 05:00 | 29-01-2010 - 18:30 | |
CVE-2009-4630 | 5.0 |
Mozilla Necko, as used in Firefox, SeaMonkey, and other applications, performs DNS prefetching of domain names contained in links within local HTML documents, which makes it easier for remote attackers to determine the network location of the applica
|
31-01-2010 - 05:00 | 29-01-2010 - 18:30 | |
CVE-2005-4636 | 4.6 |
OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings
|
12-11-2009 - 05:51 | 31-12-2005 - 05:00 | |
CVE-2009-3765 | 6.8 |
mutt_ssl.c in mutt 1.5.19 and 1.5.20, when OpenSSL is used, does not properly handle a '\0' character in a domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL se
|
29-10-2009 - 04:00 | 23-10-2009 - 19:30 | |
CVE-2009-2707 | 4.9 |
Unspecified vulnerability in ia32el (aka the IA 32 emulation functionality) before 7042_7022-0.4.2 in SUSE Linux Enterprise (SLE) 10 SP2 on Itanium IA64 machines allows local users to cause a denial of service (system crash) via a 32-bit x86 applicat
|
18-09-2009 - 10:30 | 18-09-2009 - 10:30 | |
CVE-2009-1272 | 5.0 |
The php_zip_make_relative_path function in php_zip.c in PHP 5.2.x before 5.2.9 allows context-dependent attackers to cause a denial of service (crash) via a ZIP file that contains filenames with relative paths, which is not properly handled during ex
|
16-09-2009 - 05:30 | 08-04-2009 - 18:30 | |
CVE-2009-0179 | 4.3 |
libmikmod 3.1.11 through 3.2.0, as used by MikMod and possibly other products, allows user-assisted attackers to cause a denial of service (application crash) by loading an XM file.
|
02-09-2009 - 05:20 | 20-01-2009 - 16:30 | |
CVE-2008-7002 | 7.2 |
PHP 5.2.5 does not enforce (a) open_basedir and (b) safe_mode_exec_dir restrictions for certain functions, which might allow local users to bypass intended access restrictions and call programs outside of the intended directory via the (1) exec, (2)
|
19-08-2009 - 05:24 | 19-08-2009 - 05:24 | |
CVE-2009-2621 | 5.0 |
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 does not properly enforce "buffer limits and related bound checks," which allows remote attackers to cause a denial of service via (1) an incomplete request or (2) a request with a large header
|
12-08-2009 - 05:30 | 28-07-2009 - 17:30 | |
CVE-2009-2622 | 5.0 |
Squid 3.0 through 3.0.STABLE16 and 3.1 through 3.1.0.11 allows remote attackers to cause a denial of service via malformed requests including (1) "missing or mismatched protocol identifier," (2) missing or negative status value," (3) "missing version
|
12-08-2009 - 05:30 | 28-07-2009 - 17:30 | |
CVE-2009-1513 | 6.8 |
Buffer overflow in the PATinst function in src/load_pat.cpp in libmodplug before 0.8.7 allows user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via a long instrument name.
|
08-08-2009 - 05:26 | 04-05-2009 - 16:30 | |
CVE-2009-0653 | 7.5 |
OpenSSL, probably 0.9.6, does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack, a related issue to CVE-2002-0970.
|
25-06-2009 - 04:00 | 20-02-2009 - 19:30 | |
CVE-2009-0801 | 5.4 |
Squid, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, Silverlight, and probably other technologies, and possibly comm
|
18-06-2009 - 04:00 | 04-03-2009 - 16:30 | |
CVE-2009-0241 | 7.5 |
Stack-based buffer overflow in the process_path function in gmetad/server.c in Ganglia 3.1.1 allows remote attackers to cause a denial of service (crash) via a request to the gmetad service with a long pathname.
|
13-06-2009 - 05:30 | 21-01-2009 - 11:30 | |
CVE-2009-1416 | 7.5 |
lib/gnutls_pk.c in libgnutls in GnuTLS 2.5.0 through 2.6.5 generates RSA keys stored in DSA structures, instead of the intended DSA keys, which might allow remote attackers to spoof signatures on certificates or have unspecified other impact by lever
|
10-06-2009 - 05:29 | 30-04-2009 - 20:30 | |
CVE-2009-1631 | 2.1 |
The Mailer component in Evolution 2.26.1 and earlier uses world-readable permissions for the .evolution directory, and certain directories and files under .evolution/ related to local mail, which allows local users to obtain sensitive information by
|
23-05-2009 - 05:31 | 14-05-2009 - 17:30 | |
CVE-2008-5844 | 7.5 |
PHP 5.2.7 contains an incorrect change to the FILTER_UNSAFE_RAW functionality, and unintentionally disables magic_quotes_gpc regardless of the actual magic_quotes_gpc setting, which might make it easier for context-dependent attackers to conduct SQL
|
14-05-2009 - 05:32 | 05-01-2009 - 20:30 | |
CVE-2008-2025 | 4.3 |
Cross-site scripting (XSS) vulnerability in Apache Struts before 1.2.9-162.31.1 on SUSE Linux Enterprise (SLE) 11, before 1.2.9-108.2 on SUSE openSUSE 10.3, before 1.2.9-198.2 on SUSE openSUSE 11.0, and before 1.2.9-162.163.2 on SUSE openSUSE 11.1 al
|
18-04-2009 - 05:35 | 09-04-2009 - 15:08 | |
CVE-2008-4865 | 7.2 |
Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the sev
|
30-03-2009 - 04:00 | 01-11-2008 - 00:00 | |
CVE-2009-0671 | 5.0 |
** REJECT ** Format string vulnerability in the University of Washington (UW) c-client library, as used by the UW IMAP toolkit imap-2007d and other applications, allows remote attackers to execute arbitrary code via format string specifiers in the i
|
26-02-2009 - 07:08 | 22-02-2009 - 22:30 | |
CVE-2008-1142 | 3.7 |
rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected.
|
26-02-2009 - 05:00 | 07-04-2008 - 17:44 | |
CVE-2008-4474 | 7.2 |
freeradius-dialupadmin in freeradius 2.0.4 allows local users to overwrite arbitrary files via a symlink attack on temporary files in (1) backup_radacct, (2) clean_radacct, (3) monthly_tot_stats, (4) tot_stats, and (5) truncate_radacct.
|
06-02-2009 - 07:00 | 07-10-2008 - 21:11 | |
CVE-2009-0122 | 6.9 |
hplip.postinst in HP Linux Imaging and Printing (HPLIP) 2.7.7 and 2.8.2 on Ubuntu allows local users to change the ownership of arbitrary files via unspecified manipulations in advance of an HPLIP installation or upgrade by an administrator, related
|
31-01-2009 - 06:54 | 15-01-2009 - 17:30 | |
CVE-2008-5184 | 10.0 |
The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) can
|
29-01-2009 - 06:58 | 21-11-2008 - 02:30 | |
CVE-2004-2760 | 6.8 |
sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for
|
29-01-2009 - 05:37 | 31-12-2004 - 05:00 | |
CVE-2008-5618 | 5.0 |
imudp in rsyslog 4.x before 4.1.2, 3.21 before 3.21.9 beta, and 3.20 before 3.20.2 generates a message even when it is sent by an unauthorized sender, which allows remote attackers to cause a denial of service (disk consumption) via a large number of
|
17-12-2008 - 05:00 | 17-12-2008 - 02:30 | |
CVE-2007-6715 | 4.3 |
Mozilla Firefox allows remote attackers to cause a denial of service (crash) via crafted image, as demonstrated by the zzuf lol-firefox.gif test case.
|
15-11-2008 - 07:06 | 17-04-2008 - 22:05 | |
CVE-2007-4998 | 6.9 |
cp, when running with an option to preserve symlinks on multiple OSes, allows local, user-assisted attackers to overwrite arbitrary files via a symlink attack using crafted directories containing multiple source files that are copied to the same dest
|
15-11-2008 - 06:59 | 31-01-2008 - 21:00 | |
CVE-2007-3961 | 5.0 |
Off-by-one error in the fsp_readdir_r function in fsplib.c in fsplib before 0.9 allows remote attackers to cause a denial of service via a directory entry whose length is exactly MAXNAMELEN, which prevents a terminating null byte from being added. Ve
|
15-11-2008 - 06:54 | 25-07-2007 - 17:30 | |
CVE-2007-3636 | 7.5 |
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin 2.1 for Squirrelmail allow remote attackers to execute arbitrary commands via unspecified vectors. NOTE: this information is based upon a vague pre-advisory from a reliable researcher.
|
15-11-2008 - 06:53 | 10-07-2007 - 00:30 | |
CVE-2007-3719 | 2.1 |
The process scheduler in the Linux kernel 2.6.16 gives preference to "interactive" processes that perform voluntary sleeps, which allows local users to cause a denial of service (CPU consumption), as described in "Secretly Monopolizing the CPU Withou
|
15-11-2008 - 06:53 | 12-07-2007 - 16:30 | |
CVE-2007-0823 | 1.9 |
xterm on Slackware Linux 10.2 stores information that had been displayed for a different user account using the same xterm process, which might allow local users to bypass file permissions and read other users' files, or obtain other sensitive inform
|
15-11-2008 - 06:42 | 07-02-2007 - 20:28 | |
CVE-2007-3634 | 6.5 |
Unspecified vulnerability in the G/PGP (GPG) Plugin 2.0 for Squirrelmail 1.4.10a allows remote authenticated users to execute arbitrary commands via unspecified vectors, possibly related to the passphrase variable in the gpg_sign_attachment function,
|
15-11-2008 - 05:00 | 10-07-2007 - 00:30 | |
CVE-2007-3635 | 4.3 |
Multiple unspecified vulnerabilities in the G/PGP (GPG) Plugin before 2.1 for Squirrelmail might allow "local authenticated users" to inject certain commands via unspecified vectors. NOTE: this might overlap CVE-2005-1924, CVE-2006-4169, or CVE-2007-
|
15-11-2008 - 05:00 | 10-07-2007 - 00:30 | |
CVE-2007-3962 | 7.5 |
Multiple stack-based buffer overflows in fsplib.c in fsplib before 0.9 might allow remote attackers to execute arbitrary code via (1) a long filename that is not properly handled by the fsp_readdir_native function when MAXNAMLEN is greater than 255,
|
15-11-2008 - 05:00 | 25-07-2007 - 17:30 | |
CVE-2007-2176 | 10.0 |
Unspecified vulnerability in Mozilla Firefox allows remote attackers to execute arbitrary code via unspecified vectors involving Javascript errors. NOTE: this might be the same issue as CVE-2007-2175.
|
13-11-2008 - 05:00 | 24-04-2007 - 16:19 | |
CVE-2008-4723 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in Mozilla Firefox 3.0.1 through 3.0.3 allow remote attackers to inject arbitrary web script or HTML via an ftp:// URL for an HTML document within a (1) JPG, (2) PDF, or (3) TXT file. NOTE: the pro
|
24-10-2008 - 04:00 | 23-10-2008 - 22:00 | |
CVE-2007-4049 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-1205. Reason: This candidate is a duplicate of CVE-2000-1205. Notes: All CVE users should reference CVE-2000-1205 instead of this candidate. All references and descriptions in t
|
11-09-2008 - 00:57 | 30-07-2007 - 16:30 | |
CVE-2007-4044 | 5.0 |
** REJECT ** The MS-RPC functionality in smbd in Samba 3 on SUSE Linux before 20070720 does not include "one character in the shell escape handling." NOTE: this issue was originally characterized as a shell metacharacter issue due to an incomplete
|
11-09-2008 - 00:57 | 27-07-2007 - 22:30 | |
CVE-2007-0448 | 10.0 |
The fopen function in PHP 5.2.0 does not properly handle invalid URI handlers, which allows context-dependent attackers to bypass safe_mode restrictions and read arbitrary files via a file path specified with an invalid URI, as demonstrated via the s
|
11-09-2008 - 00:49 | 24-05-2007 - 18:30 | |
CVE-2005-4835 | 7.1 |
The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strengt
|
10-09-2008 - 19:54 | 31-12-2005 - 05:00 | |
CVE-2005-1344 | 7.5 |
Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to
|
10-09-2008 - 19:38 | 02-05-2005 - 04:00 | |
CVE-2004-1880 | 5.0 |
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption).
|
10-09-2008 - 19:32 | 31-12-2004 - 05:00 | |
CVE-2002-2061 | 7.5 |
Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earlier allows remote attackers to crash client browsers and execute arbitrary code via a PNG image with large width and height values and an 8-bit or 16-bit alpha channel.
|
10-09-2008 - 19:16 | 31-12-2002 - 05:00 | |
CVE-2001-1507 | 7.5 |
OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
|
10-09-2008 - 19:10 | 31-12-2001 - 05:00 | |
CVE-2001-0935 | 7.5 |
Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which is unrelated to the ftpglob bug described in CVE-2001-0550.
|
10-09-2008 - 19:09 | 28-11-2001 - 05:00 | |
CVE-2008-3440 | 7.5 |
Sun Java 1.6.0_03 and earlier versions, and possibly later versions, does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and
|
10-09-2008 - 04:00 | 01-08-2008 - 14:41 | |
CVE-2008-3437 | 7.5 |
OpenOffice.org (OOo) before 2.1.0 does not properly verify the authenticity of updates, which allows man-in-the-middle attackers to execute arbitrary code via a Trojan horse update, as demonstrated by evilgrade and DNS cache poisoning.
|
05-09-2008 - 21:43 | 01-08-2008 - 14:41 | |
CVE-2007-6025 | 7.1 |
Stack-based buffer overflow in driver_wext.c in wpa_supplicant 0.6.0 and earlier allows remote attackers to cause a denial of service (crash) via crafted TSF data.
|
05-09-2008 - 21:32 | 19-11-2007 - 22:46 | |
CVE-2007-5769 | 10.0 |
Double free vulnerability in the getreply function in ftp.c in netkit ftp (netkit-ftp) 0.17 20040614 and later allows remote FTP servers to cause a denial of service (application crash) and possibly have unspecified other impact via some types of FTP
|
05-09-2008 - 21:31 | 06-12-2007 - 15:46 | |
CVE-2007-4849 | 4.4 |
JFFS2, as used on One Laptop Per Child (OLPC) build 542 and possibly other Linux systems, when POSIX ACL support is enabled, does not properly store permissions during (1) inode creation or (2) ACL setting, which might allow local users to access res
|
05-09-2008 - 21:29 | 12-09-2007 - 20:17 | |
CVE-2007-3506 | 7.5 |
The ft_bitmap_assure_buffer function in src/base/ftbimap.c in FreeType 2.3.3 allows context-dependent attackers to cause a denial of service and possibly execute arbitrary code via unspecified vectors involving bitmap fonts, related to a "memory buff
|
05-09-2008 - 21:25 | 02-07-2007 - 19:30 | |
CVE-2007-2833 | 7.8 |
Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.
|
05-09-2008 - 21:24 | 21-06-2007 - 20:30 | |
CVE-2007-1565 | 7.8 |
Konqueror 3.5.5 allows remote attackers to cause a denial of service (crash) by using JavaScript to read a child iframe having an ftp:// URI.
|
05-09-2008 - 21:20 | 21-03-2007 - 19:19 | |
CVE-2007-1454 | 4.3 |
ext/filter in PHP 5.2.0, when FILTER_SANITIZE_STRING is used with the FILTER_FLAG_STRIP_LOW flag, does not properly strip HTML tags, which allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML with a '<' character followed by
|
05-09-2008 - 21:20 | 14-03-2007 - 18:19 | |
CVE-2007-1453 | 7.5 |
Buffer underflow in the PHP_FILTER_TRIM_DEFAULT macro in the filtering extension (ext/filter) in PHP 5.2.0 allows context-dependent attackers to execute arbitrary code by calling filter_var with certain modes such as FILTER_VALIDATE_INT, which causes
|
05-09-2008 - 21:20 | 14-03-2007 - 18:19 | |
CVE-2007-1381 | 7.6 |
The wddx_deserialize function in wddx.c 1.119.2.10.2.12 and 1.119.2.10.2.13 in PHP 5, as modified in CVS on 20070224 and fixed on 20070304, calls strlcpy where strlcat was intended and uses improper arguments, which allows context-dependent attackers
|
05-09-2008 - 21:20 | 10-03-2007 - 00:19 | |
CVE-2007-1452 | 5.0 |
The FDF support (ext/fdf) in PHP 5.2.0 and earlier does not implement the input filtering hooks for ext/filter, which allows remote attackers to bypass web site filters via an application/vnd.fdf formatted POST.
|
05-09-2008 - 21:20 | 14-03-2007 - 18:19 | |
CVE-2006-7205 | 5.0 |
The array_fill function in ext/standard/array.c in PHP 4.4.2 and 5.1.2 allows context-dependent attackers to cause a denial of service (memory consumption) via a large num value.
|
05-09-2008 - 21:16 | 24-05-2007 - 02:30 | |
CVE-2006-7175 | 7.5 |
The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired.
|
05-09-2008 - 21:16 | 27-03-2007 - 23:19 | |
CVE-2006-5649 | 4.6 |
Unspecified vulnerability in the "alignment check exception handling" in Ubuntu 5.10, 6.06 LTS, and 6.10 for the PowerPC (PPC) allows local users to cause a denial of service (kernel panic) via unspecified vectors.
|
05-09-2008 - 21:12 | 14-12-2006 - 00:28 | |
CVE-2006-3742 | 10.0 |
The KDE PAM configuration shipped with Fedora Core 5 causes KDM passwords to be cached, which allows attackers to login without a password by attempting to log in multiple times.
|
05-09-2008 - 21:07 | 06-09-2006 - 20:04 | |
CVE-2006-3378 | 7.2 |
passwd command in shadow in Ubuntu 5.04 through 6.06 LTS, when called with the -f, -g, or -s flag, does not check the return code of a setuid call, which might allow local users to gain root privileges if setuid fails in cases such as PAM failures or
|
05-09-2008 - 21:06 | 06-07-2006 - 20:05 | |
CVE-2005-4784 | 5.6 |
Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pa
|
05-09-2008 - 20:57 | 31-12-2005 - 05:00 | |
CVE-2005-4442 | 7.2 |
Untrusted search path vulnerability in OpenLDAP before 2.2.28-r3 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH.
|
05-09-2008 - 20:56 | 21-12-2005 - 02:03 | |
CVE-2005-2547 | 7.5 |
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper.
|
05-09-2008 - 20:52 | 12-08-2005 - 04:00 | |
CVE-2005-2642 | 7.5 |
Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.
|
05-09-2008 - 20:52 | 23-08-2005 - 04:00 | |
CVE-2005-1797 | 5.1 |
The design of Advanced Encryption Standard (AES), aka Rijndael, allows remote attackers to recover AES keys via timing attacks on S-box lookups, which are difficult to perform in constant time in AES implementations.
|
05-09-2008 - 20:50 | 26-05-2005 - 04:00 | |
CVE-2005-1119 | 2.1 |
Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.
|
05-09-2008 - 20:48 | 02-05-2005 - 04:00 | |
CVE-2004-2731 | 4.4 |
Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/openprom.c) for the Linux kernel 2.4.x up to 2.4.27, 2.6.x up to 2.6.7, and possibly later versions, allow local users to execute arbitrary code by specifying (1) a small buffer size t
|
05-09-2008 - 20:44 | 31-12-2004 - 05:00 | |
CVE-2004-2654 | 5.0 |
The clientAbortBody function in client_side.c in Squid Web Proxy Cache before 2.6 STABLE6 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors that trigger a null dereference. NOTE: in a followup advisory
|
05-09-2008 - 20:44 | 31-12-2004 - 05:00 | |
CVE-2003-1138 | 5.0 |
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page configured, via a GET request containing a double s
|
05-09-2008 - 20:36 | 27-10-2003 - 05:00 | |
CVE-2003-1308 | 4.6 |
CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x before 2.5.10 and 2.4.x before 2.4.18 allows local users to execute arbitrary commands via carriage returns in a filename.
|
05-09-2008 - 20:36 | 31-12-2003 - 05:00 | |
CVE-2003-0885 | 6.4 |
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary
|
05-09-2008 - 20:35 | 31-12-2003 - 05:00 | |
CVE-2003-0857 | 4.6 |
The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.
|
05-09-2008 - 20:35 | 31-12-2003 - 05:00 | |
CVE-2002-2210 | 6.2 |
The installation of OpenOffice 1.0.1 allows local users to overwrite files and possibly gain privileges via a symlink attack on the USERNAME_autoresponse.conf temporary file.
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 | |
CVE-2002-2013 | 5.0 |
Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote attackers to steal cookies from another domain via a link with a hex-encoded null character (%00) followed by the target domain.
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 | |
CVE-2002-2196 | 7.5 |
Samba before 2.2.5 does not properly terminate the enum_csc_policy data structure, which may allow remote attackers to execute arbitrary code via a buffer overflow attack.
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 | |
CVE-2002-2103 | 5.0 |
Apache before 1.3.24, when writing to the log file, records a spoofed hostname from the reverse lookup of an IP address, even when a double-reverse lookup fails, which allows remote attackers to hide the original source of activities.
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 | |
CVE-2002-2204 | 7.5 |
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source. A large deg
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 | |
CVE-2002-2043 | 7.5 |
SQL injection vulnerability in the LDAP and MySQL authentication patch for Cyrus SASL 1.5.24 and 1.5.27 allows remote attackers to execute arbitrary SQL commands and log in as arbitrary POP mail users via the password.
|
05-09-2008 - 20:32 | 31-12-2002 - 05:00 | |
CVE-2002-1903 | 5.0 |
Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information.
|
05-09-2008 - 20:31 | 31-12-2002 - 05:00 | |
CVE-2002-0497 | 2.1 |
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
|
05-09-2008 - 20:28 | 12-08-2002 - 04:00 | |
CVE-2002-0510 | 5.0 |
The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.
|
05-09-2008 - 20:28 | 12-08-2002 - 04:00 | |
CVE-1999-0997 | 7.5 |
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
|
05-09-2008 - 20:18 | 20-12-1999 - 05:00 | |
CVE-2006-7221 | 5.0 |
Multiple off-by-one errors in fsplib.c in fsplib before 0.8 allow attackers to cause a denial of service via unspecified vectors involving the (1) name and (2) d_name entry attributes.
|
05-09-2008 - 04:00 | 25-07-2007 - 17:30 | |
CVE-2007-4039 | 4.3 |
Argument injection vulnerability involving Mozilla, when certain URIs are registered, allows remote attackers to conduct cross-browser scripting attacks and execute arbitrary commands via shell metacharacters in an unspecified URI, which are inserted
|
05-09-2008 - 04:00 | 27-07-2007 - 22:30 | |
CVE-2007-1383 | 10.0 |
Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.
|
05-09-2008 - 04:00 | 10-03-2007 - 00:19 | |
CVE-2007-4721 | 5.0 |
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2007-6113. Reason: This candidate is a duplicate of CVE-2007-6113. Notes: All CVE users should reference CVE-2007-6113 instead of this candidate. All references and descriptions in t
|
11-02-2008 - 05:00 | 05-09-2007 - 19:17 |