OSCA-550, OSCA-550A Security Vulnerabilities
('sapi_apache2.c'), 这个问题最终会影响PHP的5.1.0和4.4.1之前版本 Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 ...
6.8AI Score
Cisco VPN Concentrator 3000 FTP Server Remote Manipulation (Exploit)
No description provided by...
7.1AI Score
IBM AIX是一款商业性质的UNIX操作系统。 AIX的snappd工具实现上存在漏洞,本地snapp组的攻击者可能利用此漏洞以root用户权限执行任意指令。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法: 删除setuid root位: chmod 550 /usr/sbin/snappd 厂商补丁: IBM 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
6.9AI Score
IBM AIX是一款商业性质的UNIX操作系统。 AIX的named8工具实现上存在漏洞,本地system组的攻击者可能利用此漏洞以root用户权限执行任意指令从而导致权限提升。 IBM AIX 5.3 IBM AIX 5.2 临时解决方法: 删除setuid root位: chmod 550 /usr/sbin/named8 厂商补丁: IBM 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ibm.com/servers/eserver/support/unixservers/aixfixes.html...
6.9AI Score
Cisco VPN 3000 Concentrator <= 4.1.7, 4.7.2 (FTP) Remote Exploit
No description provided by...
7.1AI Score
Cisco VPN 3000 Concentrator <= 4.1.7 4.7.2 (FTP) Remote Exploit
No description provided by...
7.1AI Score
7.1AI Score
Cisco VPN 3000 Concentrator <= 4.1.7, 4.7.2 (FTP) Remote Exploit
Exploit for hardware platform in category remote...
7.1AI Score
7.4AI Score
Cisco VPN 3000 Concentrator 4.1.74.7.2 - FTP Remote File System Access
Cisco VPN 3000 Concentrator 4.1.74.7.2 - FTP Remote File System...
0.8AI Score
CentOS 3 : openssh (CESA-2005:550)
Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This includes the core...
-0.4AI Score
0.061EPSS
Pearl For Mambo <= 1.6 Multiple Remote File Include Vulnerabilities
Exploit for unknown platform in category web...
7.1AI Score
INFIGO-2006-05-03: Multiple FTP Servers vulnerabilities
INFIGO IS Security Advisory #ADV-2006-05-03 http://www.infigo.hr/ Title: Multiple FTP Servers vulnerabilities Advisory ID: INFIGO-2006-05-03 Date: 2006-05-05 Advisory URL: http://www.infigo.hr/hr/in_focus/advisories/INFIGO-2006-05-03 Impact: Remote code execution and DoS...
0.7AI Score
[Full-disclosure] tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2
Source: http://securityreason.com/achievement_securityalert/36 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [tempnam() open_basedir bypass PHP 4.4.2 and 5.1.2] Author: Maksymilian Arciemowicz (cXIb8O3) Date: - -Written: 26.3.2006 - -Public: 8.4.2006 from SECURITYREASON.COM CVE-2006-1494 ---...
-0.5AI Score
0.025EPSS
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer...
7.1AI Score
0.018EPSS
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer...
6.6AI Score
0.018EPSS
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer...
6.6AI Score
0.018EPSS
engine/server.cpp in Sauerbraten 2006_02_28, as derived from the Cube engine, allows remote attackers to cause a denial of service (segmentation fault) via a client that does not completely join the game and times out, which results in a null pointer...
6.6AI Score
0.018EPSS
SimpleBBS <= v1.1 remote commands execution in c by: unitedasia security crew
/* SimpleBBS <= v1.1 remote commands execution in c coded by: unitedasia v.Dec.7.2005 greetz: iloveyouma http://geography.about.com/library/maps/blrasia.htm http://www.lib.utexas.edu/maps/middle_east_and_asia/asia_pol00.jpg $ gcc -o bbs bbs.c Usage ./bbs [host] [/folder/] [cmd] $ ./bbs...
0.3AI Score
7.1AI Score
7.4AI Score
EPSS
-0.1AI Score
SimpleBBS <= 1.1 Remote Commands Execution Exploit (c code)
Exploit for unknown platform in category web...
7.1AI Score
Service Detection (3 ASCII digit codes like FTP, SMTP, NNTP...)
This plugin performs service...
7.1AI Score
The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting the...
0.3AI Score
0.961EPSS
The FTPD glob vulnerability manifests itself in handling of the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs: an implementation of the glob command that does not properly return an error condition when interpreting...
9.8CVSS
9.7AI Score
0.961EPSS
RHEL 3 : openssh (RHSA-2005:550)
Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This includes the core...
-0.3AI Score
0.061EPSS
By crawling through the remote FTP server, Nessus discovered several directories were marked as being world-writable. This could have several negative impacts : - Temporary file uploads are sometimes immediately available to all anonymous users, allowing the FTP server to be used as a...
-0.4AI Score
CentOS Errata and Security Advisory CESA-2005:550 OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This includes the core files necessary for both the OpenSSH client and server. A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration...
6.3AI Score
0.061EPSS
(RHSA-2005:550) openssh security update
OpenSSH is OpenBSD's SSH (Secure SHell) protocol implementation. This includes the core files necessary for both the OpenSSH client and server. A bug was found in the way the OpenSSH server handled the MaxStartups and LoginGraceTime configuration variables. A malicious user could connect to the...
0.2AI Score
0.061EPSS
0.1AI Score
-0.2AI Score
-0.3AI Score
JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting
Security Advisory: JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting Date: 14/06/05 URL: http://www.illegalaccess.org/java/jboss_path.php Problem: The default installation of JBoss reveals the path of the installation directory and allows...
0.2AI Score
phpATM arbitrary PHP code inclusion
Affected product: phpATM Version vulnerable: 1.21, and probably earlier. Risk: High, execution of arbitrary PHP Vendor informed: Not possible (mail bounces with 550, tried twice) Vendor URL: http://phpatm.free.fr/ phpATM seems to be some up-/downloadscript for web environments. The discussed...
1.4AI Score
Golden Ftp Server Pro - Directory Traversal Vuln
Product: Golden Ftp Server Pro Affected Version(s) : v2.52 Credit / Discovered by: Lachlan. H Date vendor notified: 02/05/2005 Patch Released: N/A Disclosure: 03/05/2005 External References: http://secunia.com/advisories/15175/...
0.2AI Score
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to...
9.2AI Score
0.061EPSS
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to...
9.2AI Score
0.061EPSS
Directory Traversal Vuln - RaidenFTPD 2.4 < Build 2241
Product : RaidenFTPD Affected Versions : < 2.4.2241 Author: Lachlan. H Date vendor notified: 19/04/2005 Patch released: 20/04/2005 Disclosure: 02/05/2005 Product Description: RaidenFTPD is an easy-to-use ftp server software for Windows™. With this handy tool you can...
0.3AI Score
CrystalFTP Pro 2.8 Remote Buffer Overflow Exploit
Exploit for unknown platform in category remote...
7.1AI Score
7.4AI Score
EPSS
7.1AI Score
0.7AI Score
LOOKNMEET HTML INJECT EXPLOIT - By PPC^Rebyte 27feb2005 *** SEE BELOW FOR DUTCH VERSION *** *** NEDERLANDSE VERSIE ONDERAAN *** ( ENGLISH VERSION ) *** Status The vendor (AfterTheHype) is informed about this bug by Rebyte security on 04 march 2005....
AI Score
RHEL 3 : kernel (RHSA-2005:043)
Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues : iSEC Security Research discovered a VMA handling flaw in the...
0.8AI Score
0.608EPSS
(RHSA-2005:043) kernel security update
The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues: iSEC Security Research discovered a VMA handling flaw in the uselib(2) system call of the Linux kernel. A local user could make use of this flaw to gain elevated (root)...
0.7AI Score
0.608EPSS
3Com 3CDaemon Multiple Vulnerabilities
3Com 3CDaemon Multiple Vulnerabilities By Sowhat 04.JAN.2005 http://secway.org/advisory/ad20041011.txt [I.T.S] Security Research Team Product Affected: 3Com 3CDaemon 2.0 revision 10 Vendor: www.3Com.com (1) BACKGROUD 3CDaemon is a free popular TFTP, FTP, and Syslog daemon for Microsoft Windows ...
0.4AI Score
AI Score
sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to...
6.5AI Score
0.061EPSS
Fedora Core 3 : kdelibs-3.3.1-2.4.FC3 (2004-550)
Tue Dec 14 2004 Than Ngo 3.3.1-2.4.FC3 apply the patch to fix Konqueror Window Injection Vulnerability #142510 CVE-2004-1158, Thanks to KDE security team Fri Dec 10 2004 Than Ngo 3.3.1-2.3.FC3 Security Advisory: plain text password exposure, #142487 thanks to KDE...
-0.1AI Score
0.023EPSS