Lucene search
+L

4884 matches found

openvas
openvas
added 2008/09/04 12:0 a.m.17 views

FreeBSD Ports: ja-uim

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

4.6CVSS6.7AI score0.0036EPSS
Exploits0References4
osv
osv
added 2008/06/02 9:30 p.m.4 views

DEBIAN-CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information credentials by reading the log data, related to "authentication environment variables."...

2.1CVSS6.2AI score0.01548EPSS
Exploits1References1
cvelist
cvelist
added 2008/05/19 10:0 a.m.25 views

CVE-2005-4875

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...

6.2AI score0.01382EPSS
Exploits0References3
ubuntucve
ubuntucve
added 2008/04/04 12:44 a.m.28 views

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

7.5CVSS5.9AI score0.0187EPSS
Exploits1References1
prion
prion
added 2008/04/04 12:44 a.m.17 views

Authentication flaw

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

7.5CVSS7.3AI score0.0187EPSS
Exploits1References10Affected Software1
nessus
nessus
added 2008/04/04 12:0 a.m.13 views

Apache-SSL Environment Variables Manipulation

Binary data 4460.prm...

7.5CVSS7.3AI score0.0187EPSS
Exploits1References4
cvelist
cvelist
added 2008/04/04 12:0 a.m.21 views

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

6.7AI score0.0187EPSS
Exploits1References10
nessus
nessus
added 2008/04/03 12:0 a.m.19 views

Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation

According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...

7.5CVSS5.6AI score0.0187EPSS
Exploits1References4
nvd
nvd
added 2008/03/31 11:44 p.m.18 views

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

7.2CVSS6.3AI score0.0038EPSS
Exploits0References10
prion
prion
added 2008/03/31 11:44 p.m.20 views

Authentication flaw

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

7.2CVSS6.4AI score0.03273EPSS
Exploits2References10Affected Software1
nvd
nvd
added 2008/03/31 11:44 p.m.23 views

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

7.2CVSS6.1AI score0.0038EPSS
Exploits0References10
prion
prion
added 2008/03/31 11:44 p.m.18 views

Code injection

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

7.2CVSS6.6AI score0.0038EPSS
Exploits0References10Affected Software1
cvelist
cvelist
added 2008/03/31 11:0 p.m.22 views

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

6.3AI score0.0038EPSS
Exploits0References10
cvelist
cvelist
added 2008/03/31 11:0 p.m.29 views

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

6AI score0.0038EPSS
Exploits0References10
ubuntucve
ubuntucve
added 2008/03/11 11:44 p.m.28 views

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...

6.9CVSS6.1AI score0.00371EPSS
Exploits1References1
nvd
nvd
added 2008/03/11 11:44 p.m.21 views

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...

6.9CVSS7.2AI score0.00371EPSS
Exploits1References6
cvelist
cvelist
added 2008/03/11 11:0 p.m.26 views

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...

7.2AI score0.00371EPSS
Exploits1References6
securityvulns
securityvulns
added 2008/03/11 12:0 a.m.67 views

iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability

iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...

6.9CVSS1.2AI score0.00371EPSS
Exploits1
cvelist
cvelist
added 2008/02/27 7:0 p.m.25 views

CVE-2008-1054

Stack-based buffer overflow in the libspawnusergetpid function in 1 swatch.exe and 2 surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via an HTTP request with multiple long heade...

8.3AI score0.07356EPSS
Exploits1References8
openvas
openvas
added 2008/01/17 12:0 a.m.30 views

Debian Security Advisory DSA 091-1 (ssh)

The remote host is missing an update to ssh announced via advisory DSA 091-1. OpenVAS Vulnerability Test $Id: deb0911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 091-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

7.2CVSS0.1AI score0.00871EPSS
Exploits0
Rows per page
Query Builder