278 matches found
CVE-2006-0155
CVE-2006-0155 describes a cross-site scripting (XSS) flaw in the 427BB web app, specifically in posts.php across versions 2.2 and 2.2.1. The issue arises when a user submits a new message that uses a url BBCode tag containing a javascript URI, allowing remote attackers to inject arbitrary JavaScr...
FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)
Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...
DEBIAN-CVE-2005-0155
The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...
CVE-2005-0155
The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...
BELL-CVE-2005-0155 CVE-2005-0155 does not affect BellSoft software
Bulletin has no description...
CVE-2005-0155
The CVE-2005-0155 entry concerns the Perl PerlIO/ setuid wrapper (sperl) in Perl 5.8.0. The vulnerability arises when PERLIO_DEBUG is set, allowing a local user to cause the sperl process to create arbitrary files (or append debugging information), effectively giving root privileges through a loc...
CVE-2005-0155
The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...
Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:027)
A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to...
CVE-2004-0155
The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509...
CVE-2004-0155
Removed by vendor...
CVE-2004-0155
CVE-2004-0155 affects the KAME IKE daemon racoon (IPsec-tools). During Phase 1 RSA-signature authentication, racoon validates the X.509 certificate but does not verify the RSA signature, enabling a remote attacker who presents a valid, trusted X.509 cert to perform man-in-the-middle attacks or es...
CVE-2002-0155
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX...
CVE-2003-0155
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication...
CVE-2003-0155
CVE-2003-0155 affects bonsai, the Mozilla CVS query tool. It allows remote attackers to access the parameters page without authentication, exposing configuration parameters. CVSS v2 base score is 5.0 (medium) with Network attack vector, low attack complexity, no authentication required, and parti...
CVE-2003-0155
bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication...
CVE-2001-0155
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers...
CVE-2001-0155
The CVE-2001-0155 entry describes a format string vulnerability in the VShell SSH gateway 1.0.1 and earlier . The issue arises when a user name containing format string specifiers is processed, allowing a remote attacker to execute arbitrary commands. The vulnerability impact is described as remo...
CVE-1999-0155
The CVE concerns Ghostscript where the command-line option -dSAFER does not sufficiently constrain the sandbox, allowing a remote attacker to execute commands. The available connected documents identify the affected software as Ghostscript and the vulnerability type as remote command execution tr...