Lucene search
K

278 matches found

CVE
CVE
added 2006/01/10 11:0 a.m.69 views

CVE-2006-0155

CVE-2006-0155 describes a cross-site scripting (XSS) flaw in the 427BB web app, specifically in posts.php across versions 2.2 and 2.2.1. The issue arises when a user submits a new message that uses a url BBCode tag containing a javascript URI, allowing remote attackers to inject arbitrary JavaScr...

4.3CVSS5.9AI score0.01384EPSS
Exploits1References6Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.30 views

FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)

Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...

4.6CVSS5.7AI score0.01315EPSS
Exploits2References3
OSV
OSV
added 2005/05/02 4:0 a.m.3 views

DEBIAN-CVE-2005-0155

The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...

4.6CVSS6.6AI score0.01199EPSS
Exploits1References1
OSV
OSV
added 2005/05/02 4:0 a.m.13 views

CVE-2005-0155

The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...

6.1AI score
Exploits0References21
OSV
OSV
added 2005/05/02 4:0 a.m.1 views

BELL-CVE-2005-0155 CVE-2005-0155 does not affect BellSoft software

Bulletin has no description...

4.6CVSS5.8AI score0.01199EPSS
Exploits1References1
CVE
CVE
added 2005/02/07 5:0 a.m.148 views

CVE-2005-0155

The CVE-2005-0155 entry concerns the Perl PerlIO/ setuid wrapper (sperl) in Perl 5.8.0. The vulnerability arises when PERLIO_DEBUG is set, allowing a local user to cause the sperl process to create arbitrary files (or append debugging information), effectively giving root privileges through a loc...

4.6CVSS6AI score0.01199EPSS
Exploits1References16Affected Software1
Cvelist
Cvelist
added 2005/02/07 5:0 a.m.31 views

CVE-2005-0155

The PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to create arbitrary files via the PERLIODEBUG variable...

6AI score0.01199EPSS
Exploits1References16
Tenable Nessus
Tenable Nessus
added 2004/07/31 12:0 a.m.25 views

Mandrake Linux Security Advisory : ipsec-tools (MDKSA-2004:027)

A very serious security flaw was discovered by Ralf Spenneberg in racoon, the IKE daemon of the KAME-tools. Racoon does not very the RSA signature during phase one of a connection using either main or aggressive mode. Only the certificate of the client is verified, the certificate is not used to...

7.5CVSS5.3AI score0.03625EPSS
Exploits0References1
NVD
NVD
added 2004/06/01 4:0 a.m.18 views

CVE-2004-0155

The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, validates the X.509 certificate but does not verify the RSA signature authentication, which allows remote attackers to establish unauthorized IP connections or conduct man-in-the-middle attacks using a valid, trusted X.509...

7.5CVSS6.4AI score0.03625EPSS
Exploits0References12
Debian CVE
Debian CVE
added 2004/04/16 4:0 a.m.46 views

CVE-2004-0155

Removed by vendor...

7.5CVSS6.7AI score0.03625EPSS
Exploits0
CVE
CVE
added 2004/04/16 4:0 a.m.72 views

CVE-2004-0155

CVE-2004-0155 affects the KAME IKE daemon racoon (IPsec-tools). During Phase 1 RSA-signature authentication, racoon validates the X.509 certificate but does not verify the RSA signature, enabling a remote attacker who presents a valid, trusted X.509 cert to perform man-in-the-middle attacks or es...

7.5CVSS7.2AI score0.03625EPSS
Exploits0References12Affected Software1
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.16 views

CVE-2002-0155

Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX...

7.8AI score0.24104EPSS
Exploits0References5
NVD
NVD
added 2003/04/02 5:0 a.m.22 views

CVE-2003-0155

bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication...

5CVSS6.8AI score0.0177EPSS
Exploits0References2
CVE
CVE
added 2003/03/26 5:0 a.m.54 views

CVE-2003-0155

CVE-2003-0155 affects bonsai, the Mozilla CVS query tool. It allows remote attackers to access the parameters page without authentication, exposing configuration parameters. CVSS v2 base score is 5.0 (medium) with Network attack vector, low attack complexity, no authentication required, and parti...

5CVSS6.7AI score0.0177EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2003/03/26 5:0 a.m.22 views

CVE-2003-0155

bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication...

6.7AI score0.0177EPSS
Exploits0References2
Cvelist
Cvelist
added 2001/09/18 4:0 a.m.24 views

CVE-2001-0155

Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers...

7.6AI score0.02715EPSS
Exploits0References2
CVE
CVE
added 2001/09/18 4:0 a.m.54 views

CVE-2001-0155

The CVE-2001-0155 entry describes a format string vulnerability in the VShell SSH gateway 1.0.1 and earlier . The issue arises when a user name containing format string specifiers is processed, allowing a remote attacker to execute arbitrary commands. The vulnerability impact is described as remo...

7.5CVSS7.9AI score0.02715EPSS
Exploits0References2Affected Software1
CVE
CVE
added 1999/09/29 4:0 a.m.61 views

CVE-1999-0155

The CVE concerns Ghostscript where the command-line option -dSAFER does not sufficiently constrain the sandbox, allowing a remote attacker to execute commands. The available connected documents identify the affected software as Ghostscript and the vulnerability type as remote command execution tr...

7.5CVSS8AI score0.0279EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder