Lucene search
+L

104 matches found

seebug.org
seebug.org
added 2010/05/12 12:0 a.m.47 views

Tex Live dvipng工具数组索引漏洞

BUGTRAQ ID: 39969 CVECAN ID: CVE-2010-0829 dvipng是TeX Live所使用的从DVI文件生成PNG或GIF图形的工具。 dvipng工具中存在多个数组索引错误。在texlive-bin-2007.dfsg.2/build/source/texk/dvipng /draw.c文件中,SetChar函数使用了受dvi文件的创建者控制的索引并将其索引到了数组中。如果越过了数组的边界,攻击者就可以设置指向任意值的指针,导致执行任意代码。...

4.3CVSS2.7AI score0.04539EPSS
Exploits1
Tenable Nessus
Tenable Nessus
added 2010/05/11 12:0 a.m.41 views

RHEL 5 : tetex (RHSA-2010:0400)

Updated tetex packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings, are...

9.3CVSS6.1AI score0.10228EPSS
Exploits7References35
OSV
OSV
added 2010/05/07 6:24 p.m.5 views

CVE-2010-0829

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed DVI file...

7.6AI score
Exploits0References9
Debian CVE
Debian CVE
added 2010/05/07 5:43 p.m.32 views

CVE-2010-0829

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed DVI file...

4.3CVSS7.7AI score0.04539EPSS
Exploits1
CVE
CVE
added 2010/05/07 5:43 p.m.88 views

CVE-2010-0829

CVE-2010-0829 involves multiple array index errors in set.c within dvipng 1.11/1.12 and the TeX-based TeX/teTeX toolchain, allowing remote attackers to crash the application or possibly run arbitrary code by feeding a malformed DVI file. The provided connected documents confirm the affected compo...

4.3CVSS9.6AI score0.04539EPSS
Exploits1References9Affected Software1
Cvelist
Cvelist
added 2010/05/07 5:43 p.m.29 views

CVE-2010-0829

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed DVI file...

9.7AI score0.04539EPSS
Exploits1References9
UbuntuCve
UbuntuCve
added 2010/04/20 12:0 a.m.25 views

CVE-2010-0829

Multiple array index errors in set.c in dvipng 1.11 and 1.12, and teTeX, allow remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed DVI file...

4.3CVSS6.2AI score0.04539EPSS
Exploits1References2
CVE
CVE
added 2009/03/05 8:0 p.m.45 views

CVE-2009-0829

CVE-2009-0829 involves multiple SQL injection vulnerabilities in QuoteBook. The flaws allow remote attackers to execute arbitrary SQL commands by supplying crafted input through the following parameters: (1) MyBox and (2) selectFavorites to quotes.php, and (3) QuoteName and (4) QuoteText to quote...

7.5CVSS8.4AI score0.00905EPSS
Exploits0References2Affected Software1
Circl
Circl
added 2009/01/07 12:0 a.m.6 views

CVE-2009-0829

creationtimestamp| type| source ---|---|--- 2009-01-07 00:00:00+00:00| confirmed| https://www.exploit-db.com/exploits/7699...

7.5CVSS5.8AI score0.00905EPSS
Exploits0References1
NVD
NVD
added 2008/02/19 9:44 p.m.21 views

CVE-2008-0829

SQL injection vulnerability in jooget.php in the Joomlapixel Jooget! comjooget 2.6.8 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the id parameter in a detail task...

7.5CVSS8.4AI score0.01061EPSS
Exploits1References5
CVE
CVE
added 2007/02/07 10:0 p.m.53 views

CVE-2007-0829

CVE-2007-0829 affects avast! Server Edition prior to 4.7.726. The vulnerability is an authentication bypass where the product does not require a password in a particular intended context, allowing local users to bypass authentication requirements. The exploitation is local and results in partial ...

4.4CVSS6.6AI score0.00325EPSS
Exploits0References6Affected Software1
CVE
CVE
added 2006/02/21 11:0 p.m.56 views

CVE-2006-0829

E-Blah Platinum 9.7 is affected by CVE-2006-0829: a Referer (HTTP_REFERER) XSS vulnerability in the log viewer (“Click Log”). The underlying issue is inadequate sanitization of the Referer leading to execution of arbitrary script when an administrator loads the Log. Reports indicate remote exploi...

5CVSS6.1AI score0.02022EPSS
Exploits2References9Affected Software1
CVE
CVE
added 2005/03/22 5:0 a.m.45 views

CVE-2005-0829

The CVE-2005-0829 entry concerns a Cross-site scripting (XSS) vulnerability in the Digitanium addon to PHP-Fusion 5.01, specifically in setuser.php. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the user_name or user_pass parameters. Based on the provided do...

4.3CVSS6AI score0.01685EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2004/09/10 4:0 a.m.45 views

CVE-2004-0829

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service daemon crash by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2...

5CVSS5.6AI score0.03907EPSS
Exploits0
CVE
CVE
added 2004/09/10 4:0 a.m.74 views

CVE-2004-0829

The provided connected documents confirm CVE-2004-0829 is a DoS vulnerability in Samba prior to 2.2.11, where sending a FindNextPrintChangeNotify without a preceding FindFirstPrintChangeNotify can crash the daemon (as demonstrated by the Windows XP SP2 SMB client). Affected product: Samba (before...

5CVSS6.4AI score0.03907EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2004/09/10 4:0 a.m.31 views

CVE-2004-0829

smbd in Samba before 2.2.11 allows remote attackers to cause a denial of service daemon crash by sending a FindNextPrintChangeNotify request without a previous FindFirstPrintChangeNotify, as demonstrated by the SMB client in Windows XP SP2...

6.4AI score0.03907EPSS
Exploits0References5
Cvelist
Cvelist
added 2003/04/02 5:0 a.m.21 views

CVE-2002-0829

Integer overflow in the Berkeley Fast File System FFS in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system...

6.8AI score0.00329EPSS
Exploits0References4
CVE
CVE
added 2003/04/02 5:0 a.m.46 views

CVE-2002-0829

CVE-2002-0829: Integer overflow in the Berkeley Fast File System (FFS) on FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file larger than allowed by the virtual memory system. Affects FreeBSD FFS; vulnerability...

4.6CVSS7.2AI score0.00329EPSS
Exploits0References4Affected Software1
NVD
NVD
added 2002/08/12 4:0 a.m.18 views

CVE-2002-0829

Integer overflow in the Berkeley Fast File System FFS in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system...

4.6CVSS6.8AI score0.00329EPSS
Exploits0References4
CVE
CVE
added 2001/11/22 5:0 a.m.70 views

CVE-2001-0829

Apache Tomcat 3.x is affected by a cross-site scripting vulnerability (CVE-2001-0829) in which a malicious user can craft a request for a JSP file so that the default error page echoes the user-supplied input without proper escaping. The root cause is the error page displaying unvalidated URLs, a...

5.1CVSS5.8AI score0.1382EPSS
Exploits1References3Affected Software1
Rows per page
Query Builder