Lucene search
+L

93 matches found

seebug
seebug
added 2008/06/04 12:0 a.m.41 views

Linux Kernel sys_utimensat本地拒绝服务漏洞

BUGTRAQ ID: 29134 CVECAN ID: CVE-2008-2148 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的utimensat系统调用(sysutimensat)在使用某些UTIMENOW和UTIMEOMIT组合时没有检查文件权限,这可能允许本地用户修改任意文件的文件时间,导致拒绝服务的情况。 Linux kernel 2.6.25.3 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...

3.6CVSS6.3AI score0.00388EPSS
Exploits1
cve
cve
added 2008/05/12 9:0 p.m.68 views

CVE-2008-2148

CVE-2008-2148 affects the Linux kernel: UTIME_NOW/UTIME_OMIT handling in sys_utimensat in 2.6.22 and older than 2.6.25.3 allows a local user to modify the timestamps of arbitrary files, potentially causing a denial of service. The root cause is improper permission checks for certain UTIME_NOW/UTI...

3.6CVSS6AI score0.00388EPSS
Exploits1References15Affected Software1
cvelist
cvelist
added 2007/04/19 10:0 a.m.31 views

CVE-2007-2148

Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...

6.9AI score0.01991EPSS
Exploits0References4
cve
cve
added 2007/04/19 10:0 a.m.54 views

CVE-2007-2148

CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...

6.5CVSS6.9AI score0.01991EPSS
Exploits0References4Affected Software1
debian
debian
added 2006/05/08 4:32 a.m.20 views

[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1052-1 [email protected] http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq -...

7.5CVSS0.5AI score0.04624EPSS
Exploits0
debian
debian
added 2006/05/08 4:32 a.m.31 views

[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 1052-1 [email protected] http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq -...

7.5CVSS7.3AI score0.04624EPSS
Exploits0
cve
cve
added 2006/05/02 9:0 p.m.50 views

CVE-2006-2148

CVE-2006-2148 affects CGIIRC in which multiple buffer overflows in the file client.c allow remote code execution via (1) cookies or (2) the query string. OpenVAS/Debian advisories document the issue and cite that vulnerable versions are prior to 0.5.8; Debian/Ubuntu advisories recommend upgrading...

7.5CVSS7.6AI score0.04624EPSS
Exploits0References10Affected Software1
cve
cve
added 2005/11/16 9:17 p.m.47 views

CVE-2002-2148

The CVE covers Lucent Ascend devices: MAX Router 5.0 and earlier, Pipeline Router 6.0.2 and earlier, and DSLTerminator. Affected component/behavior is a UDP port 9 discard handling that causes the device to leak sensitive interface details (hostname, MAC, IP) in the response when an attacker send...

5CVSS6.4AI score0.01373EPSS
Exploits0References3Affected Software3
osv
osv
added 2005/07/06 4:0 a.m.7 views

CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

7.8AI score
Exploits0References15
cve
cve
added 2005/07/06 4:0 a.m.53 views

CVE-2005-2148

CVE-2005-2148 affects Cacti 0.8.6e and earlier. The issue is improper input validation in graph_image.php and graph.php, allowing remote attackers to manipulate $_REQUEST by sending a legitimate POST/cookie value and placing the attack string in the URL, potentially enabling arbitrary commands or...

7.5CVSS7.7AI score0.03405EPSS
Exploits0References14Affected Software1
debiancve
debiancve
added 2005/07/01 4:0 a.m.17 views

CVE-2004-2148

Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors...

7.2CVSS6.3AI score0.00368EPSS
Exploits0
cve
cve
added 2005/07/01 4:0 a.m.44 views

CVE-2004-2148

Technical details (affected product/component, vulnerability type, impact, exploit vectors) are not provided in the supplied documents. Monitor for updates from NVD/CVE records and related advisories.

7.2CVSS6.4AI score0.00368EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2002/12/31 5:0 a.m.16 views

CVE-2002-2148

Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard UDP port 9 packet, which causes the device to le...

5CVSS6.1AI score0.01373EPSS
Exploits0References3
Rows per page
Query Builder