93 matches found
Linux Kernel sys_utimensat本地拒绝服务漏洞
BUGTRAQ ID: 29134 CVECAN ID: CVE-2008-2148 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux Kernel的utimensat系统调用(sysutimensat)在使用某些UTIMENOW和UTIMEOMIT组合时没有检查文件权限,这可能允许本地用户修改任意文件的文件时间,导致拒绝服务的情况。 Linux kernel 2.6.25.3 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:...
CVE-2008-2148
CVE-2008-2148 affects the Linux kernel: UTIME_NOW/UTIME_OMIT handling in sys_utimensat in 2.6.22 and older than 2.6.25.3 allows a local user to modify the timestamps of arbitrary files, potentially causing a denial of service. The root cause is improper permission checks for certain UTIME_NOW/UTI...
CVE-2007-2148
Direct static code injection vulnerability in admin/save.php in Stephen Craton aka WiredPHP Chatness 2.5.3 and earlier allows remote authenticated administrators to inject PHP code into .html files via the html parameter, as demonstrated by head.html and foot.html, which are included and executed...
CVE-2007-2148
CVE-2007-2148 affects Stephen Craton (WiredPHP) Chatness 2.5.3 and earlier, with a vulnerability in admin/save.php. The issue allows remote authenticated administrators to inject PHP code into .html files via the html parameter; the injected code is then executed when index.php is requested (demo...
[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1052-1 [email protected] http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1052-1] New cgiirc packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1052-1 [email protected] http://www.debian.org/security/ Martin Schulze May 8th, 2006 http://www.debian.org/security/faq -...
CVE-2006-2148
CVE-2006-2148 affects CGIIRC in which multiple buffer overflows in the file client.c allow remote code execution via (1) cookies or (2) the query string. OpenVAS/Debian advisories document the issue and cite that vulnerable versions are prior to 0.5.8; Debian/Ubuntu advisories recommend upgrading...
CVE-2002-2148
The CVE covers Lucent Ascend devices: MAX Router 5.0 and earlier, Pipeline Router 6.0.2 and earlier, and DSLTerminator. Affected component/behavior is a UDP port 9 discard handling that causes the device to leak sensitive interface details (hostname, MAC, IP) in the response when an attacker send...
CVE-2005-2148
Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...
CVE-2005-2148
CVE-2005-2148 affects Cacti 0.8.6e and earlier. The issue is improper input validation in graph_image.php and graph.php, allowing remote attackers to manipulate $_REQUEST by sending a legitimate POST/cookie value and placing the attack string in the URL, potentially enabling arbitrary commands or...
CVE-2004-2148
Unknown local vulnerability in the "change user" feature of Slava Astashonok Fprobe 1.0.5 and earlier has unknown impact and attack vectors...
CVE-2004-2148
Technical details (affected product/component, vulnerability type, impact, exploit vectors) are not provided in the supplied documents. Monitor for updates from NVD/CVE records and related advisories.
CVE-2002-2148
Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Router 6.0.2 and earlier and Lucent DSLTerminator allows remote attackers to obtain sensitive information such as hostname, MAC, and IP address of the Ethernet interface via a discard UDP port 9 packet, which causes the device to le...