Lucene search
+L

2242 matches found

seebug.org
seebug.org
added 2008/11/06 12:0 a.m.26 views

htop隐藏进程名输入过滤漏洞

BUGTRAQ ID: 32081 CNCAN ID:CNCAN-2008110403 Htop是一款可与用户交互的进程查看器。 Htop存在输入过滤问题,本地攻击者可以利用漏洞隐藏进程名。 Htop没有在进程名中过滤不可打印字符,测试如下例子: echo -e '!/bin/sh\nwhile :;do :;done' $echo -ne '\e2J\eH' chmod a+x $echo -ne '\e2J\eH' ../$echo -ne '\e2J\eH' top更改非打印字符为问号,htop不更改的情况下就打印,因此可破坏显示内容,造成恶意进程不被显示出来。 Hisham...

6.9AI score
Exploits0
OpenVAS
OpenVAS
added 2008/11/01 12:0 a.m.29 views

Debian Security Advisory DSA 1652-1 (ruby1.9)

The remote host is missing an update to ruby1.9 announced via advisory DSA 1652-1. OpenVAS Vulnerability Test $Id: deb16521.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 1652-1 ruby1.9 Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

7.8CVSS0.8AI score0.70202EPSS
Exploits8
seebug.org
seebug.org
added 2008/10/31 12:0 a.m.44 views

OpenOffice WMF和EMF文件处理堆缓冲区溢出漏洞

BUGTRAQ ID: 31962 CVE ID:CVE-2008-2237 CVE-2008-2238 CNCVE ID:CNCVE-20082237 CNCVE-20082238 OpenOffice是一款开放源代码的文字处理程序。 OpenOffice处理WMF和EMF文件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 目前没有详细的漏洞细节提供。构建特殊的WMF和EMF文件可触发基于堆的溢出。 OpenOffice OpenOffice 2.4.1 OpenOffice OpenOffice 2.3.1 OpenOffice OpenOffice 2.3...

9.3CVSS0.1AI score0.06752EPSS
Exploits1
seebug.org
seebug.org
added 2008/10/28 12:0 a.m.50 views

Python 'Imageop'模块参数验证缓冲区溢出漏洞

BUGTRAQ ID: 31932 CNCAN ID:CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证,远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供,可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...

6.9AI score
Exploits0
ATTACKERKB
ATTACKERKB
added 2008/10/15 8:7 p.m.3 views

CVE-2008-4553

qemu-make-debian-root in qemu 0.9.1-5 on Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack on temporary files and directories...

7.2CVSS5.6AI score0.00486EPSS
Exploits1References13
Tenable Nessus
Tenable Nessus
added 2008/10/15 12:0 a.m.63 views

Debian DSA-1654-1 : libxml2 - buffer overflow

It was discovered that libxml2, the GNOME XML library, didn't correctly handle long entity names. This could allow the execution of arbitrary code via a malicious XML file. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted...

10CVSS7.3AI score0.23373EPSS
Exploits9References3
seebug.org
seebug.org
added 2008/10/14 12:0 a.m.58 views

Apache Tomcat 'RemoteFilterValve'安全绕过漏洞

BUGTRAQ ID: 31698 CVE ID:CVE-2008-3271 CNCVE ID:CNCVE-20083271 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理'RemoteFilterValve'扩展存在安全绕过问题,远程攻击者可以利用漏洞绕过访问限制,获得敏感信息。 在使用RemoteAddrValve允许部分地址访问引擎时: Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/...

4.3CVSS6.4AI score0.04807EPSS
Exploits2
seebug.org
seebug.org
added 2008/10/09 12:0 a.m.18 views

Graphvizt图像解析远程栈缓冲区溢出漏洞

BUGTRAQ ID: 31648 CNCAN ID:CNCAN-2008100907 Graphviz是一款将简单语法描述的结构转化为图形的工具。 Graphviz图像解析引擎存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。 问题存在于如下代码中: parser.y Graphviz 2.20.2: 34: static Agrapht Gstack32; 35: static int GSP; 45: static void pushsubgAgrapht g 46: 47: G = GstackGSP++ = g; 48:...

6.9AI score
Exploits0
seebug.org
seebug.org
added 2008/10/08 12:0 a.m.35 views

PHP FastCGI模块文件扩展拒绝服务漏洞

BUGTRAQ ID: 31612 CVE ID:CVE-2008-3660 CNCVE ID:CNCVE-20083660 PHP FastCGI是一款用于提高PHP性能的模块。 PHP FastCGI不正确处理部分文件请求,远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击。 1,ext/gd's imageloadfont函数存在溢出。 2,PHP内部memnstr函数作为explode函数导出到用户空间存在溢出。 这些函数接收部分webapps中用户提供的数据,可远程利用。 S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard...

5CVSS8.5AI score0.03346EPSS
Exploits1
seebug.org
seebug.org
added 2008/10/08 12:0 a.m.65 views

Lighttpd URI重写/重定向信息泄露漏洞

BUGTRAQ ID: 31599 CVE ID:CVE-2008-4359 CNCVE ID:CNCVE-20084359 Lighttpd是一款开放源代码的WEB服务器程序。 Lighttpd存在设计问题,远程攻击者可以利用漏洞获得敏感信息。 lighttpd 1.4.19和1.5.0之前的其他版本,在匹配重定向和重写模式之前没有对URL进行解码,可导致攻击者使用编码URL绕过重写规则。如果这些规则用于隐藏部分URL可导致安全问题。 lighttpd lighttpd 1.4.19 lighttpd lighttpd 1.4.18 lighttpd lighttpd 1.4.17...

7.5CVSS0.04345EPSS
Exploits1
seebug.org
seebug.org
added 2008/10/08 12:0 a.m.190 views

Lighttpd 'mod_userdir'大小写区分对比安全绕过漏洞

BUGTRAQ ID: 31600 CVE ID:CVE-2008-4360 CNCVE ID:CNCVE-20084360 Lighttpd是一款开放源代码的WEB服务器程序。 Lighttpd 'moduserdir'模块存在安全绕过问题,远程攻击者可以利用漏洞绕过部分安全限制,获得敏感信息。 lighttpd...

7.8CVSS0.04345EPSS
Exploits1
OpenVAS
OpenVAS
added 2008/10/08 12:0 a.m.27 views

Debian: Security Advisory (DSA-1647-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5CVSS8.1AI score0.06847EPSS
Exploits2References3
seebug.org
seebug.org
added 2008/09/25 12:0 a.m.17 views

多个供应商IMAP服务器远程拒绝服务漏洞

BUGTRAQ ID: 31318 CNCAN ID:CNCAN-2008092403 多个供应商的IMAP服务器处理IMAP登录请求时存在未明错误,可导致拒绝服务攻击。 攻击者可以利用此问题使受影响应用程序停止响应,对合法用户进行拒绝服务攻击。 目前测试受此漏洞影响的版本包括: University of Washington imapd Carnegie Mellon University Cyrus IMAP Server GNU Mailutils imapd University of Washington imapd GNU Mailutils 0 Debian Linux...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2008/09/23 12:0 a.m.27 views

Debian DSA-1642-1 : horde3 - XSS

Will Drewry discovered that Horde allows remote attackers to send an email with a crafted MIME attachment filename attribute to perform cross site scripting. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian...

4.3CVSS4.7AI score0.02979EPSS
Exploits2References2
seebug.org
seebug.org
added 2008/09/11 12:0 a.m.16 views

GNU Emacs 'python.el'代码执行漏洞

BUGTRAQ ID: 31052 CNCAN ID:CNCAN-2008091008 Emacs是一款可扩展的实时显示编辑器。 GNU Emacs不正确处理Python脚本,本地攻击者可以利用漏洞以应用程序权限执行任意代码。 GNU Emacs命令run-python'启动交互的Python解析器,在Python启动后,Emacs自动发送: import emacs 用于导入Emacs分发的emacs.py脚本,这个脚本一般位于包含其他Emacs程序文件的写保护的安装目录中,定义各种函数帮助Python与Emacs通信处理。...

6.8AI score
Exploits0
seebug.org
seebug.org
added 2008/08/27 12:0 a.m.41 views

LibTIFF 'tif_lzw.c'远程整数下溢漏洞

BUGTRAQ ID:30832 CVE ID:CVE-2008-2327 CNCVE ID:CNCVE-20082327 LibTiff是一款负责对TIFF图象格式进行编码/解码的应用库。 LibTIFF 'tiflzw.c'存在整数下溢问题,远程攻击者可以利用漏洞以链接此库的应用程序权限执行任意指令。 libtiff/tiflzw.c代码中的"LZWDecode"和"LZWDecodeCompat"函数存在错误,通过构建特殊的TIFF文件,诱使用户访问,可触发缓冲区下溢,导致以链接此库的应用程序权限执行任意指令。 LibTIFF LibTIFF 3.8.2 + Debian Linu...

6.8CVSS0.0413EPSS
Exploits1
seebug.org
seebug.org
added 2008/08/22 12:0 a.m.43 views

Linux Kernel 'snd_seq_oss_synth_make_info()' Information Disclosure Vulnerabilit

CVE-2008-3272 The Linux kernel is prone to an information-disclosure vulnerability. Successful exploits will allow attackers to obtain sensitive information that may aid in further attacks. Versions prior to Linux kernel 2.6.27-rc2 are vulnerable. Linux kernel 2.6.27 -rc1 Debian Linux 4.0 sparc...

6.6CVSS0.1AI score0.00417EPSS
Exploits3
Tenable Nessus
Tenable Nessus
added 2008/08/01 12:0 a.m.23 views

Debian DSA-1624-1 : libxslt - buffer overflows

Chris Evans discovered that a buffer overflow in the RC4 functions of libexslt may lead to the execution of arbitrary code. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-1624. The text...

7.5CVSS8.8AI score0.12789EPSS
Exploits2References2
seebug.org
seebug.org
added 2008/07/19 12:0 a.m.114 views

Debian OpenSSH SELinux Privilege Escalation Vulnerability

Debian Linux can be configured to utilize SELinux extensions. OpenSSH may also be configured to utilize SELinux, and to interface with the role-based privilege system. Debian Linux is prone to an SELinux privilege-escalation vulnerability due to a flaw in its OpenSSH package. Specifically, when...

7.2AI score
Exploits0
Snyk
Snyk
added 2008/07/18 4:41 p.m.3 views

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass sshd in OpenSSH 4 on Debian GNU/Linux, and the 20070303 OpenSSH snapshot, allows remote authenticated users to obtain access to arbitrary SELinux roles by appending a :/ colon slash sequence, followed by the ro...

6.5CVSS6.9AI score0.05773EPSS
Exploits1References2
Rows per page
Query Builder