Lucene search
K

2876 matches found

RedHat Linux
RedHat Linux
added 2009/09/23 9:38 p.m.4 views

php: exif_read_data crash on corrupted JPEG files

The exifreaddata function in the Exif module in PHP before 5.2.10 allows remote attackers to cause a denial of service crash via a malformed JPEG image with invalid offset fields, a different issue than CVE-2005-3353...

5CVSS7.4AI score0.07678EPSS
Exploits2References4
RedHat Linux
RedHat Linux
added 2009/07/27 9:22 a.m.4 views

python off-by-one locale.strxfrm() (possible memory disclosure)

Off-by-one error in the PyLocalestrxfrm function in Modules/localemodule.c for Python 2.4 and 2.5 causes an incorrect buffer size to be used for the strxfrm function, which allows context-dependent attackers to read portions of memory via unknown manipulations that trigger a buffer over-read due ...

5CVSS6.8AI score0.12479EPSS
Exploits1References4
FreeBSD
FreeBSD
added 2009/02/19 12:0 a.m.41 views

pngcrush -- libpng Uninitialised Pointer Arrays Vulnerability

Secunia reports: A vulnerability has been reported in Pngcrush, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to the use of vulnerable libpng code...

6.8CVSS2.7AI score0.04825EPSS
Exploits2References2
RedHat Linux
RedHat Linux
added 2008/11/25 8:57 a.m.4 views

vim: arbitrary code execution in commands: K, Control-], g]

Vim 3.0 through 7.x before 7.2.010 does not properly escape characters, which allows user-assisted attackers to 1 execute arbitrary shell commands by entering a K keystroke on a line that contains a ";" semicolon followed by a command, or execute arbitrary Ex commands by entering an argument afte...

9.3CVSS6.1AI score0.09207EPSS
Exploits1References4
Debian CVE
Debian CVE
added 2008/09/04 6:0 p.m.21 views

CVE-2008-3931

javareconf in R 2.7.2 allows local users to overwrite arbitrary files via a symlink attack on temporary files...

6.9CVSS6.1AI score0.00352EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2008/06/20 1:41 a.m.22 views

CVE-2008-2666

Multiple directory traversal vulnerabilities in PHP 5.2.6 and earlier allow context-dependent attackers to bypass safemode restrictions by creating a subdirectory named http: and then placing ../ dot dot slash sequences in an http URL argument to the 1 chdir or 2 ftok function...

5CVSS7.1AI score0.13923EPSS
Exploits2References1
myhack58
myhack58
added 2008/01/09 12:0 a.m.27 views

Database system security vulnerability excavations-vulnerability warning-the black bar safety net

Today, in the virus raging, hacking the ubiquitous network environment where software security has become a concern of the topic. Traditional software security main concern is that the permissions and roles of management, such as access control or data confidentiality and integrity, such as...

8.1AI score
Exploits0
Oracle linux
Oracle linux
added 2007/12/04 12:0 a.m.27 views

Moderate: htdig security update

3:3.2.0b6-4 - CVE-2007-6110...

4.3CVSS0.4AI score0.04386EPSS
Exploits0
Fedora
Fedora
added 2007/11/13 12:8 a.m.45 views

[SECURITY] Fedora 8 Update: tomboy-0.8.1-3.fc8

Tomboy is a desktop note-taking application for Linux and Unix. Simple and easy to use, but with potential to help you organize the ideas and information y ou deal with every day. The key to Tomboy's usefulness lies in the ability to relate notes and ideas together. Using a WikiWiki-like linking...

6.9CVSS0.3AI score0.00481EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2007/10/16 7:8 a.m.6 views

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

4.3CVSS6AI score0.03485EPSS
Exploits0References4
myhack58
myhack58
added 2007/09/28 12:0 a.m.17 views

Hack of the classic tutorial of buffer overflow and decryption(a)-vulnerability warning-the black bar safety net

The buffer overflow weakness was born in the 7 0's. Morris Worm8 0'scan be considered their first public application. From the 9 0's, related document, such as the famous Aleph1's”Smashing the Stack for Fun and Profit”and code has been on the Internet disclosed. This article is about some need to...

0.2AI score
Exploits0
FreeBSD
FreeBSD
added 2007/09/09 12:0 a.m.55 views

lighttpd -- FastCGI header overrun in mod_fastcgi

lighttpd maintainer reports: Lighttpd is prone to a header overflow when using the modfastcgi extension, this can lead to arbitrary code execution in the fastcgi application. For a detailed description of the bug see the external reference. This bug was found by Mattias Bengtsson and Philip Olaus...

6.8CVSS7.4AI score0.12895EPSS
Exploits1References2
RedHat Linux
RedHat Linux
added 2007/09/04 6:13 p.m.7 views

krb5 kadmind uninitialized pointer

The kadm5modifypolicyinternal function in lib/kadm5/srv/svrpolicy.c in the Kerberos administration daemon kadmind in MIT Kerberos 5 krb5 1.5 through 1.6.2 does not properly check return values when the policy does not exist, which might allow remote authenticated users with the "modify policy"...

8.5CVSS7.7AI score0.06139EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2007/08/07 7:36 p.m.4 views

BMP image parser vulnerability

The BMP image parser in Sun Java Development Kit JDK before 1.5.011-b03 and 1.6.x before 1.6.001-b06, and Sun Java Runtime Environment in JDK and JRE 6, JDK and JRE 5.0 Update 10 and earlier, SDK and JRE 1.4.214 and earlier, and SDK and JRE 1.3.119 and earlier, when running on Unix/Linux systems,...

4.3CVSS6AI score0.03485EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2007/03/04 12:0 a.m.30 views

WebCalendar -- "noSet" variable overwrite vulnerability

Secunia reports: A vulnerability has been discovered in WebCalendar, which can be exploited by malicious people to compromise a vulnerable system. Input passed to unspecified parameters is not properly verified before being used with the "noSet" parameter set. This can be exploited to overwrite...

7.5CVSS6.6AI score0.02144EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2007/01/19 11:28 p.m.20 views

CVE-2007-0387

SQL injection vulnerability in models/category.php in the Weblinks component for Joomla! SVN 20070118 comweblinks allows remote attackers to execute arbitrary SQL commands via the catid parameter...

7.5CVSS6.2AI score0.01063EPSS
Exploits1References1
seebug.org
seebug.org
added 2006/12/10 12:0 a.m.25 views

SAP Internet Graphics Server远程缓冲区溢出漏洞

SAP Internet Graphics Server是SAP R/3企业环境的一个组件,可提供图形服务。 SAP Internet Graphics Server不正确处理用户提交的HTTP请求,远程攻击者可以利用漏洞进行缓冲区溢出攻击,可能以进程权限执行任意指令。 目前没有详细漏洞细节提供,成功利用漏洞可导致在UNIX系统下获得SAP系统管理员特权,而在windows下可导致获得SYSTEM权限。 SAP Internet Graphics Server 6.40 Patch 11 SAP Internet Graphics Server 6.40 SAP Internet...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2006/10/20 10:28 a.m.4 views

security flaw

Linux kernel 2.4.x and 2.6.x up to 2.6.16 allows local users to bypass IPC permissions and modify a readonly attachment of shared memory by using mprotect to give write permission to the attachment. NOTE: some original raw sources combined this issue with CVE-2006-1524, but they are different bug...

2.1CVSS5.7AI score0.00411EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2006/08/10 6:37 p.m.5 views

security flaw

Integer overflow in the Binary File Descriptor BFD library for gdb before 6.3, binutils, elfutils, and possibly other packages, allows user-assisted attackers to execute arbitrary code via a crafted object file that specifies a large number of section headers, leading to a heap-based buffer...

4.6CVSS8AI score0.006EPSS
Exploits0References4
myhack58
myhack58
added 2006/04/06 12:0 a.m.759 views

IDS evasion techniques and countermeasures detailed description-vulnerability warning-the black bar safety net

In the network thriving for a few days, the network security issues become increasingly prominent. Network on the Black, White two in the network security of the various fields are engaged in a fierce competition. The black hat community and constantly launch Dodge or across the networkintrusion...

Exploits0
Rows per page
Query Builder