96 matches found
CVE-2013-4511
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...
CVE-2013-4511
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...
UBUNTU-CVE-2013-4511
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the 1 au1100fbfbmmap function in...
PT-2013-5051 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 3.12 Description: The issue is related to multiple integer overflows in Alchemy LCD frame-buffer drivers. Local users can create a read-write memory mapping for the entirety of kernel memory and gain privileges...
CVE-2006-6441
Xerox WorkCentre and WorkCentre Pro before 12.050.03.000, 13.x before 13.050.03.000, and 14.x before 14.050.03.000 allows local users to bypass security controls and boot Alchemy via certain alternate boot media, as demonstrated by a USB thumb drive...
Alchemy Eye HTTP Command Execution
Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker. SPDX-FileCopyrightText: 2001 HD Moore...
Alchemy Eye HTTP Server does not adequately validate user input thereby allowing remote command execution
Overview Alchemy Eye does not properly validate HTTP requests, allowing arbitrary command execution. Description Alchemy Eye includes an HTTP server for remote system monitoring and control. In versions 2.0 through 2.6 of Alchemy Eye, the HTTP server component does not adequately validate HTTP...
CVE-2001-0870
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file...
CVE-2001-0871
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing 1 a .. in versions 2.0 through 2.6.18, or 2 a DOS device name followed by a .. in versions 2.6.19 through 3.0.10...
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker. %NASLMINLEVEL 70300 This script was...
Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing
-----BEGIN PGP SIGNED MESSAGE----- Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com to download NeXposetm, our advanced vulnerability scanner. Linux and Windows 2000 versions are available now! Rapid 7 Advisory R7-0002: Alchemy Eye Remote Unauthenticated Log Viewing Published: November...
Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com to download NeXposetm, our advanced vulnerability scanner. Linux and Windows 2000 versions are available now! Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution Published: November 29,...
CVE-2001-0870
The CVE-2001-0870 issue affects Alchemy Eye and Alchemy Network Monitor versions 1.9x through 2.6.18, whose built-in HTTP server is enabled by default and allows remote, unauthenticated access to view monitoring logs by directly requesting the eye.ini file. The vulnerability enables disclosure of...
CVE-2001-0871
CVE-2001-0871 affects Alchemy Eye and Alchemy Network Monitor’s built-in HTTP server. Versions 2.0–2.6.18 are vulnerable to simple dotdot traversal; versions 2.6.19–3.0.10 are vulnerable to a variant using a DOS device name (e.g., NUL) plus traversal. Successful exploitation allows remote attacke...
CVE-2001-0870
HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through 2.6.18 is enabled without authentication by default, which allows remote attackers to obtain network monitoring logs with potentially sensitive information by directly requesting the eye.ini file...
CVE-2001-0871
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing 1 a .. in versions 2.0 through 2.6.18, or 2 a DOS device name followed by a .. in versions 2.6.19 through 3.0.10...