1428 matches found
GLSA-200402-02 : XFree86 Font Information File Buffer Overflow
The remote host is affected by the vulnerability described in GLSA-200402-02 XFree86 Font Information File Buffer Overflow Exploitation of a buffer overflow in The XFree86 Window System discovered by iDefence allows local attackers to gain root privileges. The problem exists in the parsing of the...
Sendmail 'decode' Alias Arbitrary File Overwrite
Binary data 2026.prm...
OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SCO Security Advisory Subject: OpenServer 5.0.6 OpenServer 5.0.7 : Xsco contains a buffer overflow that could be exploited to gain root privileges. Advisory number: SCOSA-2004.3 Issue date: 2004 July 29 Cross reference: sr889371 fz528866 erg712547...
CVE-2004-0084
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias font.alias file, a different vulnerability than CVE-2004-0083 and...
CVE-2004-0084
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias font.alias file, a different vulnerability than CVE-2004-0083 and...
CVE-2004-0083
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file font.alias with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106...
security flaw
Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 through 4.3.0 allows local users and remote attackers to execute arbitrary code via a font alias file font.alias with a long token, a different vulnerability than CVE-2004-0084 and CVE-2004-0106...
security flaw
Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3.0, when using the CopyISOLatin1Lowered function, allows local or remote authenticated users to execute arbitrary code via a malformed entry in the font alias font.alias file, a different vulnerability than CVE-2004-0083 and...
Important: Red Hat Security Advisory: : Updated XFree86 packages fix privilege escalation vulnerability
Updated XFree86 packages that fix a privilege escalation vulnerability are now available. XFree86 is an implementation of the X Window System, providing the core graphical user interface and video drivers. iDefense discovered two buffer overflows in the parsing of the 'font.alias' file. A local...
XFree86 4.x - CopyISOLatin1Lowered Font_Name Buffer Overflow
XFree86 4.x - CopyISOLatin1Lowered FontName Buffer Overflow source: https://www.securityfocus.com/bid/9652/info It has been reported that the XFree86 X Windows system is prone to a local buffer overflow vulnerability. The issue arises from improper bounds checking when parsing the 'font.alias'...
XFree font.alias buffer overflow
buffer overflow on oversized font name...
Buffer overflows in XFree86 servers
A number of buffer overflows were recently discovered in XFree86, prompted by initial discoveries by iDEFENSE. These buffer overflows are present in the font alias handling. An attacker with authenticated access to a running X server may exploit these vulnerabilities to obtain root privileges on...
CVE-2002-2344
Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail intended for other users by defining an alias that is the target's email address...
DEBIAN-CVE-2002-1827
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the 1 alias, 2 map, 3 statistics, and 4 pid files...
Oracle 9iAS allows access to CGI script source code within CGI-BIN directory
Overview Oracle 9i Application Server 9iAS allows remote anonymous users to view source code in CGI scripts stored in the Apache cgi-bin. Attackers may analyze these scripts to discover usernames, passwords, or other proprietary data or methods. Description The default Apache configuration file i...
CVE-2001-1211
Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the 1 aliasadmin or 2 listadm1 CGI programs, which do not properly verify that an administrator is the...
CVE-2001-0301
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings...
Apache Httpd < 1.3.14 : Mass virtual hosting can display CGI source
A security problem for users of the mass virtual hosting module, modvhostalias, causes the source to a CGI to be sent if the cgi-bin directory is under the document root. However, it is not normal to have your cgi-bin directory under a document root...
CVE-1999-0565
CVE-1999-0565 affects Sendmail: a mail alias can cause input to be piped to an external program, enabling potential command execution. Documents confirm the issue but do not specify affected versions or a fix; one PT-security entry notes no information about a newer version containing a patch. No...
[SECURITY] New version of sendmail-wide released
The version of sendmail-wide that was distributed with Debian GNU/Linux 2.1 has a slight problem in the code to regenerate the aliases database. Sendmail allowed any user to run sendmail with the -bi option to reinitialize the aliases database. The user could then interrupt sendmail and leave the...