Lucene search
K

156 matches found

Tenable Nessus
Tenable Nessus
added 2007/11/10 12:0 a.m.25 views

Ubuntu 6.06 LTS / 6.10 / 7.04 : tar vulnerability (USN-506-1)

Dmitry V. Levin discovered that tar did not correctly detect the '..' file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges. Note that Tenable Network Security...

6.8CVSS7.2AI score0.02743EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2007/08/23 12:0 a.m.37 views

gtar -- Directory traversal vulnerability

Red Hat reports: A path traversal flaw was discovered in the way GNU tar extracted archives. A malicious user could create a tar archive that could write to arbitrary files to which the user running GNU tar had write access. Red Hat credits Dmitry V. Levin for reporting the issue...

6.8CVSS7.5AI score0.02743EPSS
Exploits1References2
NVD
NVD
added 2006/11/08 11:7 p.m.14 views

CVE-2006-5816

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder BCWB 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the rootpathadmin parameter to 1 /include/startup.inc.php, 2 dcontent/default.css.php, or 3 system/default.css.php, different...

7.5CVSS7.5AI score0.01373EPSS
Exploits0References3
Cvelist
Cvelist
added 2006/11/08 11:0 p.m.21 views

CVE-2006-5816

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko Business Card Web Builder BCWB 2.5 allow remote attackers to execute arbitrary PHP code via a URL in the rootpathadmin parameter to 1 /include/startup.inc.php, 2 dcontent/default.css.php, or 3 system/default.css.php, different...

7.5AI score0.01373EPSS
Exploits0References3
CVE
CVE
added 2006/11/08 11:0 p.m.44 views

CVE-2006-5816

Technical details about CVE-2006-5816 are not publicly available in the provided Connected documents. The initial description notes PHP remote file inclusion via root_path_admin to specific files, but no further specifics are provided here. Monitor for updates.

7.5CVSS7.6AI score0.01373EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2006/08/10 12:4 a.m.10 views

CVE-2006-4062

PHP remote file inclusion vulnerability in usr/extensions/gettree.inc.php in Dmitry Sheiko SAPID Shop 1.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the GLOBALSrootpath parameter...

5.1CVSS7.6AI score0.03776EPSS
Exploits0References4
NVD
NVD
added 2006/08/10 12:4 a.m.14 views

CVE-2006-4065

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath parameter to a usr/extensions/getcalendar.inc.php or the 2 GLOBALSrootpath parameter to b usr/extensions/gettree.inc.p...

5.1CVSS7.7AI score0.02375EPSS
Exploits1References4
Cvelist
Cvelist
added 2006/08/10 12:0 a.m.15 views

CVE-2006-4065

Multiple PHP remote file inclusion vulnerabilities in Dmitry Sheiko SAPID Gallery 1.0 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the 1 rootpath parameter to a usr/extensions/getcalendar.inc.php or the 2 GLOBALSrootpath parameter to b usr/extensions/gettree.inc.p...

7.7AI score0.02375EPSS
Exploits1References4
CVE
CVE
added 2006/08/10 12:0 a.m.43 views

CVE-2006-4065

CVE-2006-4065 concerns PHP remote file inclusion in Dmitry Sheiko SAPID Gallery 1.0 and earlier. Vulnerability arises when an attacker crafts a URL parameter to cause inclusion of arbitrary PHP code: (1) root_path to usr/extensions/get_calendar.inc.php or (2) GLOBALS[root_path] to usr/extensions/...

5.1CVSS8AI score0.02375EPSS
Exploits1References4Affected Software1
CVE
CVE
added 2006/08/10 12:0 a.m.41 views

CVE-2006-4062

CVE-2006-4062 affects Dmitry Sheiko SAPID Shop 1.2 and earlier. The vulnerability is a PHP remote file inclusion in usr/extensions/get_tree.inc.php that allows an attacker to execute arbitrary PHP code via a URL supplied to GLOBALS[root_path]. The provided documents identify the vulnerable compon...

5.1CVSS8AI score0.03776EPSS
Exploits0References4Affected Software1
ALT Linux
ALT Linux
added 2005/10/11 12:0 a.m.33 views

Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt3

Oct. 11, 2005 Dmitry V. Levin 0.9.7g-alt3 - Applied upstream fix for potential SSL 2.0 rollback during SSL handshake CAN-2005-2969...

5CVSS7AI score0.04866EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.41 views

Slackware 9.1 / current : utempter security update (SSA:2004-110-01)

New utempter packages are available for Slackware 9.1 and -current to fix a security issue. Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue The utempter package provides a utility and shared library...

2.1CVSS5.3AI score0.01095EPSS
Exploits1References2
ALT Linux
ALT Linux
added 2005/06/21 12:0 a.m.23 views

Security fix for the ALT Linux 6 package sudo version 1:1.6.7p5-alt5

June 21, 2005 Dmitry V. Levin 1:1.6.7p5-alt5 - Backported upstream fix so a sudoers entry with sudo ALL no longer overwrites the value of safecmnd CAN-2005-1993...

3.7CVSS6.1AI score0.00397EPSS
Exploits0
Ubuntu
Ubuntu
added 2005/01/07 2:37 a.m.72 views

USN-54-1: TIFF library tool vulnerability

Dmitry V. Levin discovered a buffer overflow in the "tiffdump" utility. If an attacker tricked a user into processing a malicious TIFF image with tiffdump, they could cause a buffer overflow which at least causes the program to crash. However, it is not entirely clear whether this can be exploite...

5.1CVSS6.4AI score0.03876EPSS
Exploits0
FreeBSD
FreeBSD
added 2005/01/06 12:0 a.m.28 views

tiff -- tiffdump integer overflow vulnerability

Dmitry V. Levin found a potential integer overflow in the tiffdump utility which could lead to execution of arbitrary code. This could be exploited by tricking an user into executing tiffdump on a specially crafted tiff image...

5.1CVSS4.2AI score0.03876EPSS
Exploits0
Slackware Linux
Slackware Linux
added 2004/04/19 2:18 p.m.29 views

utempter security update

New utempter packages are available for Slackware 9.1 and -current to fix a security issue. Slackware 9.1 was the first version of Slackware to use the libutempter library, and earlier versions of Slackware are not affected by this issue The utempter package provides a utility and shared library...

2.1CVSS6.2AI score0.01095EPSS
Exploits1
Rows per page
Query Builder