Lucene search
+L

329 matches found

RedHat Linux
RedHat Linux
added 2008/12/15 3:1 p.m.7 views

enscript: "setfilename" special escape buffer overflow

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

7.6CVSS6.4AI score0.08358EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2008/12/15 12:51 p.m.9 views

enscript: "setfilename" special escape buffer overflow

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

7.6CVSS6.4AI score0.08358EPSS
Exploits1References4
OSV
OSV
added 2008/10/23 10:0 p.m.3 views

DEBIAN-CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

7.6CVSS8.3AI score0.08358EPSS
Exploits1References1
OSV
OSV
added 2008/10/23 10:0 p.m.6 views

CVE-2008-3863

Stack-based buffer overflow in the readspecialescape function in src/psgen.c in GNU Enscript 1.6.1 and 1.6.4 beta, when the -e aka special escapes processing option is enabled, allows user-assisted remote attackers to execute arbitrary code via a crafted ASCII file, related to the setfilename...

7.7AI score
Exploits0References32
RedHat Linux
RedHat Linux
added 2008/10/21 3:26 p.m.6 views

ed: Heap-based buffer overflow (arb. code execution)

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

9.3CVSS7.7AI score0.03595EPSS
Exploits0References4
OSV
OSV
added 2008/09/04 6:41 p.m.3 views

DEBIAN-CVE-2008-3916

Heap-based buffer overflow in the stripescapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege...

9.3CVSS8.3AI score0.03595EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/12/15 12:0 a.m.21 views

tnftp -- mget does not check for directory escapes

When downloading a batch of files from an FTP server the mget command does not check for directory escapes. A specially crafted file on the FTP server could then potentially overwrite an existing file of the user...

5CVSS1.9AI score0.00999EPSS
Exploits1References4
Slackware Linux
Slackware Linux
added 2004/05/12 4:54 p.m.50 views

apache

New apache packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix security issues. These include a possible denial-of-service attack as well as the ability to possible pipe shell escapes through Apache's errorlog which could create an exploit if the error log is read in a termina...

7.5CVSS6.5AI score0.11549EPSS
Exploits7
RedHat Linux
RedHat Linux
added 2003/06/18 10:49 a.m.4 views

security flaw

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerabilit...

5CVSS5.8AI score0.17413EPSS
Exploits8References4
Rows per page
Query Builder