EUVD-2002-0508

Malware in sbrugna...

EUVD-2002-0752

Malware in sbrugna...

EUVD-2002-0753

Malware in sbrugna...

EUVD-2002-0751

Malware in sbrugna...

EUVD-2000-0191

Malware in sbrugna...

EUVD-2001-0833

Malware in sbrugna...

EUVD-2002-0507

Malware in sbrugna...

SGI IRIX 3/4/5/6,OpenLinux 1.0/1.1 routed traceon Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2658/info routed is a daemon used to dynamically update network routing tables. Certain operating systems including IRIX 3.x up to 6.4 inclusive, Caldera OpenLinux 1.0 and 1.1 contain a routed version which allows attacke...

Caldera OpenLinux 2.3 rpm_query CGI Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1036/info A vulnerability exists in the default installation of Caldera OpenLinux 2.3. A CGI is installed in /home/httpd/cgi-bin/ names rpmquery. Any user can run this CGI and obtain a listing of the packages, and version...

LPRng use_syslog Remote Format String Vulnerability

No description provided by source. $Id: lprngformatstring.rb 9666 2010-07-03 01:09:32Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms o...

RedHat Linux <= 5.1,Caldera OpenLinux Standard 1.2 Mountd Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/121/info NFS servers running certain implementations of mountd, primarily Linux systems. On some systems, the vulnerable NFS server is enabled by default. This vulnerability can be exploited even if the NFS server does no...

CUPS '_cupsImageReadTIFF()'整数溢出漏洞

BUGTRAQ ID: 34571 CVE ID：CVE-2009-0163 CNCVE ID：CNCVE-20090163 Common Unix Printing SystemCUPS是一款通用Unix打印系统，是Unix环境下的跨平台打印解决方案，基于Internet打印协议，提供大多数PostScript和raster打印机服务。 CUPS处理TIFF图像存在整数溢出，远程攻击者可以利用漏洞以应用程序权限执行任意指令。...

Python 'Imageop'模块参数验证缓冲区溢出漏洞

BUGTRAQ ID: 31932 CNCAN ID：CNCAN-2008102806 Python是一款开放源代码的脚本编程语言。 Python 'Imageop'模块的不正确参数验证，远程攻击者可以利用漏洞进行缓冲区溢出而触发segfault错误。 目前没有详细漏洞细节提供，可能导致任意代码执行。 Python Software Foundation Python 2.5.2 Python Software Foundation Python 2.5.1 Python Software Foundation Python 2.4.5 Python Software Foundatio...

Apache Tomcat 'RemoteFilterValve'安全绕过漏洞

BUGTRAQ ID: 31698 CVE ID：CVE-2008-3271 CNCVE ID：CNCVE-20083271 Apache Tomcat是一款流行的开放源码的JSP应用服务器程序。 Apache Tomcat处理'RemoteFilterValve'扩展存在安全绕过问题，远程攻击者可以利用漏洞绕过访问限制，获得敏感信息。 在使用RemoteAddrValve允许部分地址访问引擎时： Valve className="org.apache.catalina.valves.RemoteAddrValve" allow="a.b.c.d"/...

PHP会话数据反序列化代码执行漏洞

PHP是一款广泛使用的WEB开发脚本语言。 PHP会话数据反序列化存在问题，远程攻击者可利用此漏洞以应用程序权限执行任意指令。 当registerglobals激活时，会话数据反序列化可以覆盖任意全局变量，包括SESSION数组。特殊的实现可导致任意代码执行。 PHP PHP 5.1.6 PHP PHP 5.1.5 PHP PHP 5.1.4 PHP PHP 5.1.3 PHP PHP 5.1.3 PHP PHP 5.1.2 PHP PHP 5.1.1 PHP PHP 5.1 PHP PHP 5.0.5 PHP PHP 5.0.4 PHP PHP 5.0.3 + Trustix Secu...

Fetchmail多个密码信息泄露漏洞

Fetchmail是一款多功能的IMAP和POP客户程序。 Fetchmail存在设计问题，远程攻击者可以利用漏洞可能获得用户密码敏感信息。 具体问题如下： -sslcertck/sslfingerprint选项本来必须应用到"sslproto tls1"来迫使使用TLS协商，但程序没有。 -在配置文件中即使使用"sslproto tls1"，但如果STLS/STARTTLS没有使用，获取邮件也是明文过程。 -无论TLS选项是否采用，POP3的抓取完全忽略TLS，因为在检查STLS支持前没有可靠的发送CAPA，而CAPA是STLS所必须的。无论CAPA是否检测到，依靠的是"auth"选项...

PHP Apache 2 本地拒绝服务漏洞

'sapiapache2.c', 这个问题最终会影响PHP的5.1.0和4.4.1之前版本 Ubuntu Ubuntu Linux 5.10 powerpc Ubuntu Ubuntu Linux 5.10 i386 Ubuntu Ubuntu Linux 5.10 amd64 Ubuntu Ubuntu Linux 5.0 4 powerpc Ubuntu Ubuntu Linux 5.0 4 i386 Ubuntu Ubuntu Linux 5.0 4 amd64 Trustix Secure Linux 3.0 Trustix Secure Linux 2.2 Trustix...

CVE-2003-0658

The CVE-2003-0658 issue affects Docview prior to 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, and OpenServer 5.0.7, where Apache is misconfigured to allow remote attackers to read arbitrary publicly readable files via a specific URL (likely related to rewrite rules). The PT security document...

CVE-2002-0512

The CVE-2002-0512 entry describes a local privilege escalation in KDE’s startkde (Caldera OpenLinux 2.3–3.1.1). The root cause is that LD_LIBRARY_PATH is set to include the current working directory, allowing a local attacker to influence loaded libraries (Trojan horse libraries) and potentially ...

CVE-2002-0761

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended...