13 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-13300
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab CE/EE version 13.3 prior to 13.3.4 was vulnerable to an OAuth authorization scope change without user consent in the middle of the authorization flow...
Linux Distros Unpatched Vulnerability : CVE-2025-21822
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ptp: vmclock: Set driver data before its usage If vmclockptpregister fails during probing,...
Linux Distros Unpatched Vulnerability : CVE-2025-21760
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ndisc: extend RCU protection in ndiscsendskb ndiscsendskb can be called without RTNL or RCU held. Acquire rcureadlock earlier, so that we can use devnetrcu and...
Linux Distros Unpatched Vulnerability : CVE-2024-39330
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Django 5.0 before 5.0.7 and 4.2 before 4.2.14. Derived classes of the django.core.files.storage.Storage base class, when they overrid...
Wing FTP Server "ssh public key"身份验证安全绕过漏洞
BUGTRAQ ID: 48335 Wing FTP服务器是安全的多协议文件服务器FTP, HTTP, FTPS, HTTPS, SFTP,适用于Windows, Linux, Mac OSX和Solaris。 Wing FTP服务器在SSH身份验证的实现上存在安全漏洞,恶意用户可利用此漏洞绕过某些安全限制。 此漏洞源于SSH身份验证机制中的错误,在限制到仅公钥身份验证时,可不顾配置的限制使用密码登录 wftpserve Wing FTP Server 3.8.7 wftpserve Wing FTP Server 3.8.6 wftpserve Wing FTP Server 3.8....
ZABBIX<= 1.8.1 DBcondition函数SQL注入漏洞
BUGTRAQ ID: 39148 CVE ID: CVE-2010-0686 zabbix是一个CS结构的分布式网络监控系统。 Zabbix API使用了include/db.inc.php中定义的DBcondition函数来执行SQL查询中WHERE子句的条件。该函数没有对用户提供数据提供额外的检查: function DBcondition$fieldname, &$array, $notin=false, $string=false global $DB; $condition = ''; ---cut--- $in = $notin?' NOT IN ':' IN ';...
Solaris Update for Simplified Chinese locale 120412-10
Check for the Version of Simplified Chinese locale OpenVAS Vulnerability Test Solaris Update for Simplified Chinese locale 120412-10 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it...
Microsoft Excel富文本值堆溢出漏洞(MS08-014)
BUGTRAQ ID: 28168 CVECAN ID: CVE-2008-0116 Excel是微软Office办公软件家族中的电子表格工具。 Excel在解析BIFF文件格式时存在堆溢出漏洞,成功利用这个漏洞的攻击者可能以当前登录用户的权限执行任意指令。 如果处理了畸形的标签,就可能由用户控制堆分配,在将用户提供的数据拷贝到堆缓冲区时就可以触发这个溢出,覆盖任意内存。 Microsoft Excel Viewer 2003 Microsoft Excel 2003 SP2 Microsoft Excel 2002 SP3 Microsoft Excel 2000 SP3...
[Full-disclosure] Postnuke 0.750 - 0.760rc4 local file inclusion
Product : Postnuke 0.750 http://www.postnuke.com Description: Postnuke 0.750 - 0.760rc4 local file inclusion Severity: High Description =========== Postnuke is Web Content Management System written in PHP and using mysql as database backend. Detail ====== Directory traversal in function pnModFunc...
tcpdump contains buffer overflow vulnerability in ISAKMP "Delete Payload" handling
Overview A vulnerability in tcpdump could allow a remote attacker to cause a denial of service on an affected system. Description The tcpdump tool allows for the inspection of network packets and contains decoders for many standard protocols, including the Internet Security Association and Key...
tcpdump contains vulnerability in RADIUS decoding function print_attr_string() in print-radius.c
Overview tcpdump contains a vulnerability in the way it parses Remote Authentication Dial In User Service RADIUS packets. Description tcpdump is a widely used network sniffer that is capable of decoding RADIUS packets. A vulnerability exists in the way the tcpdump printattrstring function in...
ISC BIND 8 vulnerable to cache poisoning via negative responses
Overview The BIND 8 name server contains a cache poisoning vulnerability that allows attackers to conduct denial-of-service attacks on specific target domains. Description Several versions of the BIND 8 name server are vulnerable to cache poisoning via negative responses. To exploit this...
GNU screen contains buffer overflow
Overview A locally exploitable buffer overflow exists in GNU screen. An exploit is publicly available for this vulnerability. Description The Free Software Foundation describes GNU Screen as follows:Screen is a full-screen window manager that multiplexes a physical terminal between several...