Lucene search
K

1292 matches found

Vulnrichment
Vulnrichment
added 2005/07/14 4:0 a.m.18 views

CVE-2002-2024

Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...

6.8AI score0.01924EPSS
Exploits0References3
CVE
CVE
added 2005/07/14 4:0 a.m.57 views

CVE-2002-2024

Horde IMP 2.2.7 is affected. The issue allows remote attackers to obtain the full web root pathname by requesting specific files (poppassd.php3, login.php3?reason=chpass2, spelling.php3, ldap.search.php3?ldap_serv=nonsense), with error messages leaking the information. Impact is information discl...

5.3CVSS6.9AI score0.01924EPSS
Exploits0References3Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/07/13 12:0 a.m.30 views

FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)

Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...

4.6CVSS5.7AI score0.01315EPSS
Exploits2References3
Debian
Debian
added 2005/07/08 1:16 a.m.30 views

[SECURITY] [DSA 735-2] New sudo packages fix pathname validation race

------------------------------------------------------------------------ Debian Security Advisory DSA 735-2 [email protected] http://www.debian.org/security/ Michael Stone July 07, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

3.7CVSS0.3AI score0.00397EPSS
Exploits0
Debian
Debian
added 2005/07/08 1:16 a.m.21 views

[SECURITY] [DSA 735-2] New sudo packages fix pathname validation race

------------------------------------------------------------------------ Debian Security Advisory DSA 735-2 [email protected] http://www.debian.org/security/ Michael Stone July 07, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

3.7CVSS6.1AI score0.00397EPSS
Exploits0
OSV
OSV
added 2005/07/08 12:0 a.m.12 views

DSA-735-2 sudo - pathname validation race

Bulletin has no description...

3.7CVSS6.2AI score0.00397EPSS
Exploits0
OSV
OSV
added 2005/07/06 4:0 a.m.1 views

DEBIAN-CVE-2005-2147

Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...

6.4CVSS6.8AI score0.01417EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2005/07/05 12:0 a.m.21 views

Debian DSA-735-1 : sudo - pathname validation race

A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file. ...

3.7CVSS5.6AI score0.00397EPSS
Exploits0References3
exploitpack
exploitpack
added 2005/07/04 12:0 a.m.9 views

Sudo 1.3.1 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation

Sudo 1.3.1 1.6.8p OpenBSD - Pathname Validation Privilege Escalation include include include include include define SUDO "/usr/bin/sudo" ifdef BUFSIZ undef BUFSIZ define BUFSIZ 128 endif / ANY MODIFIED REPUBLISHING IS RESTRICTED OpenBSD sudo 1.3.1 - 1.6.8p local root exploit Tested under OpenBSD...

0.8AI score
Exploits0
0day.today
0day.today
added 2005/07/04 12:0 a.m.22 views

Sudo 1.3.1 - 1.6.8p Pathname Validation Local Root Exploit (openbsd)

Exploit for bsd platform in category local exploits ==================================================================== Sudo 1.3.1 - 1.6.8p Pathname Validation Local Root Exploit openbsd ==================================================================== include include include include include...

6.8AI score
Exploits0
Exploit DB
Exploit DB
added 2005/07/04 12:0 a.m.55 views

Sudo 1.3.1 < 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation

include include include include include define SUDO "/usr/bin/sudo" ifdef BUFSIZ undef BUFSIZ define BUFSIZ 128 endif / ANY MODIFIED REPUBLISHING IS RESTRICTED OpenBSD sudo 1.3.1 - 1.6.8p local root exploit Tested under OpenBSD 3.6 sudo 1.6.7p5 Vuln by OpenBSD errata,...

7.4AI score
Exploits0
Debian
Debian
added 2005/07/01 1:42 a.m.29 views

[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race

------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

3.7CVSS0.3AI score0.00397EPSS
Exploits0
Debian
Debian
added 2005/07/01 1:42 a.m.30 views

[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race

------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...

3.7CVSS6.1AI score0.00397EPSS
Exploits0
OSV
OSV
added 2005/07/01 12:0 a.m.9 views

DSA-735-1 sudo - pathname validation race

Bulletin has no description...

3.7CVSS6.2AI score0.00397EPSS
Exploits0
Cvelist
Cvelist
added 2005/06/28 4:0 a.m.20 views

CVE-2002-1913

phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable...

6.6AI score0.01531EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2005/06/20 12:0 a.m.17 views

sudo -- local race condition vulnerability

Todd C. Miller reports: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands. Exploitation of the bug requires that the user be allowed to run one or more commands via Sudo and be able to create...

3.7CVSS6.7AI score0.00397EPSS
Exploits0References1
Cvelist
Cvelist
added 2005/05/03 4:0 a.m.19 views

CVE-2005-1420

Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" hex-encoded space...

6.7AI score0.01306EPSS
Exploits1References2
CVE
CVE
added 2005/05/03 4:0 a.m.43 views

CVE-2005-1420

CVE-2005-1420 affects Raysoft/Raybase Video Cam Server 1.0.0 beta. The vulnerability is an information disclosure where remote attackers can determine the full server pathname by requesting an invalid page using a hex-encoded space ("%20"). The provided documents do not specify exploit details be...

5CVSS7.1AI score0.01306EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2005/05/03 4:0 a.m.20 views

CVE-2005-1420

Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" hex-encoded space...

5CVSS6.7AI score0.01306EPSS
Exploits1References2
NVD
NVD
added 2005/05/02 4:0 a.m.14 views

CVE-2005-1355

includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801...

5CVSS6.5AI score0.01194EPSS
Exploits0References1
Rows per page
Query Builder