CVE-2006-0097

CVE-2006-0097 : A stack-based buffer overflow in the create_named_pipe function of libmysql.c affects PHP 4.3.10 and PHP 4.4.x on Windows. An attacker can cause arbitrary code execution by supplying a long host (arg_host) or long arg_unix_socket to mysql_connect, demonstrated by a long named pipe...

Sendmail 8.8.8 - 8.12.7 Double Pipe Access Validation Vulnerability

Sendmail is prone to a double pipe access validation vulnerability. SPDX-FileCopyrightText: 2003 StrongHoldNet Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

In W2K, elevated several attack instances of success or failure experiences-vulnerability and early warning-the black bar safety net

Speaking of the Virus are related to elevation of Privilege issues, the so-called elevation of privilege is the use of the system loopholes to obtain higher Privilege to. For example, you use the General user account to log on to Windows NT/Windows 2 0 0 0, You can only make a limited operation,...

In W2K, elevated several attack instances of success or failure experiences-vulnerability and early warning-the black bar safety net

Speaking of the Virus are related to elevation of Privilege issues, the so-called elevation of privilege is the use of the system loopholes to obtain higher Privilege to. For example, you use the General user account to log on to Windows NT/Windows 2 0 0 0, You can only make a limited operation,...

[SECURITY] [DSA 771-1] New pdns packages fix denial of service

-------------------------------------------------------------------------- Debian Security Advisory DSA 771-1 [email protected] http://www.debian.org/security/ Martin Schulze August 1st, 2005 http://www.debian.org/security/faq -...

CVE-2001-1519

RunAs runas.exe in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service. NOTE: the vendor disputes this issue, saying that administrative privileges are already required to...

CVE-2005-1459

Ethereal (now Wireshark) has multiple remote‑code-execution/denial of service vulnerabilities in its dissectors (WSP, BER, SMB, NDPS, IAX2, RADIUS, TCAP, MRDISC, 802.3 Slow, SMBMailslot, SMB PIPE) prior to version 0.10.11. The CVE set CVE-2005-1456 through CVE-2005-1470 is cited for these issues....

CVE-2005-0051

The Server service srvsvc.dll in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information users who are accessing resources via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."...

security flaw

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

GLSA-200502-03 : enscript: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200502-03 enscript: Multiple vulnerabilities Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames...

MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)

The remote version of Windows contains a flaw that could allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host. C Tenable Network Security, Inc. include"compat.inc";...

CVE-2005-0051

The Server service srvsvc.dll in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information users who are accessing resources via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."...

CVE-2005-0051

CVE-2005-0051 concerns the Windows Server service (srvsvc.dll) on Windows XP SP1/SP2, where an anonymous logon over a named pipe can disclose authentication-related information about users accessing shared resources. The vulnerability enables remote information disclosure without code execution. ...

enscript -- multiple vulnerabilities

Erik Sjölund discovered several issues in enscript: it suffers from several buffer overflows, quotes and shell escape characters are insufficiently sanitized in filenames, and it supported taking input from an arbitrary command pipe, with unwanted side effects...

CVE-2004-1184

CVE-2004-1184 affects enscript (notably version 1.6.3) where EPSF pipe support accepts shell metacharacters, enabling arbitrary command execution by remote attackers or local users. Technical details across OpenVAS/Nessus entries confirm the vulnerability and its association with enscript; remedi...

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

DEBIAN-CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

DEBIAN-CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...