Lucene search
+L

2173 matches found

Tenable Nessus
Tenable Nessus
added 2005/02/14 12:0 a.m.25 views

GLSA-200502-03 : enscript: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200502-03 enscript: Multiple vulnerabilities Erik Sjolund discovered several issues in enscript: it suffers from several buffer overflows CAN-2004-1186, quotes and shell escape characters are insufficiently sanitized in filenames...

7.5CVSS6.1AI score0.04476EPSS
Exploits0References4
Tenable Nessus
Tenable Nessus
added 2005/02/09 12:0 a.m.44 views

MS05-007: Vulnerability in Windows Could Allow Information Disclosure (888302)

The remote version of Windows contains a flaw that could allow an attacker to cause it to disclose information over the use of a named pipe through a NULL session. An attacker may exploit this flaw to gain more knowledge about the remote host. C Tenable Network Security, Inc. include"compat.inc";...

7.5CVSS5.4AI score0.4657EPSS
Exploits0References2
CVE
CVE
added 2005/02/08 5:0 a.m.56 views

CVE-2005-0051

CVE-2005-0051 concerns the Windows Server service (srvsvc.dll) on Windows XP SP1/SP2, where an anonymous logon over a named pipe can disclose authentication-related information about users accessing shared resources. The vulnerability enables remote information disclosure without code execution. ...

7.5CVSS6.2AI score0.4657EPSS
Exploits0References9Affected Software1
Cvelist
Cvelist
added 2005/02/08 5:0 a.m.26 views

CVE-2005-0051

The Server service srvsvc.dll in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information users who are accessing resources via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."...

6.1AI score0.4657EPSS
Exploits0References9
FreeBSD
FreeBSD
added 2005/02/02 12:0 a.m.27 views

enscript -- multiple vulnerabilities

Erik Sjölund discovered several issues in enscript: it suffers from several buffer overflows, quotes and shell escape characters are insufficiently sanitized in filenames, and it supported taking input from an arbitrary command pipe, with unwanted side effects...

7.5CVSS3.5AI score0.04476EPSS
Exploits0References1
CVE
CVE
added 2005/01/29 5:0 a.m.75 views

CVE-2004-1184

CVE-2004-1184 affects enscript (notably version 1.6.3) where EPSF pipe support accepts shell metacharacters, enabling arbitrary command execution by remote attackers or local users. Technical details across OpenVAS/Nessus entries confirm the vulnerability and its association with enscript; remedi...

4.6CVSS7.7AI score0.01181EPSS
Exploits0References16Affected Software2
Debian CVE
Debian CVE
added 2005/01/29 5:0 a.m.36 views

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

4.6CVSS7.1AI score0.01181EPSS
Exploits0
NVD
NVD
added 2005/01/21 5:0 a.m.25 views

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

4.6CVSS7.8AI score0.01181EPSS
Exploits0References16
OSV
OSV
added 2005/01/21 5:0 a.m.3 views

DEBIAN-CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

4.6CVSS7.5AI score0.01181EPSS
Exploits0References1
OSV
OSV
added 2005/01/21 5:0 a.m.10 views

CVE-2004-1184

The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters...

7.2AI score
Exploits0References19
OSV
OSV
added 2005/01/10 5:0 a.m.3 views

DEBIAN-CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service server process crash via a TCP connection that is prematurely terminated...

5CVSS6.7AI score0.02385EPSS
Exploits0References1
NVD
NVD
added 2004/10/20 4:0 a.m.17 views

CVE-2004-0795

DB2 8.1 remote command server DB2RCMD.EXE executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe...

7.2CVSS6.8AI score0.02212EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.28 views

Debian DSA-151-1 : xinetd - pipe exposure

Solar Designer found a vulnerability in xinetd, a replacement for the BSD derived inetd. File descriptors for the signal pipe introduced in version 2.3.4 are leaked into services started from xinetd. The descriptors could be used to talk to xinetd resulting in crashing it entirely. This is usuall...

2.1CVSS5.3AI score0.00371EPSS
Exploits0References2
Cvelist
Cvelist
added 2004/08/20 4:0 a.m.24 views

CVE-2004-0795

DB2 8.1 remote command server DB2RCMD.EXE executes the db2rcmdc.exe program as the db2admin administrator, which allows local users to gain privileges via the DB2REMOTECMD named pipe...

6.8AI score0.02212EPSS
Exploits2References5
Tenable Nessus
Tenable Nessus
added 2004/08/18 12:0 a.m.25 views

Sendmail < 8.12.8 Double Pipe smrsh Bypass Overflow

Binary data 2039.prm...

10CVSS7.3AI score0.72202EPSS
Exploits3References2
securityvulns
securityvulns
added 2004/06/11 12:0 a.m.33 views

HP-UX FTP code execution

It's possiblt to execute application on server by specifing '|' in filename...

1.9AI score
Exploits0References1Affected Software1
NVD
NVD
added 2003/08/27 4:0 a.m.30 views

CVE-2003-0230

Microsoft SQL Server 7, 2000, and MSDE allows local users to gain privileges by hijacking a named pipe during the authentication of another user, aka the "Named Pipe Hijacking" vulnerability...

7.2CVSS7AI score0.02262EPSS
Exploits0References3
NVD
NVD
added 2003/08/27 4:0 a.m.24 views

CVE-2003-0231

Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenticated users to cause a denial of service crash or hang via a long request to a named pipe...

5CVSS6.6AI score0.36179EPSS
Exploits0References4
NVD
NVD
added 2003/08/18 4:0 a.m.19 views

CVE-2003-0496

Microsoft SQL Server before Windows 2000 SP4 allows local users to gain privileges as the SQL Server user by calling the xpfileexist extended stored procedure with a named pipe as an argument instead of a normal file...

7.2CVSS6.5AI score0.04858EPSS
Exploits7References4
VulnCheck KEV
VulnCheck KEV
added 2003/08/01 12:0 a.m.4 views

VulnCheck KEV: CVE-2003-0605

The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service crash, and local attackers to use the DoS to hijack the epmapper pipe to gain privileges, via certain messages to the RemoteGetClassObject interface that cause a NULL pointer to be passed...

7.5CVSS5.8AI score0.60799EPSS
Exploits1References1
Rows per page
Query Builder