CAN-2005-0095

CVE-2005-0095 affects Squid: a vulnerability in the Web Cache Communication Protocol (WCCP) message parsing can trigger a memory access exception, potentially causing a denial-of-service. Exploitation is described as using a specially crafted WCCP I_SEE_YOU message to crash the Squid process. Rem...

CAN-2005-0071

The CVE-2005-0071 entry applies to Video Disk Recorder (VDR) prior to version 1.2.6. The vulnerability is that VDR did not securely create files, allowing a local attacker to overwrite arbitrary files via insecure file handling. Public records (OSV OSV-) summarize: vdr before 1.2.6 does not secur...

CAN-2004-1379

The CVE CAN-2004-1379 describes a heap overflow in the DVD subpicture decoder of xine-lib (CVE-2004-1379). Public reports in Debian and OpenVAS indicate this could allow remote code execution by handling a malicious MPEG, with Debian noting the issue affects xine-lib and providing fixed packages ...

CAN-2005-0089

CVE-2005-0089 is reflected in multiple OpenVAS entries tied to Python updates across Linux distributions (Debian DSA-666-1, Gentoo GLSA 200502-09, SLES9 security updates, FreeBSD ports, Ubuntu USN-73-1). Descriptions indicate the remote host requires updates to Python packages; CVSS base score is...

CAN-2004-1120

The CVE CAN-2004-1120 applies to prozilla (a multi-threaded download accelerator). Multiple buffer overflow flaws could be triggered remotely to execute arbitrary code. Public advisories (e.g., Debian DSA-663-1) document remote code execution via these overflows and list fixed versions: prozilla ...

CAN-1999-1572

CVE-1999-1572 is a historic issue in GNU cpio where using the -O option sets a 0 umask, creating output files with mode 0666 (world-readable/writable). Connected advisories across Debian, RHEL, Ubuntu, CentOS, Gentoo, and others confirm the impact on cpio packages and reference CVE-1999-1572 (wit...

CAN-2005-0159

CVE-2005-0159 affects the Debian toolchain-source package (tpkg-* scripts) where insecure temporary file usage allows a local attacker to overwrite arbitrary files via a symlink attack. The Debian security advisories (DSA-679-1) document that the fix is available in toolchain-source versions 3.0....

CAN-2004-1180

CVE-2004-1180 affects the rwhod daemon in netkit-rwho on little-endian architectures, with a remote denial-of-service possible due to missing input validation in versions before 0.17. The Debian DSA mentions fixed releases (0.17-4woody2 for woody and 0.17-8 for sid); other OpenVAS/NASL entries co...

CAN-2005-0448

CVE-2005-0448 is a race condition in Perl's File::Path::rmtree that could allow a local user to create setuid binaries or delete arbitrary files via a symlink attack. Connected advisories confirm this issue as the original rmtree race (not a remote exploit) and note it has been reintroduced in ce...

CAN-2005-0205

CVE-2005-0205 is a local privilege issue in KDE’s kppp component within the kdenetwork package. The vulnerability stems from a design flaw where kppp leaks privileged file descriptors before exec, allowing a local attacker to read/write privileged descriptors and subsequently modify /etc/hosts or...

CAN-2005-0073

CVE-2005-0073: A buffer overflow in queue.c in sympa 3.3.3 (when running setuid) can allow a local user to execute arbitrary code. Public references describe this as a local privilege escalation vulnerability in Sympa; affected releases include sympa prior to 4.1.3. Mitigation in the cited OpenVA...

CAN-2005-0085

CVE-2005-0085 relates to a cross-site scripting vulnerability in htdig that can be exploited remotely. Public records in connected documents show multiple advisories across distros: Debian: DSA-680-1 and a corresponding Debian security advisory entry for htdig. SUSE: exists as a security update f...

CAN-2005-0100

The connected documents tie CVE-2005-0100 to Emacs across multiple advisories (Debian DSA-671-1, SLES9 Emacs update, Gentoo GLSA 200502-20, FreeBSD ports, Gentoo/Debian entries in OpenVAS). They provide CVSS context (base 7.5, vector AV:N/AC:L/Au:N/C:P/I:P/A:P) in OpenVAS entries, and mention upd...

CAN-2005-0363

CVE-2005-0363 affects AWStats (notably versions AWStats 4.0 and 6.2) where remote attackers can execute arbitrary commands via shell metacharacters in the config parameter, due to inadequate input sanitisation. The issue is a CGI/plugin input handling problem in AWStats, enabling remote command e...

CAN-2005-0107

The CVE-2005-0107 issue affects bsmtpd (a batched SMTP mailer used with sendmail/postfix) where 2.3 and earlier do not properly sanitize e-mail addresses, allowing remote command execution. Public advisories (e.g., Debian DSA-690-1) note remote exploitation and provide fixed packages (e.g., bsmtp...

CAN-2005-0099

CVE-2005-0099 concerns the SDL port of Abuse (abuse-SDL). The advisory detail shows that abuse-SDL before version 2.00 does not drop privileges when creating certain files, allowing local users to create or overwrite arbitrary files. Affected context includes Debian (DSA-691-1) and SUSE entries t...

CAN-2005-0152

CVE-2005-0152 concerns SquirrelMail 1.2.6. The vulnerability allows remote code execution through URL manipulation, by exploiting an unsanitised input/URL handling, enabling arbitrary code execution with typical web server privileges (e.g., www-data). This is a remote, client-side input handling ...

CAN-2005-2240

CVE-2005-2240 affects xpvm (Graphical console for PVM); xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. Debian and OSV/OpenVAS entries confirm the vulnerability; fixes exist in xpvm 1.2.5-7.3sarge1 (and 1.2.5-7.2w...

CAN-2005-0390

CVE-2005-0390 corresponds to a buffer overflow in Axel (an HTTP/HTTPS download accelerator). The connected documents clearly describe a vulnerability in Axel before version 1.0b where the program’s handling of remote input (specifically in the HTTP redirection/conn.c path) can overflow a buffer a...

CAN-2005-0386

CAN-2005-0386 corresponds to a cross-site scripting (XSS) vulnerability in mailreader, reported as a remote issue that affects displaying messages with MIME types text/enriched or text/richtext. Public sources in the connected set identify mailreader before version 2.3.29 as vulnerable, with succ...