Lucene search
K

617 matches found

Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.26 views

Debian DSA-504-1 : heimdal - missing input sanitising

Evgeny Demidov discovered a potential buffer overflow in a Kerberos 4 component of heimdal, a free implementation of Kerberos 5. The problem is present in kadmind, a server for administrative access to the Kerberos database. This problem could perhaps be exploited to cause the daemon to read a...

10CVSS5.7AI score0.07159EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.18 views

Debian DSA-247-1 : courier-ssl - missing input sanitizing

The developers of courier, an integrated user side mail server, discovered a problem in the PostgreSQL auth module. Not all potentially malicious characters were sanitized before the username was passed to the PostgreSQL engine. An attacker could inject arbitrary SQL commands and queries exploiti...

7.5CVSS5.8AI score0.0123EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2004/09/29 12:0 a.m.30 views

Debian DSA-496-1 : eterm - missing input sanitising

H.D. Moore discovered several terminal emulator security issues. One of them covers escape codes that are interpreted by the terminal emulator. This could be exploited by an attacker to insert malicious commands hidden for the user, who has to hit enter to continue, which would also execute the...

7.5CVSS5.5AI score0.01944EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2004/08/20 12:0 a.m.16 views

Fedora Core 1 : rsync-2.5.7-5.fc1.1 (2004-268)

This update backports a security fix to a path-sanitizing flaw that affects rsync when it is used in daemon mode without also using chroot. For more information see http://samba.org/rsync/securityaug04 Note that Tenable Network Security has extracted the preceding description block directly from...

5.5AI score
Exploits0References2
OSV
OSV
added 2004/08/17 12:0 a.m.21 views

DSA-538 rsync - unauthorised directory traversal and file access

Bulletin has no description...

6.4CVSS6AI score0.02317EPSS
Exploits0
securityvulns
securityvulns
added 2004/08/17 12:0 a.m.27 views

August 2004 Security Advisory

August 2004 Security Advisory August 12th, 2004 Background There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. It does NOT affect the normal send/receive filenames that specify what files should be transferred this i...

2.1AI score
Exploits0
FreeBSD
FreeBSD
added 2004/08/12 12:0 a.m.35 views

rsync -- path sanitizing vulnerability

An rsync security advisory reports: There is a path-sanitizing bug that affects daemon mode in all recent rsync versions including 2.6.2 but only if chroot is disabled. The bug may allow a remote user to access files outside of an rsync module's configured path with the privileges configured for...

6.4CVSS6.4AI score0.02317EPSS
Exploits0References4
Exploit DB
Exploit DB
added 2004/06/14 12:0 a.m.28 views

Virtual Programming VP-ASP Shoperror Script 4/5 - Cross-Site Scripting

source: https://www.securityfocus.com/bid/10534/info A vulnerability exists in the software that may allow a remote user to launch cross-site scripting attacks. The problem is reported to exist due to improper sanitizing of user-supplied data in the 'shoperror.asp' script. An attacker can exploit...

7.4AI score
Exploits0
Debian
Debian
added 2004/04/29 10:30 a.m.35 views

[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 496-1 [email protected] http://www.debian.org/security/ Martin Schulze April 29th, 2004 http://www.debian.org/security/faq -...

7.5CVSS0.8AI score0.01944EPSS
Exploits0
Debian
Debian
added 2004/03/29 1:44 p.m.22 views

[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 469-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2004 http://www.debian.org/security/faq -...

7.5CVSS0.4AI score0.01467EPSS
Exploits0
Debian
Debian
added 2004/03/29 1:44 p.m.18 views

[SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 469-1 [email protected] http://www.debian.org/security/ Martin Schulze March 29th, 2004 http://www.debian.org/security/faq -...

7.5CVSS6.5AI score0.01467EPSS
Exploits0
exploitpack
exploitpack
added 2004/03/22 12:0 a.m.18 views

Invision Power Top Site List 1.01.1 - id SQL Injection

Invision Power Top Site List 1.01.1 - id SQL Injection source: https://www.securityfocus.com/bid/9945/info It has been reported that Top Site List may be prone to an SQL injection vulnerability that may allow remote attackers to pass malicious input to database queries, resulting in modification ...

Exploits0
Debian
Debian
added 2004/01/09 8:39 a.m.17 views

[SECURITY] [DSA 419-1] New phpgroupware packages fix unintended PHP execution and SQL injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 419-1 [email protected] http://www.debian.org/security/ Martin Schulze January 9th, 2003 http://www.debian.org/security/faq -...

7.3AI score
Exploits0
OSV
OSV
added 2004/01/09 12:0 a.m.14 views

DSA-419 phpgroupware - missing filename sanitising, SQL injection

Bulletin has no description...

7.5CVSS6.1AI score0.0159EPSS
Exploits0
Debian
Debian
added 2003/03/19 2:10 p.m.14 views

[SECURITY] [DSA 264-1] New lxr packages fix information disclosure

-------------------------------------------------------------------------- Debian Security Advisory DSA 264-1 [email protected] http://www.debian.org/security/ Martin Schulze March 19th, 2003 http://www.debian.org/security/faq -...

0.3AI score
Exploits0
Debian
Debian
added 2003/01/30 2:46 p.m.34 views

[SECURITY] [DSA 247-1] New courier packages fix SQL injection

-------------------------------------------------------------------------- Debian Security Advisory DSA 247-1 [email protected] http://www.debian.org/security/ Martin Schulze January 30th, 2003 http://www.debian.org/security/faq -...

7.5CVSS6.8AI score0.0123EPSS
Exploits0
OSV
OSV
added 2003/01/30 12:0 a.m.16 views

DSA-247 courier-ssl - missing input sanitizing

Bulletin has no description...

7.5CVSS6.2AI score0.0123EPSS
Exploits0
Rows per page
Query Builder