CVE-2011-0281

The unparse implementation in the Key Distribution Center KDC in MIT Kerberos 5 aka krb5 1.6.x through 1.9, when an LDAP backend is used, allows remote attackers to cause a denial of service file descriptor exhaustion and daemon hang via a principal name that triggers use of a backslash escape...

ProFTPD Telnet IAC buffer overflow

Added: 01/21/2011 CVE: CVE-2010-4221 BID: 44562 OSVDB: 68985 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNETIAC escape sequence to the FTP...

ProFTPD Telnet IAC buffer overflow

Added: 01/21/2011 CVE: CVE-2010-4221 BID: 44562 OSVDB: 68985 Background ProFTPD is free FTP Server software for Unix and Linux platforms. Problem A buffer overflow vulnerability in ProFTPD allows remote attackers to execute arbitrary commands by sending a TELNETIAC escape sequence to the FTP...

Design/Logic Flaw

Ruby Version Manager RVM before 1.2.1 writes file contents to a terminal without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via a crafted file, related to an "escape sequence injection vulnerability." NOTE: some of these details are...

Ruby Version Manager escape sequence injection vulnerability

Overview Ruby Version Manager contains an escape sequence injection vulnerability. Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As...

JVN#30414126: Ruby Version Manager escape sequence injection vulnerability

Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escap...

CVE-2011-0473

Removed by vendor...

kernel: unix socket local dos

The waitforunixgc function in net/unix/garbage.c in the Linux kernel before 2.6.37-rc3-next-20101125 does not properly select times for garbage collection of inflight sockets, which allows local users to cause a denial of service system hang via crafted use of the socketpair and sendmsg system...

CVE-2009-5033

IBM Lotus Notes Traveler before 8.5.0.2 does not properly handle a " " argument sequence for a certain tell command, which allows remote authenticated users to obtain access to other users' data via a sync operation, related to storage of the data of multiple users within the same thread...

UBUNTU-CVE-2010-3821

WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, does not properly handle the :first-letter pseudo-element in a Cascading Style Sheets CSS token sequence, which allows remote attackers to execute arbitrary code or cause a denial of...

ProFTPD security vulnerabilities

Buffer overflow on TELNETIAC ESC-sequence parsing. Directory traversal by creating symlinks with modsitemisc module...

proftpd -- remote code execution vulnerability

Tippingpoint reports: This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of ProFTPD. Authentication is not required to exploit this vulnerability. The flaw exists within the proftpd server component which listens by default on TCP port 21. When readin...

DEBIAN-CVE-2010-2956

Sudo 1.7.0 through 1.7.4p3, when a Runas group is configured, does not properly handle use of the -u option in conjunction with the -g option, which allows local users to gain privileges via a command line containing a "-u root" sequence...

Cisco IOS Software TCP Initial Sequence Number Randomization Improvements - Cisco Systems

Cisco IOS Software contains a flaw that permits the successful prediction of TCP Initial Sequence Numbers. This vulnerability is present in all released versions of Cisco IOS software running on Cisco routers and switches. It only affects the security of TCP connections that originate or terminat...

Cisco IOS Software Multiple Features Crafted TCP Sequence Vulnerability - Cisco Systems

Cisco IOS Software contains a vulnerability in multiple features that could allow an attacker to cause a denial of service DoS condition on the affected device. A sequence of specially crafted TCP packets can cause the vulnerable device to reload. Cisco has released free software updates that...

CVE-2010-2713

The vtesequencehandlerwindowmanipulation function in vteseq.c in libvte aka libvte9 in VTE 0.25.1 and earlier, as used in gnome-terminal, does not properly handle escape sequences, which allows remote attackers to execute arbitrary commands or obtain potentially sensitive information via a 1 wind...

tomcat directory traversal

Directory traversal vulnerability in Apache HTTP Server and Tomcat 5.x before 5.5.22 and 6.x before 6.0.10, when using certain proxy modules modproxy, modrewrite, modjk, allows remote attackers to read arbitrary files via a .. dot dot sequence with combinations of 1 "/" slash, 2 "" backslash, and...

SOL11797 - Pre-logon sequence vulnerability to token spoofing

A vulnerability exists in the FirePass pre-logon sequence. Under certain conditions, the FirePass controller can accept the output of a pre-logon sequence check that would have been run on a different computer. This vulnerability would allow an attacker to use the pre-logon token from a workstati...

PT-2010-1620 · Vmware · Vmware Server +3

Name of the Vulnerable Software and Affected Versions: VMware Workstation versions 7.0 through 7.0.0 build 227600 VMware Workstation version 6.5.x through 6.5.3 build 246459 VMware Player versions 3.0 through 3.0.0 build 227600 VMware Player version 2.5.x through 2.5.3 build 246459 VMware ACE...

UHTTP Server Path Traversal

uhttp Server Path Traversal Vulnerability Name uhttp Server Vendor http://uhttps.sourceforge.net Versions Affected 0.1.0-alpha Author Salvatore Fresta aka Drosophila Website http://www.salvatorefresta.net Contact salvatorefresta at gmail dot com Date 2010-03-10 X. INDEX I. ABOUT THE APPLICATION I...