177 matches found
CAN-2003-0705
CVE-2003-0705 affects mah-jong (1.5.6 and earlier). The flaw is a buffer overflow that could be triggered remotely to execute arbitrary code with the privileges of the mah-jong server/user process. Public sources in the provided documents confirm the vulnerability and its remote-execution impact,...
CAN-2003-0694
CVE-2003-0694 maps to the Sendmail prescan() vulnerability that allows remote attackers to execute arbitrary code via buffer overflow in parseaddr.c. Public references in Debian DSA-384 confirm remote-code-execution possibility in Sendmail, and Metasploit notes frame it as a DoS PoC for some vers...
CAN-2003-0693
CVE-2003-0693 is only described in the Initial CAN entry as a reserved placeholder; the Connected documents reference CVE-2003-0693 within OpenSSH and Debian advisories (e.g., DSA-382/DSA-383, OpenVAS entries) but do not provide concrete technical details (affected product/version, root cause, ex...
CAN-2003-0971
Technical details for CVE-2003-0971 are not publicly available in the provided documents. Monitor for updates.
CAN-2004-0184
tcpdump prior to version 3.8.1 is affected by CVE-2004-0184 due to an integer underflow in the ISAKMP ID payload handling (isakmp_id_print). This can allow remote attackers to crash the tcpdump process (denial of service), typically when verbose mode (-v) is used. The vulnerability is documented ...
CAN-2004-0595
CVE-2004-0595 is described in connected records as a cross-site scripting vulnerability involving PHP’s strip_tags function. OpenVAS entries identify the issue under the name “php -- strip_tags cross-site scripting vulnerability,” with CVE-2004-0595 listed among related advisories. The sources al...
CAN-2004-0687
Mode C: The CVE-2004-0687/0688 family is associated with OpenMotif. Several OpenMotif-related vulnerabilities affect the libXPM image handling library, causing stack overflows (CVE-2004-0687) and related integer overflow issues (CVE-2004-0688). Public advisories (e.g., SUSE/SLES9 and related Open...
CAN-2005-0116
AWStats vulnerability CVE-2005-0116: in AWStats CGI, the configdir parameter is user-controlled and passed to open(), allowing remote command execution via shell metacharacters. Affects AWStats versions up to 6.2 (and 6.1 in some reports); fixed in 6.3. Remediation: upgrade to AWStats 6.3 or appl...
CAN-2005-2096
CAN-2005-2096 refers to a zlib buffer overflow vulnerability that can cause a crash via specially crafted compressed streams (e.g., crafted PNG files). Multiple connected advisories confirm this issue across distributions; zlib 1.2 and later is implicated. Adversaries could trigger a denial of se...
CVE-2024-33352
CVE-2024-33352 is evidenced by a GitHub exploit detailing BlueStacks for Windows (pre-10.40.1000.502) with a CWE-552-like flaw: World-writable VM/config files allow an unprivileged user to backdoor the Android VM and potentially achieve code execution on the host via VM escape. Specifically, glob...
CVE-2024-31969
CVE-2024-31969 is a local privilege-escalation in sudo via sudoedit. The flaw, introduced in sudo 1.9.0, stems from improper validation of user environment variables and file ownership in sudoedit, enabling a local user with sudoedit access to modify files as root (e.g., via SUDO_EDITOR or symlin...
CVE-2024-23700
CVE-2024-23700 is referenced in a Wear OS security bulletin as a Framework‑level vulnerability that could enable local privilege escalation by a malicious app with no extra privileges. PT-2026-3764 notes a PoC and claims the exploit can silently obtain permissions to read/write contacts, SMS, cal...
CVE-2024-1642470
CVE-2024-1642470 affects the Windows USB Generic Parent Driver. The connected exploit repo describes a remote code execution via crafted IOCTL requests that trigger a buffer overflow in the driver’s IOCTL handling. A PoC and detection script demonstrate exploitation by opening the vulnerable devi...
CVE-2019-19268
Technical details for CVE-2019-19268 are not publicly available in the provided documents. The description indicates the candidate is reserved and will be announced later. Monitor for updates.
CVE-2024-23780
CVE-2024-23780 has a connected exploit showing remote code execution on NetBox instances. The attached exploit script (HazardLab-IO) claims to execute arbitrary code via a NetBox deployment, with parameters for URL, username, and password. PT-2024-20080 references NetBox and notes affected versio...
CAN-2003-0961
CVE-2003-0961 is referenced across multiple OpenVAS entries tying it to kernel-related issues in 2.4.x series and Debian/Gentoo advisories (DSA GLSA 200312-02, DSA 439-1, DSA 442-1, and 450-1) and Slackware advisory SSA:2003-336-01. The connected documents indicate affected architectures and patc...
CAN-2004-0077
CVE-2004-0077 is referenced in multiple Linux kernel security advisories (e.g., Debian DSA 442-1 and GLSA 200403-02) attached to OpenVAS entries, indicating a kernel vulnerability in the 2.4.x lineage across architectures (e.g., s390, mips, ia64). The OpenVAS data shows CVSS base score 7.2 with v...
CAN-2004-0557
SoX versions 12.17.2–12.17.4 are affected by multiple buffer overflows in wav.c (st_wavstartread) that allow remote code execution via crafted WAV header fields. Public reports credit Ulf Harnhammar; affected commands include sox (and play). Debian and Gentoo advisories document remote, arbitrary...
CAN-2004-0964
CVE-2004-0964 concerns a stack-based buffer overflow in the Zinf Audio Player (formerly freeamp) version 2.2.1. The vulnerability arises from insufficient bounds checking when processing a specially crafted PLS playlist file. A remote attacker could exploit this by convincing a user to open a mal...
CAN-2003-0985
The provided OpenVAS/DSA/Gentoo entries reference CVE-2003-0985 in kernel-related advisories (e.g., Debian DSA 417-1/417-2, Gentoo GLSA 200401-01) affecting 2.4.x kernel packages (kernel-image-2.4.18-1-alpha, kernel-patch-2.4.18-powerpc, etc.). The CVSS base is shown as 7.2 with vector AV:L/AC:L/...