Lucene search
K

1102 matches found

securityvulns
securityvulns
added 2007/01/19 12:0 a.m.55 views

[ MDKSA-2007:021 ] - Updated xpdf packages fix crafted pdf file vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:021 http://www.mandriva.com/security/ Package : xpdf Date : January 18, 2007 Affected: 2007.0, Corporate 3.0, Corporate 4.0 Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1...

6.8CVSS8.1AI score0.06027EPSS
Exploits2
securityvulns
securityvulns
added 2007/01/19 12:0 a.m.56 views

[ MDKSA-2007:019 ] - Updated pdftohtml packages fix crafted pdf file vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Mandriva Linux Security Advisory MDKSA-2007:019 http://www.mandriva.com/security/ Package : pdftohtml Date : January 18, 2007 Affected: 2006.0, 2007.0 Problem Description: The Adobe PDF specification 1.3, as implemented by xpdf 3.0.1 patch 2, kpdf in...

6.8CVSS8.1AI score0.06027EPSS
Exploits2
Prion
Prion
added 2007/01/09 12:28 a.m.22 views

Memory corruption

The Adobe PDF specification 1.3, as implemented by Adobe Acrobat before 8.0.0, allows remote attackers to have an unknown impact, possibly including denial of service infinite loop, arbitrary code execution, or memory corruption, via a PDF file with a 1 crafted catalog dictionary or 2 a crafted...

6.8CVSS7.3AI score0.15346EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2007/01/09 12:0 a.m.64 views

CVE-2007-0103

CVE-2007-0103 concerns the Adobe PDF specification 1.3 as implemented by Adobe Acrobat prior to 8.0.0. A remote attacker can abuse a PDF file with a crafted catalog dictionary or a crafted Pages attribute referencing an invalid page tree node, potentially triggering denial of service (infinite lo...

6.8CVSS7AI score0.15346EPSS
Exploits1References8Affected Software1
exploitpack
exploitpack
added 2006/12/19 12:0 a.m.18 views

PHP-Update 2.7 - extract() Authentication Bypass Shell Injection

PHP-Update 2.7 - extract Authentication Bypass Shell Injection 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord$string$i==2 $exa.=" ".dechexord$string$i; else $exa.=" 0".dechexord$string$i; $cont+...

0.9AI score
Exploits0
seebug.org
seebug.org
added 2006/11/26 12:0 a.m.28 views

Woltlab Burning Board Lite 1.0.2 decode_cookie() SQL Injection Exploit

No description provided by source. ?php printr' -------------------------------------------------------------------------------- Woltlab Burning Board Lite 1.0.2 decodecookie sql injection exploit by rgod [email protected] site: http://retrogod.altervista.org dork: "Powered by Burning Board Lite...

7.1AI score
Exploits0
Exploit DB
Exploit DB
added 2006/09/21 12:0 a.m.34 views

exV2 < 2.0.4.3 - 'sort' SQL Injection

!/usr/bin/php -q -d shortopentag=on = 4.1 allowing subs and if 'messages' module is enabled / if $argc 126 $result.=" ."; else $result.=" ".$string$i; if strlendechexord...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2006/01/15 12:0 a.m.24 views

DMA-2006-0112a.txt

DMA2006-0112a - 'Toshiba Bluetooth Stack Directory Transversal' Author: Kevin Finisterre Vendor: http://www.toshiba-tro.de/ Product: 'Toshiba Bluetooth Stack =v4.00.23T' References: http://www.digitalmunition.com/DMA2006-0112a.txt Description: Toshiba was one of the first companies to provide a...

7.4AI score
Exploits0
Symantec
Symantec
added 2005/08/09 12:0 a.m.16 views

Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability

Description The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials. Attackers...

0.1AI score
Exploits0References1Affected Software3
securityvulns
securityvulns
added 2005/06/14 12:0 a.m.36 views

Bluetooth SIG Denial of Service vulnerability

The next D.o.S. can be reproduced "at home", with a simple laptop. A bluettoth enabled PDA can reach same results. 1 D.o.S. to the bluetooth device Many bluetooth device communications can be totally inhibited simply by sending a ping-flood to the device from a linux laptop with bluetooth...

1.4AI score
Exploits0
UbuntuCve
UbuntuCve
added 2005/03/01 5:0 a.m.19 views

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

7.2CVSS5.9AI score0.00483EPSS
Exploits0References2
NVD
NVD
added 2005/03/01 5:0 a.m.17 views

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

7.2CVSS6.1AI score0.00483EPSS
Exploits0References21
UbuntuCve
UbuntuCve
added 2005/02/07 5:0 a.m.39 views

CVE-2005-0174

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...

5CVSS5.9AI score0.50775EPSS
Exploits0References2
NVD
NVD
added 2005/02/07 5:0 a.m.22 views

CVE-2005-0174

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...

5CVSS6.3AI score0.50775EPSS
Exploits0References13
Cvelist
Cvelist
added 2005/02/06 5:0 a.m.32 views

CVE-2005-0174

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including 1 multiple Content-Length headers, 2 carriage return CR characters that are not part of a CRLF pair, and 3 header names containing...

6.3AI score0.50775EPSS
Exploits0References13
OSV
OSV
added 2004/12/31 5:0 a.m.2 views

DEBIAN-CVE-2004-2714

Unspecified vulnerability in Window Maker 0.80.2 and earlier allows attackers to perform unknown actions via format string specifiers in a font specification in WMGLOBAL, probably a format string vulnerability...

6CVSS6.8AI score0.00962EPSS
Exploits0References1
Cvelist
Cvelist
added 2004/11/16 5:0 a.m.22 views

CVE-2004-1038

A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: th...

6.1AI score0.00483EPSS
Exploits0References21
securityvulns
securityvulns
added 2004/06/28 12:0 a.m.29 views

Lotus Notes URI command line modification

notes: URI allows to execute notes.exe with any arguments, for example to cpecify .ini file location...

3.3AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2001/01/03 12:0 a.m.50 views

Дырка в gtk+ (GTK_MODULES)

Пользователь может указать расположение библиотек через переменную GTKMODULES...

0.3AI score
Exploits0References1
CERT
CERT
added 2000/12/12 12:0 a.m.17 views

sysback makes call to hostname without a fully qualified path specification

Overview sysback , shipped with AIX systems, allows local users to gain root access because of a failure to use a fully qualified path for a call to hostname. Description sysback includes a call to hostname but does not include a full path specification. Because sysback is set uid root, intruders...

7.4AI score
Exploits0
Rows per page
Query Builder