Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2013/10/05 12:0 a.m.•20 views

gnupg -- possible infinite recursion in the compressed packet parser

Werner Koch reports: Special crafted input data may be used to cause a denial of service against GPG GnuPG's OpenPGP part and some other OpenPGP implementations. All systems using GPG to process incoming data are affected...

5CVSS7.4AI score0.0503EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/09/23 12:0 a.m.•20 views

py-suds -- vulnerable to symlink attacks

SUSE reports: cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...

1.2CVSS6.1AI score0.00558EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/17 12:0 a.m.•20 views

bogofilter -- heap corruption by invalid base64 input

David Relson reports: Fix a heap corruption in base64 decoder on invalid input. Analysis and patch by Julius Plenz, FU Berlin, Germany...

7.5CVSS6.7AI score0.06259EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/01/31 12:0 a.m.•20 views

bugzilla -- multiple vulnerabilities

A Bugzilla Security Advisory reports: The following security issues have been discovered in Bugzilla: Account Impersonation: When a user creates a new account, Bugzilla doesn't correctly reject email addresses containing non-ASCII characters, which could be used to impersonate another user accoun...

6.6AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2011/12/21 12:0 a.m.•20 views

plib -- buffer overflow

Secunia reports: A vulnerability has been discovered in PLIB, which can be exploited by malicious people to compromise an application using the library. The vulnerability is caused due to a boundary error within the "ulSetError" function src/util/ulError.cxx when creating the error message, which...

9.3CVSS6.9AI score0.12795EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/11/02 12:0 a.m.•20 views

caml-light -- insecure use of temporary files

caml-light uses mktemp insecurely, and also does unsafe things in /tmp during make install...

9.8CVSS9.2AI score0.01831EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/04/07 12:0 a.m.•20 views

VLC -- Heap corruption in MP4 demultiplexer

VideoLAN project reports: When parsing some MP4 MPEG-4 Part 14 files, insufficient buffer size might lead to corruption of the heap...

2.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2010/11/16 12:0 a.m.•20 views

wordpress -- SQL injection vulnerability

Vendor reports: SQL injection vulnerability in the dotrackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote authenticated users to execute arbitrary SQL commands via the Send Trackbacks field...

6CVSS7.9AI score0.03139EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/09/28 12:0 a.m.•20 views

horde-imp -- XSS vulnerability

The Horde team reports: Thanks to Naumann IT Security Consulting for reporting the XSS vulnerability. The major changes compared to IMP version H3 4.3.7 are: Fixed an XSS vulnerability in the Fetchmail configuration...

2.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2010/07/08 12:0 a.m.•20 views

redmine -- multiple vulnerabilities

Eric Davis reports: This security release addresses some security vulnerabilities found in the advanced subversion integration module Redmine.pm perl script...

1.6AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2010/06/28 12:0 a.m.•20 views

bogofilter -- heap underrun on malformed base64 input

Julius Plenz reports: I found a bug in the base64decode function which may cause memory corruption when the function is executed on a malformed base64 encoded string. If a string starting with an equal-sign is passed to the base64decode function it triggers a memory corruption that in some cases...

5CVSS6.6AI score0.03441EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/03/09 12:0 a.m.•20 views

egroupware -- two vulnerabilities

Egroupware Team report: Nahuel Grisolia from CYBSEC S.A. Security Systems found two security problems in EGroupware: Serious remote command execution allowing to run arbitrary command on the web server by simply issuing a HTTP request!. A reflected cross-site scripting XSS. Both require NO valid...

1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/10/03 12:0 a.m.•20 views

openx -- sql injection vulnerability

Secunia reports: OpenX can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "bannerid" parameter in www/delivery/ac.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code...

3.2AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2008/08/05 12:0 a.m.•20 views

twiki -- Arbitrary code execution in session files

Th1nk3r reports: The version of TWiki installed on the remote host allows access to the 'configure' script and fails to sanitize the 'image' parameter of that script of directory traversal sequences before returning the file contents when the 'action' parameter is set to 'image'. An unauthenticat...

6.8CVSS6.5AI score0.0828EPSS
Exploits6References4
FreeBSD
FreeBSD
•added 2008/06/10 12:0 a.m.•20 views

Courier Authentication Library -- SQL Injection

Secunia reports: A vulnerability has been reported in the Courier Authentication Library, which can be exploited by malicious people to conduct SQL injection attacks. Input passed via e.g. the username to the library is not properly sanitised before being used in SQL queries. This can be exploite...

2.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/01/08 12:0 a.m.•20 views

geeklog xss vulnerability

Geeklog reports: MustLive pointed out a possible XSS in the form to email an article to a friend that we're fixing with this release. Please note that this problem only exists in Geeklog 1.4.0 - neither Geeklog 1.4.1 nor any older versions 1.3.x series have that problem...

4.3CVSS5.9AI score0.01518EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/10/17 12:0 a.m.•20 views

opera -- multiple vulnerabilities

An advisory from Opera reports: If a user has configured Opera to use an external newsgroup client or e-mail application, specially crafted Web pages can cause Opera to run that application incorrectly. In some cases this can lead to execution of arbitrary code. When accesing frames from differen...

6.6AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2007/10/09 12:0 a.m.•20 views

ldapscripts -- Command Line User Credentials Disclosure

Ganael Laplanche reports: Up to now, each ldap command was called with the -w parameter, which allows to specify the bind password on the command line. Unfortunately, this could make the password appear to anybody performing a ps during the call. This is now avoided by using the -y parameter and ...

2.1CVSS6.5AI score0.00341EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/09/26 12:0 a.m.•20 views

dokuwiki -- multiple vulnerabilities

Secunia reports: Some vulnerabilities have been reported in DokuWiki, which can be exploited by malicious people to cause a DoS Denial of Service or potentially compromise a vulnerable system. Input passed to the "w" and "h" parameters in lib/exec/fetch.php is not properly sanitised before being...

6.9AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2006/05/31 12:0 a.m.•20 views

dokuwiki -- multiple vulnerabilities

Multiple vulnerabilities have been reported within dokuwiki. dokuwiki is proven vulnerable to: arbitrary PHP code insertion via spellcheck module, XSS attack via "Update your account profile," bypassing of ACL controls when enabled...

3AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2006/03/06 12:0 a.m.•20 views

freeciv -- Packet Parsing Denial of Service Vulnerability

Secunia reports: Luigi Auriemma has reported a vulnerability in Freeciv, which can be exploited by malicious people to cause a DoS Denial of Service. The vulnerability is caused due to an error within the handling of the packet length in "common/packets.c". This can be exploited to crash the...

5CVSS6.2AI score0.07701EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/03/06 12:0 a.m.•20 views

pubcookie-login-server -- cross site scripting vulnerability

Nathan Dors of the Pubcookie Project reports: Multiple non-persistent XSS vulnerabilities were found in the Pubcookie login server's compiled binary "index.cgi" CGI program. The CGI program mishandles untrusted data when printing responses to the browser. This makes the program vulnerable to...

0.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2006/02/20 12:0 a.m.•20 views

coppermine -- File Inclusion Vulnerabilities

Secunia reports: Coppermine Photo Gallery have a vulnerability, which can be exploited by malicious people and by malicious users to compromise a vulnerable system. 1 Input passed to the "lang" parameter in include/init.inc.php isn't properly verified, before it is used to include files. This can...

5CVSS7AI score0.02307EPSS
Exploits2References2
FreeBSD
FreeBSD
•added 2005/10/01 12:0 a.m.•20 views

cfengine -- arbitrary file overwriting vulnerability

A Debian Security Advisory reports: Javier Fernández-Sanguino Peña discovered several insecure temporary file uses in cfengine, a tool for configuring and maintaining networked machines, that can be exploited by a symlink attack to overwrite arbitrary files owned by the user executing cfengine,...

2.1CVSS6.3AI score0.00428EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2005/09/02 12:0 a.m.•20 views

urban -- stack overflow vulnerabilities

Several filename-related stack overflow bugs allow a local attacker to elevate its privileges to the games group, since urban is installed setgid games. Issue discovered and fixed by...

2.1CVSS5.9AI score0.00287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/07/21 12:0 a.m.•20 views

fetchmail -- denial of service/crash from malicious POP3 server

In fetchmail 6.2.5.1, the remote code injection via POP3 UIDL was fixed, but a denial of service attack was introduced: Two possible NULL-pointer dereferences allow a malicious POP3 server to crash fetchmail by respondig with UID lines containing only the article number but no UID in violation of...

3AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2005/06/27 12:0 a.m.•20 views

Macromedia flash player -- swf file handling arbitrary code

A Secunia Advisory reports: A vulnerability has been reported in Macromedia Flash Player, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file. This value is used a...

3.9AI score
Exploits0References3
FreeBSD
FreeBSD
•added 2005/04/14 12:0 a.m.•20 views

oops -- format string vulnerability

A RST/GHC Advisory reports that there is an format string vulnerability in oops. The vulnerability can be found in the MySQL/PgSQL authentication module. Succesful exploitation may allow execution of arbitrary code...

5CVSS6.9AI score0.02298EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2005/02/28 12:0 a.m.•20 views

phpbb -- Insuffient check against HTML code in usercp_register.php

Neo Security Team reports: If we specify a variable in the html code any type: hidden, text, radio, check, etc with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature. This is a low risk vulnerability that allows users to bypass...

2.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2005/01/20 12:0 a.m.•20 views

gforge -- directory traversal vulnerability

An STG Security Advisory reports: GForge CVS module made by Dragos Moinescu and another module made by Ronald Petty have a directory traversal vulnerability. ... malicious attackers can read arbitrary directory lists...

5CVSS6.6AI score0.01713EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2005/01/18 12:0 a.m.•20 views

newsgrab -- directory traversal vulnerability

The newsgrab script creates files by using the names provided in the newsgroup messages in a perl open call. This is done without performing any security checks to prevent a directory traversal. A specially crafted newsgroup message could cause newsgrab to drop an attachment anywhere on the file...

1.9AI score
Exploits2References2
FreeBSD
FreeBSD
•added 2004/12/15 12:0 a.m.•20 views

libxine -- buffer-overflow vulnerability in aiff support

Due to a buffer overflow in the openaifffile function in demuxaiff.c, a remote attacker is able to execute arbitrary code via a modified AIFF file...

10CVSS6.4AI score0.09107EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2004/10/19 12:0 a.m.•20 views

gaim -- MSN denial-of-service vulnerabilities

The Gaim team discovered denial-of-service vulnerabilities in the MSN protocol handler: After accepting a file transfer request, Gaim will attempt to allocate a buffer of a size equal to the entire filesize, this allocation attempt will cause Gaim to crash if the size exceeds the amount of...

1AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/10/18 12:0 a.m.•20 views

sudo -- environmental variable CDPATH is not cleared

A sudo bug report says: sudo doesn't unset the CDPATH variable, which leads to possible security problems...

1.8AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/10/06 12:0 a.m.•20 views

horde -- cross-site scripting vulnerability in help window

A Horde Team announcement states that a potential cross-site scripting vulnerability in the help window has been corrected. The vulnerability appears to involve the handling of the topic and module parameters of the help window template...

2.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2004/09/15 12:0 a.m.•20 views

php -- php_variables memory disclosure

Stefano Di Paola reports: Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables...

3.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2004/08/25 12:0 a.m.•20 views

tor -- remote DoS and loss of anonymity

Tor has various remote crashes which could lead to a remote denial-of-service and be used to defeat clients anonymity. It is not expected that these vulnerabilities are exploitable for arbitrary code execution...

2.3AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2004/02/15 12:0 a.m.•20 views

mnGoSearch buffer overflow in UdmDocToTextBuf()

Jedi/Sector One reported the following on the full-disclosure list: Every document is stored in multiple parts according to its sections description, body, etc in databases. And when the content has to be sent to the client, UdmDocToTextBuf concatenates those parts together and skips metadata...

6.1AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2004/02/09 12:0 a.m.•20 views

Samba 3.0.x password initialization bug

From the Samba 3.0.2 release notes: Security Announcement: It has been confirmed that previous versions of Samba 3.0 are susceptible to a password initialization bug that could grant an attacker unauthorized access to a user account created by the mksmbpasswd.sh shell script...

7.5CVSS6.2AI score0.03497EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/10/25 12:0 a.m.•20 views

Buffer overflows in libmcrypt

libmcrypt does incomplete input validation, leading to several buffer overflows. Additionally, a memory leak is present. Both of these problems may be exploited in a denial-of-service attack...

7.5CVSS6.6AI score0.01726EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/04/16 12:0 a.m.•20 views

mod_access_referer -- null pointer dereference vulnerability

A malformed Referer header field causes the Apache apparseuricomponents function to discard it with the result that a pointer is not initialized. The modaccessreferer module does not take this into account with the result that it may use such a pointer. The null pointer vulnerability may possibly...

5CVSS6.4AI score0.07124EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2002/11/06 12:0 a.m.•20 views

leafnode denial-of-service triggered by article request

The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...

5CVSS6.5AI score0.02333EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2026/05/20 12:0 a.m.•19 views

FreeBSD -- Missing validation in ptrace(PT_SC_REMOTE)

Problem Description: ptracePTSCREMOTE failed to properly validate parameters for the syscall2 and syscall2 meta-system calls. As a result, a user with the ability to debug a process may trigger arbitrary code execution in the kernel, even if the target process has no special privileges. Impact: T...

8.4CVSS6AI score0.00196EPSS
Exploits0
FreeBSD
FreeBSD
•added 2026/05/12 12:0 a.m.•19 views

zeek -- potential DoS vulnerability

Wojtulewicz of Corelight reports: A specially-crafted series of MIME headers sent via SMTP or HTTP could cause Zeek to use large amounts of memory and potentially crash...

5.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/03/18 12:0 a.m.•19 views

Roundcube -- Multiple vulnerabilities

The Roundcube project reports: pre-auth arbitrary file write via unsafe deserialization in redis/memcache session handler password could get changed without providing the old password IMAP Injection + CSRF bypass in mail search remote image blocking bypass via various SVG animate attributes remot...

5.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2026/01/27 12:0 a.m.•19 views

OpenSSL -- Multiple vulnerabilities

The OpenSSL project reports: Improper validation of PBMAC1 parameters in PKCS12 MAC verification CVE-2025-11187 Stack buffer overflow in CMS AuthEnvelopedData parsing CVE-2025-15467 NULL dereference in SSLCIPHERfind function on unknown cipher ID CVE-2025-15468 "openssl dgst" one-shot codepath...

9.8CVSS6AI score0.47621EPSS
Exploits7References1
FreeBSD
FreeBSD
•added 2025/04/08 12:0 a.m.•19 views

chromium -- multiple security fixes

Chrome Releases reports: This update includes 2 security fixes: 405140652 High CVE-2025-3066: Use after free in Site Isolation. Reported by Sven Dysthe @svn-dys on 2025-03-21...

8.8CVSS8AI score0.00342EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2025/02/20 12:0 a.m.•19 views

qt6-webengine -- Multiple vulnerabilities

Qt qtwebengine-chromium repo reports: Backports for 11 security bugs in Chromium: CVE-2024-11477: 7-Zip Zstd decompression integer underflow CVE-2025-0762: Use after free in DevTools CVE-2025-0996: Inappropriate implementation in Browser UI CVE-2025-0998: Out of bounds memory access in V8...

9.8CVSS8.5AI score0.21985EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2025/01/08 12:0 a.m.•19 views

Gitlab -- Vulnerabilities

Gitlab reports: Possible access token exposure in GitLab logs Cyclic reference of epics leads resource exhaustion Unauthorized user can manipulate status of issues in public projects Instance SAML does not respect externalprovider configuration...

6.5CVSS7.1AI score0.00692EPSS
Exploits4References1
FreeBSD
FreeBSD
•added 2024/11/26 12:0 a.m.•19 views

firefox -- multiple vulnerabilities

[email protected] reports: CVE-2024-11692: An attacker could cause a select dropdown to be shown over another tab; this could have led to user confusion and possible spoofing attacks. CVE-2024-11696: The application failed to account for exceptions thrown by the loadManifestFromFile method...

8.8CVSS8.1AI score0.00762EPSS
Exploits0References4
Total number of security vulnerabilities5000