Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
added 2008/04/14 12:0 a.m.30 views

mksh -- TTY attachment privilege escalation

Secunia reports: The vulnerability is caused due to an error when attaching to a TTY via the -T command line switch. This can be exploited to execute arbitrary commands with the privileges of the user running mksh via characters previously written to the attached virtual console...

7.2CVSS6.8AI score0.00332EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2008/04/09 12:0 a.m.30 views

swfdec -- exposure of sensitive information

Secunia reports: A vulnerability has been reported in swfdec, which can be exploited by malicious people to disclose sensitive information. The vulnerability is caused due to swfdec not properly restricting untrusted sandboxes from reading local files, which can be exploited to disclose the conte...

4.3CVSS6.1AI score0.01129EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2008/04/03 12:0 a.m.30 views

opera -- multiple vulnerabilities

Opera Software reports of multiple security issues in Opera. All of them can lead to arbitrary code execution. Details are as the following: Newsfeed prompt can cause Opera to execute arbitrary code Resized canvas patterns can cause Opera to execute arbitrary code...

9.3CVSS7.6AI score0.07595EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2008/01/03 12:0 a.m.30 views

zenphoto -- XSS vulnerability

zenphoto project reports: A new zenphoto version is now available. This release contains security fixes for HTML, XSS, and SQL injection vulnerabilities...

7.5CVSS7.6AI score0.02035EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2007/11/21 12:0 a.m.30 views

IRC Services-- Denial of Service Vulnerability

Secunia reports: A vulnerability has been reported in IRC Services, which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the improper handling of overly long passwords within the "defaultencrypt" function in encrypt.c and can be exploited to...

5CVSS6.3AI score0.02079EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2007/07/24 12:0 a.m.30 views

FreeBSD -- Predictable query ids in named(8)

Problem Description: When named8 is operating as a recursive DNS server or sending NOTIFY requests to slave DNS servers, named8 uses a predictable query id. Impact: An attacker who can see the query id for some requests sent by named8 is likely to be able to perform DNS cache poisoning by...

4.3CVSS7.8AI score0.1309EPSS
Exploits0
FreeBSD
FreeBSD
added 2007/05/30 12:0 a.m.30 views

findutils -- GNU locate heap buffer overrun

James Youngman reports: When GNU locate reads filenames from an old-format locate database, they are read into a fixed-length buffer allocated on the heap. Filenames longer than the 1026-byte buffer can cause a buffer overrun. The overrunning data can be chosen by any person able to control the...

6CVSS6.2AI score0.02225EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2007/05/23 12:0 a.m.30 views

FreeBSD -- heap overflow in file(1)

Problem Description: When writing data into a buffer in the fileprintf function, the length of the unused portion of the buffer is not correctly tracked, resulting in a buffer overflow when processing certain files. Impact: An attacker who can cause file1 to be run on a maliciously constructed...

9.3CVSS9.8AI score0.12226EPSS
Exploits1
FreeBSD
FreeBSD
added 2007/05/03 12:0 a.m.30 views

php -- multiple vulnerabilities

The PHP development team reports: Security Enhancements and Fixes in PHP 5.2.2 and PHP 4.4.7: Fixed CVE-2007-1001, GD wbmp used with invalid image size Fixed asciiz byte truncation inside mail Fixed a bug in mbparsestr that can be used to activate registerglobals Fixed unallocated memory...

6.8CVSS6AI score0.08321EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2007/05/01 12:0 a.m.30 views

qemu -- several vulnerabilities

The Debian Security Team reports: Several vulnerabilities have been discovered in the QEMU processor emulator, which may lead to the execution of arbitrary code or denial of service. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2007-1320Tavis Ormandy...

7.2CVSS9.4AI score0.00493EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2007/02/05 12:0 a.m.30 views

samba -- format string bug in afsacl.so VFS plugin

The Samba Team reports: NOTE: This security advisory only impacts Samba servers that share AFS file systems to CIFS clients and which have been explicitly instructed in smb.conf to load the afsacl.so VFS module. The source defect results in the name of a file stored on disk being used as the form...

7.5CVSS6.3AI score0.06412EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2006/12/31 12:0 a.m.30 views

mplayer -- buffer overflow in the code for RealMedia RTSP streams.

A potential buffer overflow was found in the code used to handle RealMedia RTSP streams. When checking for matching asm rules, the code stores the results in a fixed-size array, but no boundary checks are performed. This may lead to a buffer overflow if the user is tricked into connecting to a...

7.5CVSS6.9AI score0.05346EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2006/10/09 12:0 a.m.30 views

vtiger -- multiple remote file inclusion vulnerabilities

Dedi Dwianto a.k.a theday reports: Input passed to the "$calpath" parameter in update.php is not properly verified before being used. This can be exploited to execute arbitrary PHP code by including files from local or external resources...

7.5CVSS7.1AI score0.07811EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2006/09/28 12:0 a.m.30 views

OpenSSL -- Multiple problems in crypto(3)

Problem Description: Several problems have been found in OpenSSL: During the parsing of certain invalid ASN1 structures an error condition is mishandled, possibly resulting in an infinite loop. A buffer overflow exists in the SSLgetsharedciphers function. A NULL pointer may be dereferenced in the...

7.8CVSS9.8AI score0.10629EPSS
Exploits1
FreeBSD
FreeBSD
added 2006/08/30 12:0 a.m.30 views

gtetrinet -- remote code execution

The Debian Security Team reports: Michael Gehring discovered several potential out-of-bounds index accesses in gtetrinet, a multiplayer Tetris-like game, which may allow a remote server to execute arbitrary code...

7.5CVSS6.7AI score0.04015EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2006/07/05 12:0 a.m.30 views

twiki -- multiple file extensions file upload vulnerability

A TWiki Security Alert reports: The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en,...

4CVSS6.5AI score0.0283EPSS
Exploits2References2
FreeBSD
FreeBSD
added 2006/05/31 12:0 a.m.30 views

MySQL -- SQL-injection security vulnerability

MySQL reports: An SQL-injection security hole has been found in multibyte encoding processing. An SQL-injection security hole can include a situation whereby when inserting user supplied data into a database, the user might inject his own SQL statements that the server will execute. With regards ...

0.4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2006/05/04 12:0 a.m.30 views

libxine -- multiple buffer overflow vulnerabilities

The libxine development team reports that several vulnerabilities had been found in the libxine library. The first vulnerability is caused by improper checking of the src/input/libreal/real.c "realparsesdp" function. A remote attacker could exploit this by tricking an user to connect to a...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2006/04/19 12:0 a.m.30 views

lifetype -- ADOdb "server.php" Insecure Test Script Security Issue

Secunia reports: A security issue has been discovered in LifeType, which can be exploited by malicious people to execute arbitrary SQL code and potentially compromise a vulnerable system. The problem is caused due to the presence of the insecure "server.php" test script...

7.5CVSS7.5AI score0.13237EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2006/04/06 12:0 a.m.30 views

clamav -- Multiple Vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS Denial of Service and compromise a vulnerable system. An unspecified integer overflow error exists in the PE header parser in "libclamav/pe.c". Successful...

5.1CVSS7.5AI score0.07635EPSS
Exploits1References2
FreeBSD
FreeBSD
added 2006/03/09 12:0 a.m.30 views

GnuPG does not detect injection of unsigned data

Werner Koch reports: In the aftermath of the false positive signature verfication bug announced 2006-02-15 more thorough testing of the fix has been done and another vulnerability has been detected. This new problem affects the use of gpg for verification of signatures which are not detached...

5CVSS6.4AI score0.02373EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2006/02/13 12:0 a.m.30 views

SSH.COM SFTP server -- format string vulnerability

SSH Communications Security Corp reports a format string vulnerability in their SFTP server. This vulnerability could cause a user with SCP/SFTP access only to get permission to execute also other commands. It could also allow user A to create a special file that when accessed by user B allows us...

6.5CVSS6.6AI score0.10188EPSS
Exploits0References5
FreeBSD
FreeBSD
added 2005/09/23 12:0 a.m.30 views

perl, webmin, usermin -- perl format string integer wrap vulnerability

The Perl Development page reports: Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was...

7.5CVSS7AI score0.1448EPSS
Exploits2References4
FreeBSD
FreeBSD
added 2005/08/10 12:0 a.m.30 views

evolution -- remote format string vulnerabilities

A SITIC Vulnerability Advisory reports: Evolution suffers from several format string bugs when handling data from remote sources. These bugs lead to crashes or the execution of arbitrary assembly language code. The first format string bug occurs when viewing the full vCard data attached to an...

6.7AI score
Exploits0References1
FreeBSD
FreeBSD
added 2005/07/06 12:0 a.m.30 views

zlib -- buffer overflow vulnerability

Problem Description An error in the handling of corrupt compressed data streams can result in a buffer being overflowed. Impact By carefully crafting a corrupt compressed data stream, an attacker can overwrite data structures in a zlib-using application. This may cause the application to halt,...

7.5CVSS6.5AI score0.05476EPSS
Exploits3
FreeBSD
FreeBSD
added 2005/06/08 12:0 a.m.30 views

leafnode -- denial of service vulnerability

Matthias Andree reports: A vulnerability was found in the fetchnews program the NNTP client that may under some circumstances cause a wait for input that never arrives, fetchnews "hangs". ... As only one fetchnews program can run at a time, subsequently started fetchnews and texpire programs will...

5CVSS6.3AI score0.01138EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2005/05/10 12:0 a.m.30 views

gaim -- remote crash on some protocols

The GAIM team reports that GAIM is vulnerable to a denial-of-service vulnerability which can cause GAIM to crash: It is possible for a remote user to overflow a static buffer by sending an IM containing a very large URL greater than 8192 bytes to the Gaim user. This is not possible on all...

7.5CVSS6.7AI score0.12396EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/04/20 12:0 a.m.30 views

gzip -- directory traversal and permission race vulnerabilities

Problem Description Two problems related to extraction of files exist in gzip: The first problem is that gzip does not properly sanitize filenames containing "/" when uncompressing files using the -N command line option. The second problem is that gzip does not set permissions on newly extracted...

6.4AI score
Exploits0References2
FreeBSD
FreeBSD
added 2005/04/12 12:0 a.m.30 views

wordpress -- multiple vulnerabilities

A Gentoo Linux Security Advisory reports: Due to a lack of input validation, WordPress is vulnerable to SQL injection and XSS attacks. An attacker could use the SQL injection vulnerabilities to gain information from the database. Furthermore the cross-site scripting issues give an attacker the...

7.5CVSS7.1AI score0.03139EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/04/11 12:0 a.m.30 views

openoffice -- DOC document heap overflow vulnerability

AD-LAB reports that a heap-based buffer overflow vulnerability exists in OpenOffice's handling of DOC documents. When reading a DOC document 16 bit from a 32 bit integer is used for memory allocation, but the full 32 bit is used for further processing of the document. This can allow an attacker t...

5.1CVSS7.2AI score0.04132EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2005/03/11 12:0 a.m.30 views

mysql-server -- multiple remote vulnerabilities

SecurityFocus reports: MySQL is reported prone to an insecure temporary file creation vulnerability. Reports indicate that an attacker that has 'CREATE TEMPORARY TABLE' privileges on an affected installation may leverage this vulnerability to corrupt files with the privileges of the MySQL process...

7.3AI score
Exploits0
FreeBSD
FreeBSD
added 2005/02/22 12:0 a.m.30 views

phpbb -- multiple vulnerabilities

phpBB is vulnerable to remote exploitation of an input validation vulnerability allows attackers to read the contents of arbitrary system files under the privileges of the webserver. This also allows remote attackers to unlink arbitrary system files under the privileges of the webserver...

6.4CVSS6.5AI score0.02043EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2005/02/20 12:0 a.m.30 views

putty -- pscp/psftp heap corruption vulnerabilities

Simon Tatham reports: This version fixes a security hole in previous versions of PuTTY, which can allow a malicious SFTP server to attack your client. If you use either PSCP or PSFTP, you should upgrade. Users of the main PuTTY program are not affected. However, note that the server must have...

7.5CVSS6.1AI score0.04041EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2005/02/14 12:0 a.m.30 views

unace -- multiple vulnerabilities

Ulf Härnhammar reports: There are buffer overflows when extracting, testing or listing specially prepared ACE archives. There are directory traversal bugs when extracting ACE archives. There are also buffer overflows when dealing with long 17000 characters command line arguments. Secunia reports:...

5.1CVSS6.1AI score0.03243EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2005/02/07 12:0 a.m.30 views

postgresql -- multiple buffer overflows in PL/PgSQL parser

The PL/PgSQL parser in postgresql is vulnerable to several buffer overflows. These could be exploited by a remote attacker to execute arbitrary code with the permissions of the postgresql server by running a specially crafted query...

6.5CVSS7.3AI score0.03512EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/01/29 12:0 a.m.30 views

squirrelmail -- XSS and remote code injection vulnerabilities

A SquirrelMail Security Advisory reports: SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue in...

6.8CVSS5.8AI score0.02818EPSS
Exploits0References4
FreeBSD
FreeBSD
added 2005/01/12 12:0 a.m.30 views

mysql-scripts -- mysqlaccess insecure temporary file creation

The Debian Security Team reports: Javier Fernández-Sanguino Peña from the Debian Security Audit Project discovered a temporary file vulnerability in the mysqlaccess script of MySQL that could allow an unprivileged user to let root overwrite arbitrary files via a symlink attack and could also coul...

4.6CVSS6.3AI score0.00594EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/11/24 12:0 a.m.30 views

helvis -- arbitrary file deletion problem

The setuid root elvprsv utility, used to preserve recovery helvis files, can be abused by local users to delete with root privileges. The problem is that elvprsv deletes files when it thinks they have become corrupt. When elvprsv is pointed to a normal file then it will almost always think the fi...

2.1CVSS6.2AI score0.00358EPSS
Exploits1References1
FreeBSD
FreeBSD
added 2004/10/03 12:0 a.m.30 views

zip -- long path buffer overflow

A HexView security advisory reports: When zip performs recursive folder compression, it does not check for the length of resulting path. If the path is too long, a buffer overflow occurs leading to stack corruption and segmentation fault. It is possible to exploit this vulnerability by embedding ...

10CVSS3.2AI score0.09246EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/09/22 12:0 a.m.30 views

cyrus-sasl -- dynamic library loading and set-user-ID applications

The Cyrus SASL library, libsasl, contains functions which may load dynamic libraries. These libraries may be loaded from the path specified by the environmental variable SASLPATH, which in some situations may be fully controlled by a local attacker. Thus, if a set-user-ID application such as chsh...

7.2CVSS6.4AI score0.00506EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/09/06 12:0 a.m.30 views

libxine -- DVD subpicture decoder heap overflow

A xine security announcement states: A heap overflow has been found in the DVD subpicture decoder of xine-lib. This can be used for a remote heap overflow exploit, which can, on some systems, lead to or help in executing malicious code with the permissions of the user running a xine-lib based med...

7.5CVSS2.7AI score0.03995EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/09/02 12:0 a.m.30 views

samba3 DoS attack

Code found in nmbd and smbd may allow a remote attacker to effectively crash the nmbd server or use the smbd server to exhaust the system memory...

6.4AI score
Exploits0References1
FreeBSD
FreeBSD
added 2004/08/18 12:0 a.m.30 views

courier-imap -- format string vulnerability in debug mode

An iDEFENSE security advisory describes a format string vulnerability that could be exploited when Courier-IMAP is run in debug mode DEBUGLOGIN set...

7.5CVSS6.3AI score0.10906EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/08/18 12:0 a.m.30 views

squid -- NTLM authentication denial-of-service vulnerability

A remote attacker is able to cause a denial-of-service situation, when NTLM authentication is enabled in squid. NTLM authentication uses two functions which lack correct offset checking...

5CVSS6.5AI score0.10655EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2004/05/04 12:0 a.m.30 views

MoinMoin administrative group name privilege escalation vulnerability

A serious flaw exists in the MoinMoin software which may allow a malicious user to gain access to unauthorized privileges...

7.5CVSS6.5AI score0.01752EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2004/04/29 12:0 a.m.30 views

lha buffer overflows and path traversal issues

Ulf Härnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that...

10CVSS7.5AI score0.10262EPSS
Exploits3
FreeBSD
FreeBSD
added 2004/03/01 12:0 a.m.30 views

squid -- HTTP response splitting cache pollution attack

According to a whitepaper published by Sanctum, Inc., it is possible to mount cache poisoning attacks against, among others, squid proxies by inserting false replies into the HTTP stream. The squid patches page notes: This patch additionally strengthens Squid from the HTTP response attack describ...

5CVSS6.4AI score0.40977EPSS
Exploits0References3
FreeBSD
FreeBSD
added 2004/02/18 12:0 a.m.30 views

metamail format string bugs and buffer overflows

Ulf Härnhammar reported four bugs in metamail: two are format string bugs and two are buffer overflows. The bugs are in SaveSquirrelFile, PrintHeader, and ShareThisHeader. These vulnerabilities could be triggered by a maliciously formatted email message if metamail' or splitmail' is used to proce...

7.5CVSS7.1AI score0.2622EPSS
Exploits1
FreeBSD
FreeBSD
added 2003/12/24 12:0 a.m.30 views

L2TP, ISAKMP, and RADIUS parsing vulnerabilities in tcpdump

Jonathan Heusser discovered vulnerabilities in tcpdump's L2TP, ISAKMP, and RADIUS protocol handlers. These vulnerabilities may be used by an attacker to crash a running tcpdump' process...

5CVSS6.5AI score0.0992EPSS
Exploits0References2
FreeBSD
FreeBSD
added 2003/09/28 12:0 a.m.30 views

mailman XSS in create script

From the 2.1.3 release notes: Closed a cross-site scripting exploit in the create cgi script...

4.3CVSS6AI score0.0126EPSS
Exploits0References1
Total number of security vulnerabilities5000