Lucene search
K
FreebsdMost viewed

6583 matches found

FreeBSD
FreeBSD
•added 2013/04/21 12:0 a.m.•28 views

FreeBSD -- NFS remote denial of service

Insufficient input validation in the NFS server allows an attacker to cause the underlying file system to treat a regular file as a directory...

7.5CVSS6.3AI score0.0351EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/03/12 12:0 a.m.•28 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.09257EPSS
Exploits0
FreeBSD
FreeBSD
•added 2013/02/18 12:0 a.m.•28 views

nss-pam-ldapd -- file descriptor buffer overflow

Garth Mollett reports: A file descriptor overflow issue in the use of FDSET in nss-pam-ldapd can lead to a stack-based buffer overflow. An attacker could, under some circumstances, use this flaw to cause a process that has the NSS or PAM module loaded to crash or potentially execute arbitrary cod...

6.8CVSS7.2AI score0.03582EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/12/17 12:0 a.m.•28 views

squid -- denial of service

Squid developers report: Due to missing input validation Squid cachemgr.cgi tool is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any client able to reach the cachemgr.cgi to perform a denial of service attack on the service host. The...

6.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/12/11 12:0 a.m.•28 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.08308EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/12/10 12:0 a.m.•28 views

django -- multiple vulnerabilities

The Django Project reports: Host header poisoning Several earlier Django security releases focused on the issue of poisoning the HTTP Host header, causing Django to generate URLs pointing to arbitrary, potentially-malicious domains. In response to further input received and reports of continuing...

7.9AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2012/10/08 12:0 a.m.•28 views

linux-flashplugin -- multiple vulnerabilities

Adobe reports: These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.10947EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2012/08/12 12:0 a.m.•28 views

fetchmail -- two vulnerabilities in NTLM authentication

Matthias Andree reports: With NTLM support enabled, fetchmail might mistake a server-side error message during NTLM protocol exchange for protocol data, leading to a SIGSEGV. Also, with a carefully crafted NTLM challenge, a malicious server might cause fetchmail to read from a bad memory location...

5.8CVSS6.3AI score0.01874EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/07/25 12:0 a.m.•28 views

OpenTTD -- Denial of Service

The OpenTTD Team reports: Denial of service server using ships on half tiles and landscaping...

5CVSS5.3AI score0.03384EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/05/23 12:0 a.m.•28 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 117409 High CVE-2011-3103: Crashes in v8 garbage collection. Credit to the Chromium development community Brett Wilson. 118018 Medium CVE-2011-3104: Out-of-bounds read in Skia. Credit to Google Chrome Security Team Inferno. 120912 High CVE-2011-3105: Use-after-free...

10CVSS0.9AI score0.04272EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/04/23 12:0 a.m.•28 views

asterisk -- multiple vulnerabilities

Asterisk project reports: Remote Crash Vulnerability in SIP Channel Driver Heap Buffer Overflow in Skinny Channel Driver Asterisk Manager User Unauthorized Shell Access...

6.5CVSS6.5AI score0.02721EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2012/04/05 12:0 a.m.•28 views

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 106577 Medium CVE-2011-3066: Out-of-bounds read in Skia clipping. Credit to miaubiz. 117583 Medium CVE-2011-3067: Cross-origin iframe replacement. Credit to Sergey Glazunov. 117698 High CVE-2011-3068: Use-after-free in run-in handling. Credit to miaubiz. 117728 Hig...

6.8CVSS0.3AI score0.02106EPSS
Exploits10References1
FreeBSD
FreeBSD
•added 2012/03/20 12:0 a.m.•28 views

NVIDIA UNIX driver -- access to arbitrary system memory

NVIDIA Unix security team reports: Security vulnerability CVE-2012-0946 in the NVIDIA UNIX driver was disclosed to NVIDIA on March 20th, 2012. The vulnerability makes it possible for an attacker who has read and write access to the GPU device nodes to reconfigure GPUs to gain access to arbitrary...

4.6CVSS6.5AI score0.00725EPSS
Exploits0
FreeBSD
FreeBSD
•added 2012/03/05 12:0 a.m.•28 views

linux-flashplugin -- multiple vulnerabilities

These vulnerabilities could cause a crash and potentially allow an attacker to take control of the affected system...

10CVSS6.5AI score0.06376EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2011/11/24 12:0 a.m.•28 views

phpMyAdmin -- Multiple XSS

The phpMyAdmin development team reports: Using crafted database names, it was possible to produce XSS in the Database Synchronize and Database rename panels. Using an invalid and crafted SQL query, it was possible to produce XSS when editing a query on a table overview panel or when using the vie...

4.3CVSS6.3AI score0.0221EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/08/25 12:0 a.m.•28 views

OpenTTD -- Multiple buffer overflows in validation of external data

The OpenTTD Team reports: Multiple buffer overflows in OpenTTD before 1.1.3 allow local users to cause a denial of service daemon crash or possibly gain privileges via 1 a crafted BMP file with RLE compression or 2 crafted dimensions in a BMP file...

4.6CVSS6.5AI score0.0038EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/27 12:0 a.m.•28 views

subversion -- remote HTTP DoS vulnerability

Subversion project reports: Subversion HTTP servers up to 1.5.9 inclusive or 1.6.15 inclusive are vulnerable to a remotely triggerable NULL-pointer dereference...

4.3CVSS1.9AI score0.06309EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/01/02 12:0 a.m.•28 views

subversion -- multiple DoS

Entry for CVE-2010-4539 says: The walk function in repos.c in the moddavsvn module for the Apache HTTP Server, as distributed in Apache Subversion before 1.6.15, allows remote authenticated users to cause a denial of service NULL pointer dereference and daemon crash via vectors that trigger the...

6.8CVSS6.1AI score0.05136EPSS
Exploits2
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•28 views

krb5 -- client impersonation vulnerability

The MIT Kerberos team reports: MIT krb5 KDC may issue tickets not requested by a client, based on an attacker-chosen KrbFastArmoredReq. An authenticated remote attacker that controls a legitimate service principal could obtain a valid service ticket to itself containing valid KDC-generated...

2.1CVSS6.4AI score0.02089EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/08/30 12:0 a.m.•28 views

squid -- Denial of service vulnerability in request handling

Squid security advisory 2010:3 reports: Due to an internal error in string handling Squid is vulnerable to a denial of service attack when processing specially crafted requests. This problem allows any trusted client to perform a denial of service attack on the Squid service...

5CVSS6.2AI score0.64243EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/07/20 12:0 a.m.•28 views

git -- buffer overflow vulnerability

Greg Brockman reports: If an attacker were to create a crafted working copy where the user runs any git command, the attacker could force execution of arbitrary code...

7.5CVSS6.4AI score0.02507EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/04/23 12:0 a.m.•28 views

joomla -- multiple vulnerabilities

Joomla! reported the following vulnerabilities: If a user entered a URL with a negative query limit or offset, a PHP notice would display revealing information about the system.. The migration script in the Joomla! installer does not check the file type being uploaded. If the installation...

1.1AI score
Exploits0References4
FreeBSD
FreeBSD
•added 2010/01/27 12:0 a.m.•28 views

wireshark -- LWRES vulnerability

Wireshark project reports: Babi discovered several buffer overflows in the LWRES dissector. It may be possible to make Wireshark crash remotely or by convincing someone to read a malformed packet trace file...

7.5CVSS6.4AI score0.73666EPSS
Exploits12References2
FreeBSD
FreeBSD
•added 2009/12/31 12:0 a.m.•28 views

Zend Framework -- multiple vulnerabilities

The Zend Framework team reports: Potential XSS or HTML Injection vector in ZendJson. Potential XSS vector in ZendServiceReCaptchaMailHide. Potential MIME-type Injection in ZendFileTransfer Executive Summary. Potential XSS vector in ZendFilterStripTags when comments allowed. Potential XSS vector i...

0.9AI score
Exploits0References8
FreeBSD
FreeBSD
•added 2009/10/22 12:0 a.m.•28 views

typo3 -- multiple vulnerabilities in TYPO3 Core

TYPO3 develop team reports: Affected versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below. SQL injection, Cross-site scripting XSS, Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/sessio...

8.5CVSS6.6AI score0.02943EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/09/11 12:0 a.m.•28 views

bugzilla -- two SQL injections, sensitive data exposure

A Bugzilla Security Advisory reports: It is possible to inject raw SQL into the Bugzilla database via the "Bug.create" and "Bug.search" WebService functions. When a user would change his password, his new password would be exposed in the URL field of the browser if he logged in right after changi...

7.5CVSS7AI score0.01393EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2009/07/27 12:0 a.m.•28 views

squid -- several remote denial of service vulnerabilities

Squid security advisory 2009:2 reports: Due to incorrect buffer limits and related bound checks Squid is vulnerable to a denial of service attack when processing specially crafted requests or responses. Due to incorrect data validation Squid is vulnerable to a denial of service attack when...

6.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2009/04/14 12:0 a.m.•28 views

phpmyadmin -- insufficient output sanitizing when generating configuration file

phpMyAdmin Team reports: Setup script used to generate configuration can be fooled using a crafted POST request to include arbitrary PHP code in generated configuration file. Combined with ability to save files on server, this can allow unauthenticated users to execute arbitrary PHP code. This...

7.5CVSS7.2AI score0.10914EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2009/04/06 12:0 a.m.•28 views

wireshark -- multiple vulnerabilities

Wireshark team reports: Wireshark 1.0.7 fixes the following vulnerabilities: The PROFINET dissector was vulnerable to a format string overflow. Bug 3382 Versions affected: 0.99.6 to 1.0.6, CVE-2009-1210. The Check Point High-Availability Protocol CPHAP dissector could crash. Bug 3269 Versions...

10CVSS6.3AI score0.1523EPSS
Exploits3References2
FreeBSD
FreeBSD
•added 2009/02/22 12:0 a.m.•28 views

pango -- integer overflow

oCERT reports: Pango suffers from a multiplicative integer overflow which may lead to a potentially exploitable, heap overflow depending on the calling conditions. For example, this vulnerability is remotely reachable in Firefox by creating an overly large document.location value but only results...

6.8CVSS6.6AI score0.0413EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2009/01/26 12:0 a.m.•28 views

dia -- remote command execution vulnerability

Security Focus reports: An attacker could exploit this issue by enticing an unsuspecting victim to execute the vulnerable application in a directory containing a malicious Python file. A successful exploit will allow arbitrary Python commands to run within the privileges of the currently logged-i...

6.9CVSS6.7AI score0.00399EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/12/14 12:0 a.m.•28 views

mplayer -- twinvq processing buffer overflow vulnerability

A trapkit reports: MPlayer contains a stack buffer overflow vulnerability while parsing malformed TwinVQ media files. The vulnerability may be exploited by a remote attacker to execute arbitrary code in the context of MPlayer...

10CVSS7.6AI score0.07694EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2008/12/09 12:0 a.m.•28 views

phpmyadmin -- cross-site request forgery vulnerability

The phpMyAdmin Team reports: A logged-in user can be subject of SQL injection through cross site request forgery. Several scripts in phpMyAdmin are vulnerable and the attack can be made through table parameter...

6CVSS7.5AI score0.0215EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/12/07 12:0 a.m.•28 views

php5 -- potential magic_quotes_gpc vulnerability

PHP Developers reports: Due to a security bug found in the PHP 5.2.7 release, it has been removed from distribution. The bug affects configurations where magicquotesgpc is enabled, because it remains off even when set to on...

7.5CVSS6.4AI score0.01664EPSS
Exploits2References1
FreeBSD
FreeBSD
•added 2008/11/28 12:0 a.m.•28 views

p5-File-Path -- rmtree allows creation of setuid files

Jan Lieskovsky reports: perl-File-Path rmtree race condition CVE-2005-0448 was assigned to address this This vulnerability was fixed in 5.8.4-7 but re-introduced in 5.8.8-1. It's also present in File::Path 2.xx, up to and including 2.07 which has only a partial fix...

1.2CVSS6.1AI score0.00387EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/11/20 12:0 a.m.•28 views

imlib2 -- XPM processing buffer overflow vulnerability

Secunia reports: A vulnerability has been discovered in imlib2, which can be exploited by malicious people to potentially compromise an application using the library. The vulnerability is caused due to a pointer arithmetic error within the "load" function provided by the XPM loader. This can be...

7.5CVSS6.6AI score0.03641EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/10/29 12:0 a.m.•28 views

openoffice -- arbitrary code execution vulnerabilities

The OpenOffice Team reports: A security vulnerability with the way OpenOffice 2.x process WMF files may allow a remote unprivileged user who provides a StarOffice/StarSuite document that is opened by a local user to execute arbitrary commands on the system with the privileges of the user running...

9.3CVSS7AI score0.06752EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/10/17 12:0 a.m.•28 views

cups -- potential buffer overflow in PNG reading code

CUPS reports: The PNG image reading code did not validate the image size properly, leading to a potential buffer overflow STR 2974...

7.5CVSS6.7AI score0.04403EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/09/30 12:0 a.m.•28 views

mplayer -- multiple integer overflows

The oCERT team reports: The MPlayer multimedia player suffers from a vulnerability which could result in arbitrary code execution and at the least, in unexpected process termination. Three integer underflows located in the Real demuxer code can be used to exploit a heap overflow, a specific video...

9.3CVSS7.2AI score0.10852EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/09/15 12:0 a.m.•28 views

phpmyadmin -- Code execution vulnerability

A phpMyAdmin security announcement: The serverdatabases.php script was vulnerable to an attack coming from a user who is already logged-on to phpMyAdmin, where he can execute shell code if the PHP configuration permits commands like exec...

8.5CVSS7AI score0.11175EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/08/15 12:0 a.m.•28 views

neon -- NULL pointer dereference in Digest domain support

Joe Orton reports: A NULL pointer deference in the Digest authentication support in neon versions 0.28.0 through 0.28.2 inclusive allows a malicious server to crash a client application, resulting in possible denial of service...

4.3CVSS6.5AI score0.02266EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2008/06/19 12:0 a.m.•28 views

ruby -- multiple integer and buffer overflow vulnerabilities

The official ruby site reports: Multiple vulnerabilities in Ruby may lead to a denial of service DoS condition or allow execution of arbitrary code...

7.8CVSS7AI score0.03759EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/05/21 12:0 a.m.•28 views

spamdyke -- open relay

Spamdyke Team reports: Fixed smtpfilter to reject the DATA command if no valid recipients have been specified. Otherwise, a specific scenario could result in every spamdyke installation being used as an open relay. If the remote server connects and gives one or more recipients that are rejected f...

6.4CVSS6.7AI score0.01359EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/05/20 12:0 a.m.•28 views

peercast -- arbitrary code execution

Nico Golde discovered that PeerCast, a P2P audio and video streaming server, is vulnerable to a buffer overflow in the HTTP Basic Authentication code, allowing a remote attacker to crash PeerCast or execure arbitrary code...

7.5CVSS6.7AI score0.14863EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/02/28 12:0 a.m.•28 views

ghostscript -- zseticcspace() function buffer overflow vulnerability

Chris Evans from the Google Security Team reports: Severity: parsing of evil PostScript file will result in arbitrary code execution. A stack-based buffer overflow in the zseticcspace function in zicc.c allows remote arbitrary code execution via a malicious PostScript file .ps that contains a lon...

6.8CVSS7.6AI score0.14409EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/02/05 12:0 a.m.•28 views

mplayer -- multiple vulnerabilities

The Mplayer team reports: A buffer overflow was found in the code used to extract album titles from CDDB server answers. When parsing answers from the CDDB server, the album title is copied into a fixed-size buffer with insufficient size checks, which may cause a buffer overflow. A malicious...

9.3CVSS7.5AI score0.08878EPSS
Exploits3References1
FreeBSD
FreeBSD
•added 2008/01/10 12:0 a.m.•28 views

drupal -- cross site scripting (register_globals)

The Drupal Project reports: When theme .tpl.php files are accessible via the web and the PHP setting registerglobals is set to enabled, anonymous users are able to execute cross site scripting attacks via specially crafted links. Drupal's .htaccess attempts to set registerglobals to disabled and...

2.6CVSS6.5AI score0.01545EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/10/26 12:0 a.m.•28 views

py-django -- denial of service vulnerability

Django project reports: A per-process cache used by Django's internationalization "i18n" system to store the results of translation lookups for particular values of the HTTP Accept-Language header used the full value of that header as a key. An attacker could take advantage of this by sending...

0.8AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2007/08/29 12:0 a.m.•28 views

gallery2 -- multiple vulnerabilities

Gallery project reports: Gallery 2.2.3 addresses the following security vulnerabilities: Unauthorized renaming of items possible with WebDAV reported by Merrick Manalastas Unauthorized modification and retrieval of item properties possible with WebDAV Unauthorized locking and replacing of items...

6.4CVSS6.4AI score0.01695EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/07/15 12:0 a.m.•28 views

mysql -- remote dos via malformed password packet

MySQL reports: A malformed password packet in the connection protocol could cause the server to crash...

5CVSS6.5AI score0.14051EPSS
Exploits0References1
Total number of security vulnerabilities5000