Lucene search
K
FreebsdMost viewed

6585 matches found

FreeBSD
FreeBSD
•added 2012/04/28 12:0 a.m.•26 views

WebCalendar -- multiple vulnerabilities

Hanno Boeck reports: Fixes are now available for various security vulnerabilities including LFI local file inclusion, XSS cross site scripting and others...

9.8CVSS8.8AI score0.79764EPSS
Exploits15References3
FreeBSD
FreeBSD
•added 2012/04/12 12:0 a.m.•26 views

nginx -- Buffer overflow in the ngx_http_mp4_module

The nginx project reports: Buffer overflow in the ngxhttpmp4module...

6.8CVSS6.7AI score0.09629EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2012/03/21 12:0 a.m.•26 views

phpList -- SQL injection and XSS vulnerability

Zero Science Lab reports: Input passed via the parameter 'sortby' is not properly sanitised before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The param 'num' is vulnerable to a XSS issue where the attacker ca...

6.9AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2012/02/15 12:0 a.m.•26 views

xinetd -- attackers can bypass access restrictions if tcpmux-servers service enabled

Thomas Swan reports: xinetd allows for services to be configured with the TCPMUX or TCPMUXPLUS service types, which makes those services available on port 1, as per RFC 1078 1, if the tcpmux-server service is enabled. When the tcpmux-server service is enabled, xinetd would expose all enabled...

4.3CVSS6.4AI score0.02779EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2011/12/07 12:0 a.m.•26 views

isc-dhcp-server -- Remote DoS

ISC reports: A bug exists which allows an attacker who is able to send DHCP Request packets, either directly or through a relay, to remotely crash an ISC DHCP server if that server is configured to evaluate expressions using a regular expression i.e. uses the "=" or "" comparison operators...

5CVSS6.4AI score0.15478EPSS
Exploits0
FreeBSD
FreeBSD
•added 2011/11/16 12:0 a.m.•26 views

BIND -- Remote DOS

The Internet Systems Consortium reports: Organizations across the Internet reported crashes interrupting service on BIND 9 nameservers performing recursive queries. Affected servers crashed after logging an error in query.c with the following message: "INSIST! dnsrdatasetisassociatedsigrdataset"...

5CVSS8.6AI score0.16747EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/11/08 12:0 a.m.•26 views

gnutls -- client session resumption vulnerability

The GnuTLS team reports: GNUTLS-SA-2011-2 Possible buffer overflow/Denial of service...

4.3CVSS8.7AI score0.02386EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/26 12:0 a.m.•26 views

libXfont -- possible local privilege escalation

Tomas Hoger reports: The compress/ LZW decompress implentation does not correctly handle compressed streams that contain code words that were not yet added to the decompression table. This may lead to arbitrary memory corruption. Successfull exploitation may possible lead to a local privilege...

9.3CVSS7.7AI score0.08355EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/07/19 12:0 a.m.•26 views

mod_perl2 -- execute arbitrary Perl code

modperl2 2.0.11 fixes Arbitrary Perl code execution in the context of the user account via a user-owned .htaccess. modperl 2.0 through 2.0.10 allows attackers to execute arbitrary Perl code by placing it in a user-owned .htaccess file, because contrary to the documentation there is no configurati...

10CVSS3.2AI score0.08946EPSS
Exploits0References5
FreeBSD
FreeBSD
•added 2011/06/24 12:0 a.m.•26 views

Asterisk -- multiple vulnerabilities

The Asterisk Development Team reports: AST-2011-008: If a remote user sends a SIP packet containing a NULL, Asterisk assumes available data extends past the null to the end of the packet when the buffer is actually truncated when copied. This causes SIP header parsing to modify data past the end ...

5CVSS6.7AI score0.04612EPSS
Exploits0References4
FreeBSD
FreeBSD
•added 2011/05/13 12:0 a.m.•26 views

linux-flashplugin -- remote code execution vulnerability

Adobe Product Security Incident Response Team reports: A critical vulnerability has been identified in Adobe Flash Player 10.3.181.23 and earlier versions for Windows, Macintosh, Linux and Solaris, and Adobe Flash Player 10.3.185.23 and earlier versions for Android. This memory corruption...

10CVSS6.3AI score0.86421EPSS
Exploits11References1
FreeBSD
FreeBSD
•added 2011/04/14 12:0 a.m.•26 views

rt -- multiple vulnerabilities

Best Practical reports: In the process of preparing the release of RT 4.0.0, we performed an extensive security audit of RT's source code. During this audit, several vulnerabilities were found which affect earlier releases of RT...

6.5CVSS1.7AI score0.03782EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2011/03/07 12:0 a.m.•26 views

redmine -- XSS vulnerability

Jean-Philippe Lang reports: This maintenance release for 1.1.x users includes 13 bug fixes since 1.1.1 and a security fix XSS vulnerability affecting all Redmine versions from 1.0.1 to 1.1.1...

3AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2011/02/28 12:0 a.m.•26 views

Samba -- Denial of service - memory corruption

The Samba team reports: Samba is vulnerable to a denial of service, caused by a memory corruption error related to missing range checks on file descriptors being used in the "FDSET" macro. By performing a select on a bad file descriptor set, a remote attacker could exploit this vulnerability to...

5CVSS3.2AI score0.04648EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2011/01/15 12:0 a.m.•26 views

tor -- remote code execution and crash

The Tor Project reports: A remote heap overflow vulnerability that can allow remote code execution. Other fixes address a variety of assert and crash bugs, most of which we think are hard to exploit remotely. All Tor users should upgrade...

6.8CVSS3.9AI score0.04444EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2010/11/30 12:0 a.m.•26 views

krb5 -- RFC 3961 key-derivation checksum handling vulnerability

The MIT Kerberos team reports: MIT krb5 releases incorrectly accepts RFC 3961 key-derivation checksums using RC4 keys when verifying AD-SIGNEDPATH and AD-KDC-ISSUED authorization data. An authenticated remote attacker that controls a legitimate service principal has a 1/256 chance of forging the...

6.3CVSS6.1AI score0.01916EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2010/06/09 12:0 a.m.•26 views

p5-libwww -- possibility to remote servers to create file with a .(dot) character

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a .' dot character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and...

6.8CVSS7.2AI score0.03287EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2010/05/01 12:0 a.m.•26 views

awstats -- arbitrary commands execution vulnerability

Awstats change log reports: Security fix Traverse directory of LoadPlugin Security fix Limit config to defined directory to avoid access to external config file via a nfs or webdav link...

7.5CVSS6.4AI score0.27673EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2010/01/25 12:0 a.m.•26 views

irc-ratbox -- multiple vulnerabilities

SecurityFocus reports: The first affects the /quote HELP module and allows a user to trigger an IRCD crash on some platforms. The second affects the /links processing module when the flattenlinks configuration option is not enabled...

6.8CVSS6.4AI score0.04026EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2009/11/30 12:0 a.m.•26 views

ruby -- heap overflow vulnerability

The official ruby site reports: There is a heap overflow vulnerability in Stringljust, Stringcenter and Stringrjust. This has allowed an attacker to run arbitrary code in some rare cases...

10CVSS6.9AI score0.03875EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2009/11/12 12:0 a.m.•26 views

wordpress -- multiple vulnerabilities

secunia reports: The security issue is caused due to the wpcheckfiletype function in /wp-includes/functions.php improperly validating uploaded files. This can be exploited to execute arbitrary PHP code by uploading a malicious PHP script with multiple extensions. Successful exploitation of this...

7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2009/09/02 12:0 a.m.•26 views

cyrus-imapd -- Potential buffer overflow in Sieve

The Cyrus IMAP Server ChangeLog states: Fixed CERT VU336053 - Potential buffer overflow in Sieve...

4.4CVSS5.7AI score0.00483EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2009/08/18 12:0 a.m.•26 views

pidgin -- MSN overflow parsing SLP messages

Secunia reports: A vulnerability has been reported in Pidgin, which can be exploited by malicious people to potentially compromise a user's system. The vulnerability is caused due to an error in the "msnslplinkprocessmsg" function when processing MSN SLP messages and can be exploited to corrupt...

10CVSS6.6AI score0.20295EPSS
Exploits8References2
FreeBSD
FreeBSD
•added 2008/11/27 12:0 a.m.•26 views

samba -- potential leakage of arbitrary memory contents

Samba Team reports: Samba 3.0.29 and beyond contain a change to deal with gcc 4 optimizations. Part of the change modified range checking for client-generated offsets of secondary trans, trans2 and nttrans requests. These requests are used to transfer arbitrary amounts of memory from clients to...

8.5CVSS6.7AI score0.04331EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/08/24 12:0 a.m.•26 views

p5-UI-Dialog -- shell command execution vulnerability

Matthijs Kooijman reports: It seems that the whiptail, cdialog and kdialog backends apply some improper escaping in their shell commands, causing special characters present in menu item titles to be interpreted by the shell. This includes the backtick evaluation operator, so this constitutes a...

9.8CVSS9.2AI score0.03429EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2008/08/20 12:0 a.m.•26 views

opera -- multiple vulnerabilities

The Opera Team reports: Scripts are able to change the addresses of framed pages that come from the same site. Due to a flaw in the way that Opera checks what frames can be changed, a site can change the address of frames on other sites inside any window that it has opened. This allows sites to...

6.3AI score
Exploits0References5
FreeBSD
FreeBSD
•added 2008/08/13 12:0 a.m.•26 views

drupal -- multiple vulnerabilities

The Drupal Project reports: A bug in the output filter employed by Drupal makes it possible for malicious users to insert script code into pages cross site scripting or XSS. A bug in the private filesystem trusts the MIME type sent by the browser, enabling malicious users with the ability to uplo...

6.5CVSS6.6AI score0.02544EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/07/31 12:0 a.m.•26 views

openvpn-devel -- arbitrary code execution

James Yonan reports: Security Fix - affects non-Windows OpenVPN clients running OpenVPN 2.1-beta14 through 2.1-rc8 OpenVPN 2.0.x clients are NOT vulnerable nor are any versions of the OpenVPN server vulnerable. An OpenVPN client connecting to a malicious or compromised server could potentially...

7.6CVSS6.9AI score0.02117EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/07/13 12:0 a.m.•26 views

libxine -- denial of service vulnerability

xine team reports: A new xine-lib version is now available. This release contains some security fixes, notably a DoS via corrupted Ogg files CVE-2008-3231, some related fixes, and fixes for a few possible buffer overflows...

4.3CVSS6.6AI score0.01922EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2008/05/30 12:0 a.m.•26 views

ikiwiki -- empty password security hole

The ikiwiki development team reports: This hole allowed ikiwiki to accept logins using empty passwords to openid accounts that didn't use a password. Upgrading to a non-vulnerable ikiwiki version immediatly is recommended if your wiki allows both password and openid logins...

6.8CVSS6.5AI score0.01576EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/05/20 12:0 a.m.•26 views

Nagios -- Cross Site Scripting Vulnerability

Secunia reports: A vulnerability has been reported in Nagios, which can be exploited by malicious people to conduct cross-site scripting attacks...

4.3CVSS6.3AI score0.01774EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/04/18 12:0 a.m.•26 views

vorbis-tools -- Speex header processing vulnerability

Secunia reports: A vulnerability has been reported in vorbis-tools, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing Speex headers, which can be exploited via a specially crafted Spee...

9.3CVSS6.5AI score0.06494EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2008/04/15 12:0 a.m.•26 views

clamav -- Multiple Vulnerabilities

Secunia reports: Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS Denial of Service or to compromise a vulnerable system. 1 A boundary error exists within the "cliscanpe" function in libclamav/pe.c. This can be exploited to cause a...

7.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2008/03/01 12:0 a.m.•26 views

phpmyadmin -- SQL injection vulnerability

A phpMyAdmin security announcement report: phpMyAdmin used the $REQUEST superglobal as a source for its parameters, instead of $GET and $POST. This means that on most servers, a cookie with the same name as one of phpMyAdmin's parameters can interfere. Another application could set a cookie for t...

5.1CVSS6.5AI score0.00912EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2008/01/23 12:0 a.m.•26 views

libxine -- buffer overflow vulnerability

xine project reports: A new xine-lib version is now available. This release contains a security fix remotely-expoitable buffer overflow, CVE-2006-1664. This is not the first time that that bug has been fixed... It also fixes a few more recent bugs, such as the audio output problems in 1.1.9...

7.5CVSS6.5AI score0.14637EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2007/12/03 12:0 a.m.•26 views

claws-mail -- insecure temporary file creation

Nico Golde reports: A local attacker could exploit this vulnerability to conduct symlink attacks to overwrite files with the privileges of the user running Claws Mail...

3.6CVSS6.2AI score0.00365EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2007/11/26 12:0 a.m.•26 views

firefox -- multiple remote unspecified memory corruption vulnerabilities

Mozilla Foundation reports: The Firefox 2.0.0.10 update contains fixes for three bugs that improve the stability of the product. These crashes showed some evidence of memory corruption under certain circumstances and we presume that with enough effort at least some of these could be exploited to...

9.3CVSS7AI score0.05443EPSS
Exploits0
FreeBSD
FreeBSD
•added 2007/11/20 12:0 a.m.•26 views

phpmyadmin -- Cross Site Scripting

phpMyAdmin security announcement: The login page authtype cookie was vulnerable to XSS via the convcharset parameter. An attacker could use this to execute malicious code on the visitors computer...

2.6CVSS6.2AI score0.01314EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/10/29 12:0 a.m.•26 views

wordpress -- cross-site scripting

A Secunia Advisory report: Input passed to the "postscolumns" parameter in wp-admin/edit-post-rows.php is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site...

2.6CVSS6.5AI score0.07003EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/09/10 12:0 a.m.•26 views

mediawiki -- cross site scripting vulnerability

The MediaWiki development team reports: A possible HTML/XSS injection vector in the API pretty-printing mode has been found and fixed. The vulnerability may be worked around in an unfixed version by simply disabling the API interface if it is not in use, by adding this to LocalSettings.php:...

4.3CVSS6.8AI score0.01321EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2007/08/24 12:0 a.m.•26 views

claws-mail -- POP3 Format String Vulnerability

A Secunia Advisory reports: A format string error in the "incputerror" function in src/inc.c when displaying a POP3 server's error response can be exploited via specially crafted POP3 server replies containing format specifiers. Successful exploitation may allow execution of arbitrary code, but...

6.8CVSS6.6AI score0.03167EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2007/07/30 12:0 a.m.•26 views

joomla -- multiple vulnerabilities

A Secunia Advisory reports: joomla can be exploited to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks. Certain unspecified input passed in comsearch, comcontent and modlogin is not properly sanitised before being returned to a user. This can be...

9.3CVSS6.5AI score0.03758EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2007/06/23 12:0 a.m.•26 views

evolution-data-server -- remote execution of arbitrary code vulnerability

Debian project reports: It was discovered that the IMAP code in the Evolution Data Server performs insufficient sanitising of a value later used an array index, which can lead to the execution of arbitrary code...

6.8CVSS6.6AI score0.03122EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/11/27 12:0 a.m.•26 views

evince -- Buffer Overflow Vulnerability

Secunia reports: A vulnerability has been discovered in Evince, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to a boundary error within the "getnexttext" function in ps/ps.c. This can be exploited to cause a buffer overflow by e.g...

5.1CVSS6.8AI score0.14838EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2006/10/26 12:0 a.m.•26 views

wv -- Multiple Integer Overflow Vulnerabilities

Secunia reports: Some vulnerabilities have been reported in wvWare, which can be exploited by malicious people to cause a DoS Denial of Service and potentially compromise an application using the library. The vulnerabilities are caused due to integer overflows within the "wvGetLFOrecords" and...

5.1CVSS6.6AI score0.03385EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2006/09/26 12:0 a.m.•26 views

MT -- Search Unspecified XSS

Secunia reports: Arai has reported a vulnerability in Movable Type and Movable Type Enterprise, which can be exploited by malicious people to conduct cross-site scripting attacks. Some unspecified input passed via the search functionality isn't properly sanitised before being returned to the user...

4.3CVSS6.4AI score0.01313EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 2006/09/12 12:0 a.m.•26 views

phpbb -- NULL byte injection vulnerability

Secunia reports: ShAnKaR has discovered a vulnerability in phpBB, which can be exploited by malicious users to compromise a vulnerable system. Input passed to the "avatarpath" parameter in admin/adminboard.php is not properly sanitised before being used as a configuration variable to store avatar...

4.6CVSS6.8AI score0.01584EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 2006/08/08 12:0 a.m.•26 views

globus -- Multiple tmpfile races

The Globus Alliance reports: The proxy generation tool grid-proxy-init creates the file, secures the file to provide access only to owner and writes proxy to the file. A race condition exists between the opening of the proxy credentials file, and making sure it is safe file to write to. The check...

6.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2006/05/04 12:0 a.m.•26 views

libmms -- stack-based buffer overflow

Mitre CVE reports: Stack-based buffer overflow in libmms, as used by a MiMMS 0.0.9 and b xine-lib 1.1.0 and earlier, allows remote attackers to cause a denial of service application crash and possibly execute arbitrary code via the 1 sendcommand, 2 stringutf16, 3 getdata, and 4 getmediapacket...

5.1CVSS7.8AI score0.04262EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2006/03/22 12:0 a.m.•26 views

ipsec -- reply attack vulnerability

Problem Description IPsec provides an anti-replay service which when enabled prevents an attacker from successfully executing a replay attack. This is done through the verification of sequence numbers. A programming error in the fastipsec4 implementation results in the sequence number associated...

7.5CVSS6.3AI score0.01804EPSS
Exploits0
Total number of security vulnerabilities5000