Lucene search
K
FreebsdRecent

6578 matches found

FreeBSD
FreeBSD
•added 2003/06/21 12:0 a.m.•47 views

GNATS local privilege elevation

GNATS 3.113.1 contains multiple buffer overflows, through which a local attacker could gain elevated privileges on the system...

5.6AI score
Exploits0References9
FreeBSD
FreeBSD
•added 2003/06/20 12:0 a.m.•17 views

leafnode fetchnews denial-of-service triggered by missing header

Fetchnews could hang when a news article to be downloaded lacked one of the mandatory headers. Found by Joshua Crawford...

5CVSS6.4AI score0.01798EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2003/04/25 12:0 a.m.•22 views

ChiTeX/ChiLaTeX unsafe set-user-id root

Niels Heinen reports that ChiTeX installs set-user-id root executables that invoked system3 without setting up the environment, trivially allowing local root compromise...

3.5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2003/04/16 12:0 a.m.•20 views

mod_access_referer -- null pointer dereference vulnerability

A malformed Referer header field causes the Apache apparseuricomponents function to discard it with the result that a pointer is not initialized. The modaccessreferer module does not take this into account with the result that it may use such a pointer. The null pointer vulnerability may possibly...

5CVSS6.4AI score0.07124EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2003/04/08 12:0 a.m.•19 views

seti@home remotely exploitable buffer overflow

The seti@home client contains a buffer overflow in the HTTP response handler. A malicious, spoofed seti@home server can exploit this buffer overflow to cause remote code execution on the client. Exploit programs are widely available...

1.7AI score
Exploits0References2
FreeBSD
FreeBSD
•added 2003/04/03 12:0 a.m.•31 views

cscope -- symlink attack vulnerability

cscope is vulnerable to a symlink attack which could lead to an attacker overwriting arbitrary files with the permissions of the user running cscope...

2.1CVSS2.4AI score0.01145EPSS
Exploits2References3
FreeBSD
FreeBSD
•added 2003/04/03 12:0 a.m.•14 views

Format string vulnerability in SSLtelnet

SSLtelnet contains a format string vulnerability that could allow remote code execution and privilege escalation...

10CVSS7.4AI score0.04487EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/02/24 12:0 a.m.•18 views

sircd -- remote reverse DNS buffer overflow

Secunia reports: A vulnerability in sircd can be exploited by a malicious person to compromise a vulnerable system. The vulnerability is caused by a boundary error in the code handling reverse DNS lookups, when a user connects to the service. If the FQDN Fully Qualified Domain Name returned is...

5AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2003/02/08 12:0 a.m.•30 views

mailman XSS in user options page

From the 2.1.1 release notes: Closed a cross-site scripting vulnerability in the user options page...

4.3CVSS5.9AI score0.04721EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2003/01/16 12:0 a.m.•29 views

mpg123 vulnerabilities

In 2003, two vulnerabilities were discovered in mpg123 that could result in remote code execution when using untrusted input or streaming from an untrusted server...

7.5AI score
Exploits0
FreeBSD
FreeBSD
•added 2003/01/01 12:0 a.m.•30 views

multiple buffer overflows in xboing

Steve Kemp reports in a Debian bug submission: Due to improper bounds checking it is possible for a malicious user to gain a shell with membership group 'games'. The binary is installed setgid games. Environmental variables are used without being bounds-checked in any way, from the source code:...

4.6CVSS6.8AI score0.00508EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2002/12/02 12:0 a.m.•29 views

Cyrus IMAP pre-authentication heap overflow vulnerability

In December 2002, Timo Sirainen reported: Cyrus IMAP server has a remotely exploitable pre-login buffer overflow. ... Note that you don't have to log in before exploiting this, and since Cyrus runs everything under one UID, it's possible to read every user's mail in the system. It is unknown...

7.5CVSS6.5AI score0.16517EPSS
Exploits1References2
FreeBSD
FreeBSD
•added 2002/11/06 12:0 a.m.•20 views

leafnode denial-of-service triggered by article request

The leafnode NNTP server may go into an unterminated loop with 100% CPU use when an article is requested by Message-ID that has been crossposted to several news groups when one of the group names is the prefix of another group name that the article was cross-posted to. Found by Jan Knutar...

5CVSS6.5AI score0.02333EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2002/10/23 12:0 a.m.•24 views

pine remote denial-of-service attack

An attacker may send a specially-formatted email message that will cause pine to crash...

5CVSS6.3AI score0.09617EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 2002/04/28 12:0 a.m.•30 views

icecast 1.x multiple vulnerabilities

icecast 1.3.11 and earlier contained numerous security vulnerabilities, the most severe allowing a remote attacker to execute arbitrary code as root...

7.5CVSS7.4AI score0.09628EPSS
Exploits3
FreeBSD
FreeBSD
•added 2002/03/27 12:0 a.m.•37 views

tiff -- divide-by-zero denial-of-service

A US-CERT vulnerability note reports: An Integer overflow in the LibTIFF library may allow a remote attacker to cause a divide-by-zero error that results in a denial-of-service condition...

4.3CVSS6.6AI score0.04329EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2002/03/02 12:0 a.m.•15 views

security/cfs -- buffer overflow

Debian reports: Zorgon found several buffer overflows in cfsd, a daemon that pushes encryption services into the Unixtm file system. We are not yet sure if these overflows can successfully be exploited to gain root access to the machine running the CFS daemon. However, since cfsd can easily be...

7.5CVSS6.7AI score0.04127EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2002/01/10 12:0 a.m.•25 views

nwclient -- multiple vulnerabilities

Insecure file permissions, network access control and DNS usage put systems that use Legato NetWorker at risk. When the software is running, several files that contain sensitive information are created with insecure permissions. The information exposed include passwords and can therefore be used...

6.2AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2002/01/04 12:0 a.m.•17 views

pine insecure URL handling

An attacker may send an email message containing a specially constructed URL that will execute arbitrary commands when viewed...

3.8AI score
Exploits0
FreeBSD
FreeBSD
•added 2001/06/21 12:0 a.m.•26 views

eperl -- Remote code execution

David Madison reports: ePerl is a multipurpose Perl filter and interpreter program for Unix systems. The ePerl preprocessor contains an input validation error. The preprocessor allows foreign data to be "safely" included using the 'sinclude' directive. The problem occurs when a file referenced by...

7.5CVSS6.4AI score0.02798EPSS
Exploits0References3
FreeBSD
FreeBSD
•added 2001/04/12 12:0 a.m.•22 views

nap allows arbitrary file access

According to the author: Fixed security loophole which allowed remote clients to access arbitrary files on our system...

3.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2000/09/29 12:0 a.m.•21 views

pine remotely exploitable buffer overflow in newmail.c

Kris Kennaway reports a remotely exploitable buffer overflow in newmail.c. Mike Silbersack submitted the fix...

4.7AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2000/06/22 12:0 a.m.•18 views

CCE contains exploitable buffer overflows

The Chinese Console Environment contains exploitable buffer overflows...

3.4AI score
Exploits0References1
FreeBSD
FreeBSD
•added 2000/05/23 12:0 a.m.•25 views

qpopper format string vulnerability

An authenticated user may trigger a format string vulnerability present in qpopper's UIDL code, resulting in arbitrary code execution with group ID mail' privileges...

7.5CVSS7.2AI score0.03349EPSS
Exploits0References1
FreeBSD
FreeBSD
•added 2000/02/19 12:0 a.m.•32 views

xloadimage -- buffer overflow in FACES image handling

In 2001, zen-parse discovered a buffer overflow in xloadimage's FACES image loader. A maliciously crafted image could cause xloadimage to execute arbitrary code. A published exploit exists for this vulnerability. In 2005, Rob Holland discovered that the same vulnerability was present in xli...

7.5CVSS7.4AI score0.16344EPSS
Exploits1References3
FreeBSD
FreeBSD
•added 1999/07/29 12:0 a.m.•39 views

squid -- possible abuse of cachemgr.cgi

The squid patches page notes: This patch adds access controls to the cachemgr.cgi script, preventing it from being abused to reach other servers than allowed in a local configuration file...

7.5CVSS6.2AI score0.116EPSS
Exploits0References2
FreeBSD
FreeBSD
•added 1999/07/21 12:0 a.m.•21 views

GNU finger vulnerability

GNU security announcement: GNU Finger unfortunately has not been updated in many years, and has known security vulnerabilities. Please do not use it in production environments...

7.2CVSS6.5AI score0.00464EPSS
Exploits1References1
FreeBSD
FreeBSD
•added 1995/06/01 12:0 a.m.•64 views

TCP denial-of-service attacks against long lived connections

NISCC / UNIRAS has published an advisory that re-visits the long discussed spoofed TCP RST denial-of-service vulnerability. This new look emphasizes the fact that for some applications such attacks are practically feasible...

5CVSS2.7AI score0.80855EPSS
Exploits3References1
Total number of security vulnerabilities6578