229 matches found
CVE-2004-1613
Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that contains a (1) TEXTAREA, (2) INPUT, (3) FRAMESET or (4) IMG tag followed by a null character and some trailing characters, as demonstrated by mangleme.
CVE-2003-0041
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2003-0461
/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of characters used in serial links, which could allow local users to obtain potentially sensitive information such as the length of passwords.
CVE-2003-0551
The STP protocol implementation in Linux 2.4.x does not properly verify certain lengths, which could allow attackers to cause a denial of service.
CVE-2000-0289
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
CVE-2001-0886
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
CVE-2003-0364
The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows remote attackers to cause a denial of service (CPU consumption) via certain packets that cause a large number of hash table collisions.
CVE-2003-0550
The STP protocol, as enabled in Linux 2.4.x, does not provide sufficient security by design, which allows attackers to modify the bridge topology.
CVE-1999-0041
Buffer overflow in NLS (Natural Language Service).
CVE-1999-0125
Buffer overflow in SGI IRIX mailx program.
CVE-2000-0867
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
CVE-2002-0080
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVE-2003-0370
Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Common Name (CN) field for X.509 Certificates, which could allow remote attackers to spoof certificates via a man-in-the-middle attack.
CVE-1999-0034
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
CVE-1999-0234
Bash treats any character with a value of 255 as a command separator.
CVE-2000-0017
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
CVE-2000-0314
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
CVE-2000-1221
The line printer daemon (lpd) in the lpr package in multiple Linux operating systems authenticates by comparing the reverse-resolved hostname of the local machine to the hostname of the print server as returned by gethostname, which allows remote attackers to bypass intended access controls by modi...
CVE-2001-0977
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
CVE-2002-1814
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
CVE-2004-0905
Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain.
CVE-2004-1333
Integer overflow in the vc_resize function in the Linux kernel 2.4 and 2.6 before 2.6.10 allows local users to cause a denial of service (kernel crash) via a short new screen value, which leads to a buffer overflow.
CVE-1999-0433
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
CVE-1999-0434
XFree86 xfs command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
CVE-1999-0768
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.
CVE-1999-0986
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
CVE-2000-0229
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
CVE-2000-0566
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
CVE-2000-0633
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
CVE-2001-0170
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
CVE-2004-0619
Integer overflow in the ubsec_keysetup function for Linux Broadcom 5820 cryptonet driver allows local users to cause a denial of service (crash) and possibly execute arbitrary code via a negative add_dsa_buf_bytes variable, which leads to a buffer overflow.
CVE-1999-0131
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
CVE-1999-0769
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
CVE-2000-1134
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing <
CVE-1999-0997
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
CVE-2000-0052
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
CVE-2001-0197
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
CVE-2001-0690
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
CVE-2001-1030
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
CVE-1999-0705
Buffer overflow in INN inews program.
CVE-2000-0392
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
CVE-2001-0119
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0142
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
CVE-1999-0872
Buffer overflow in Vixie cron allows local users to gain root access via a long MAILTO environment variable in a crontab file.
CVE-2001-0117
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
CVE-2001-0736
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
CVE-2001-0946
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.
CVE-2002-0004
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
CVE-2003-0989
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057.
CVE-1999-0297
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.