CVE-2010-0935
https://notcve.org/view.php?id=CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. Perforce Server 2009.2 y anteriores, cuando la tabla de proteccion esta vacia, permite a usuarios remotos autenticados obtener super privilegios a traves del comando "p4 protect". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html http://www.securityfocus.com/bid/36261 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2010-0932
https://notcve.org/view.php?id=CVE-2010-0932
The FTP server in Perforce Server 2008.1 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a certain MKD command. El servidor FTP en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (desreferencia a puntero NULL y caida de demonio) a traves de cierto comando MKD. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •
CVE-2010-0929
https://notcve.org/view.php?id=CVE-2010-0929
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (daemon crash) via crafted data beginning with a byte sequence of 0x4c, 0xb3, 0xff, 0xff, and 0xff. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (caida de demonio) a traves de datos manipulados que empiezan con una secuencia de bytes 0x4c, 0xb3, 0xff, 0xff, and 0xff. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-20: Improper Input Validation •
CVE-2010-0934
https://notcve.org/view.php?id=CVE-2010-0934
The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary operating-system commands by using a "p4 client" command in conjunction with the form-in trigger script. La funcionalidad de inicio en Perforce Server 2008.1 permite a usuarios remotos autenticados con super privilegios ejecutar comandos del sistema operativo mediante el uso de un comando "cliente p4" en union con la secuencia de comando de inicio. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2010-0930
https://notcve.org/view.php?id=CVE-2010-0930
The Perforce service (p4s.exe) in Perforce Server 2008.1 allows remote attackers to cause a denial of service (infinite loop) via crafted data that includes a byte sequence of 0xdc, 0xff, 0xff, and 0xff immediately before the client protocol version number. El servicio Perforce (p4s.exe) en Perforce Server 2008.1 permite a atacantes remotos producir una denegacion de servicio (bucle infinito) a traves de datos manipulados que incluyen una secuencia de bytes 0xdc, 0xff, 0xff, y 0xff inmediatamente antes del numero de version del protocolo del cliente. • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.securityfocus.com/bid/36261 • CWE-399: Resource Management Errors •