Page 11 of 101 results (0.016 seconds)

CVSS: 10.0EPSS: 1%CPEs: 76EXPL: 1

The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions. La interfaz web (cgi-bin/admin.c) en CUPS antes de v1.3.8 utiliza un nombre de usuario de invitado cuando un usuario no esta conectado al servidor web, lo cual facilita a atacantes remotos evitar la política y conducir un ataque CSRF a través de las funciones (1) add y (2) cancel suscripciones RSS. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://www.cups.org/str.php?L2774 http://www.gnucitizen.org/blog/pwning-ubuntu-via-cups http://www.mandriva.com/security/advisories?name=MDVSA-2009:028 http://www.openwall.com/lists/oss-security/2008/11/19/3 • CWE-255: Credentials Management Errors •

CVSS: 6.8EPSS: 85%CPEs: 77EXPL: 0

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow. Desbordamiento de entero en la función WriteProlog de texttops en CUPS antes de 1.3.9 permite a atacantes remotos ejecutar código de su elección mediante un archivo PostScript manipulado que dispara un desbordamiento de búfer basado en montículo. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=752 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/32084 http://secunia.com/advisories/32226 http://secunia.com/advisories/32284 http://secunia.com/advisories/32292 http://secunia.com/advisories/32316 http://secunia.com/advisories/32331 http://secunia.com/advisories/33085 http://secunia.com/advisories/33111 http://sunsolve.sun.com/search/document.do?assetkey=1& • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 7.5EPSS: 81%CPEs: 77EXPL: 0

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count. Desbordamiento de búfer basado en pila en la función read_rle16 de imagetops en CUPS anterior a la versión 1.3.9 permite a un atacante remoto ejecutar código de su elección por medio de una imagen SGI con datos Run Length Encoded (RLE) malformados que contienen una pequeña imagen y un número de filas alto. • http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=753 http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://secunia.com/advisories/32084 http://secunia.com/advisories/32226 http://secunia.com/advisories/32284 http://secunia.com/advisories/32292 http://secunia.com/advisories/32316 http://secunia.com/advisories/32331 http://secunia.com/advisories/33085 http://secunia.com/advisories/33111 http://sunsolve.sun.com/search/document.do?assetkey=1& • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-122: Heap-based Buffer Overflow •

CVSS: 10.0EPSS: 90%CPEs: 77EXPL: 2

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory. El filtro de lenguaje grafico de Hewlett-Packard (HPGL) en el CUPS en versiones anteriores a v1.3.9 permite a atacantes remotos ejecutar codigo a su elección a traves de codigos manipulados de anchura y color de lapiz que permite la sobreescritura de memoria a su elección. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple CUPS. Authentication is not required to exploit this vulnerability. The specific flaw exists in the Hewlett-Packard Graphics Language filter. Inadequate bounds checking on the pen width and pen color opcodes result in an arbitrary memory overwrite allowing for the execution of arbitrary code as the "hgltops" process uid. • https://www.exploit-db.com/exploits/32470 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://secunia.com/advisories/32084 http://secunia.com/advisories/32222 http://secunia.com/advisories/32226 http://secunia.com/advisories/32284 http://secunia.com/advisories/32292 http://secunia.com/advisories/32316 http:/ • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 1%CPEs: 1EXPL: 0

Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image. Múltiples desbordamientos de enteros en (1) filter/image-png.c y (2) fileter/image-zoom.c en CUPS 1.3, permite a atacantes provocar una denegación de servicio (caída)a disparar una corrupción de memoria, como se demostró a través de una imagen PNG. • http://secunia.com/advisories/29809 http://secunia.com/advisories/29902 http://secunia.com/advisories/30078 http://secunia.com/advisories/30190 http://secunia.com/advisories/30553 http://secunia.com/advisories/30717 http://secunia.com/advisories/31324 http://secunia.com/advisories/32292 http://www.cups.org/str.php?L2790 http://www.debian.org/security/2008/dsa-1625 http://www.gentoo.org/security/en/glsa/glsa-200804-23.xml http://www.kb.cert.org/vuls/id/21839 • CWE-20: Improper Input Validation CWE-190: Integer Overflow or Wraparound •