Page 18 of 91 results (0.010 seconds)

CVSS: 6.8EPSS: 0%CPEs: 80EXPL: 2

The redirect implementation in curl and libcurl 5.11 through 7.19.3, when CURLOPT_FOLLOWLOCATION is enabled, accepts arbitrary Location values, which might allow remote HTTP servers to (1) trigger arbitrary requests to intranet servers, (2) read or overwrite arbitrary files via a redirect to a file: URL, or (3) execute arbitrary commands via a redirect to an scp: URL. La implementación de redirección en curl y libcurl v5.11 hasta v7.19.3, cuando CURLOPT_FOLLOWLOCATION esta activado, acepta valores de localización a elección del usuario, lo que permite a servidores HTTP remotos (1)iniciar peticiones arbitrarias a servidores de red interna, (2) leer o sobreescribir ficheros arbitrariamente a través de una redirección a un fichero: URL, o (3) ejecutar comando arbitrariamente a través de una redirección a un scp: URL. libcURL suffers from an arbitrary file access and creation vulnerability. • https://www.exploit-db.com/exploits/32834 http://curl.haxx.se/docs/adv_20090303.html http://curl.haxx.se/lxr/source/CHANGES http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.vmware.com/pipermail/security-announce/2009/000060.html http://secunia.com/advisories/34138 http://secunia.com/advisories/34202 http://secunia.com/advisories/34237 http://secunia.com/advisories&# • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 7.5EPSS: 3%CPEs: 3EXPL: 0

Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path. • http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html http://curl.haxx.se/docs/adv_20060320.html http://secunia.com/advisories/19271 http://secunia.com/advisories/19335 http://secunia.com/advisories/19344 http://secunia.com/advisories/19371 http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml http://www.osvdb.org/23982 http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.html http://www.securityfocus.com/bid/17154 http://www •

CVSS: 4.6EPSS: 0%CPEs: 11EXPL: 0

Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt http://curl.haxx.se/docs/adv_20051207.html http://docs.info.apple.com/article.html?artnum=307562 http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://qa.openoffice.org/issues/show_bug.cgi?id=59032 http://secunia.com/advisories/17907 http://secunia.com/advisories/17960 http://secunia.com/advisories/17961& • CWE-189: Numeric Errors •

CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0

Stack-based buffer overflow in the ntlm_output function in http-ntlm.c for (1) wget 1.10, (2) curl 7.13.2, and (3) libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.10/SCOSA-2006.10.txt http://docs.info.apple.com/article.html?artnum=302847 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17192 http://secunia.com/advisories/17193 http://secunia.com/advisories/17203 http://secunia.com/advisories/17208 http://secunia.com/advisories/17228 http://secunia.com/advisories/17247 http://secunia.com/advisories/17297 http://secunia.com/adviso • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 0

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000940 http://marc.info/?l=full-disclosure&m=110959085507755&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-20.xml http://www.idefense.com/application/poi/display?id=202&type=vulnerabilities http://www.idefense.com/application/poi/display?id=203&type=vulnerabilities http://www.mandriva.com/security/advisories? • CWE-131: Incorrect Calculation of Buffer Size •