Page 2 of 8 results (0.006 seconds)

CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 1

CVE-2006-7236 – xterm - DECRQSS Remote Command Execution

https://notcve.org/view.php?id=CVE-2006-7236

The default configuration of xterm on Debian GNU/Linux sid and possibly Ubuntu enables the allowWindowOps resource, which allows user-assisted attackers to execute arbitrary code or have unspecified other impact via escape sequences. La configuración por defecto de sid en xterm para Debian GNU/Linux y posiblemente Ubuntu activa el recurso allowWindowOps, lo que permite a atacantes asistidos por el usuario, ejecutar código de su elección o tener otro impacto no determinado a través de secuencias de escape. • https://www.exploit-db.com/exploits/32690 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=384593 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 http://secunia.com/advisories/33388 https://usn.ubuntu.com/703-1 • CWE-16: Configuration •

CVSS: 9.3EPSS: 1%CPEs: 1EXPL: 0

CVE-2008-2383 – xterm: arbitrary command injection

https://notcve.org/view.php?id=CVE-2008-2383

CRLF injection vulnerability in xterm allows user-assisted attackers to execute arbitrary commands via LF (aka \n) characters surrounding a command name within a Device Control Request Status String (DECRQSS) escape sequence in a text file, a related issue to CVE-2003-0063 and CVE-2003-0071. Vulnerabilidad de inyección CRLF en xterm, permite a atacantes asistidos por usuarios ejecutar comandos de su elección a través de caracteres LF (también conocido como \n) que rodean el nombre del comando dentro de una secuencia de escape evice Control Request Status String (DECRQSS) en un fichero de texto, es una cuestión relacionada con CVE-2003-0063 y CVE-2003-0071. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=510030 http://lists.apple.com/archives/security-announce/2009/May/msg00002.html http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-02/msg00000.html http://secunia.com/advisories/33318 http://secunia.com/advisories/33388 http://secunia.com/advisories/33397 http://secunia.com/advisories/33418 http://secunia.com/advisories/33419 http://secunia.com/advisories • CWE-94: Improper Control of Generation of Code ('Code Injection') •

CVSS: 9.8EPSS: 4%CPEs: 3EXPL: 1

CVE-2005-3120 – Lynx 2.8.6dev.13 - Remote Buffer Overflow (PoC)

https://notcve.org/view.php?id=CVE-2005-3120

Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. • https://www.exploit-db.com/exploits/1256 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.7/SCOSA-2006.7.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.47/SCOSA-2005.47.txt http://lists.grok.org.uk/pipermail/full-disclosure/2005-October/038019.html http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://secunia.com/advisories/17150 http://secunia.com/advisories/17216 http://secunia.com/advisories/17230 http://secunia.com/advisories/1723 • CWE-131: Incorrect Calculation of Buffer Size •