Page 22 of 289 results (0.047 seconds)

CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. • http://secunia.com/advisories/15615 http://securitytracker.com/id?1014124 http://www.debian.org/security/2005/dsa-787 http://www.securityfocus.com/bid/13892 http://www.sukria.net/packages/backup-manager http://www.usenetlinux.com/archive/index.php/t-411815.html •

CVSS: 4.3EPSS: 0%CPEs: 23EXPL: 2

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. • https://www.exploit-db.com/exploits/26172 http://marc.info/?l=bugtraq&m=112786017426276&w=2 http://secunia.com/advisories/16506 http://www.debian.org/security/2005/dsa-778 http://www.gentoo.org/security/en/glsa/glsa-200509-16.xml http://www.mantisbt.org/changelog.php http://www.securityfocus.com/bid/14604 https://exchange.xforce.ibmcloud.com/vulnerabilities/21958 •

CVSS: 5.0EPSS: 4%CPEs: 64EXPL: 0

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. • http://bugs.gentoo.org/show_bug.cgi?id=94584 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.12.5 http://secunia.com/advisories/16355 http://secunia.com/advisories/16500 http://secunia.com/advisories/17826 http://secunia.com/advisories/17918 http://secunia.com/advisories/18056 http://secunia.com/advisories/18059 http://www.debian.org/security/2005/dsa-921 http://www.debian.org/security/2005/dsa-922 http://www.mandriva.com/security/advisories?name=MDKSA&# • CWE-476: NULL Pointer Dereference •

CVSS: 4.6EPSS: 0%CPEs: 65EXPL: 0

Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. • http://secunia.com/advisories/17002 http://secunia.com/advisories/17073 http://secunia.com/advisories/17826 http://secunia.com/advisories/19369 http://secunia.com/advisories/19374 http://www.debian.org/security/2006/dsa-1017 http://www.debian.org/security/2006/dsa-1018 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=6fc0b4a7a73a81e74d0004732df358f4f9975be2 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0

Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. • http://marc.info/?l=bugtraq&m=112412415822890&w=2 http://marc.info/?l=bugtraq&m=112431497300344&w=2 http://marc.info/?l=bugtraq&m=112605112027335&w=2 http://secunia.com/advisories/16431 http://secunia.com/advisories/16432 http://secunia.com/advisories/16441 http://secunia.com/advisories/16460 http://secunia.com/advisories/16465 http://secunia.com/advisories/16468 http://secunia.com/advisories/16469 http://secunia.com/advisories/16491 http://secunia.com/advisories& • CWE-94: Improper Control of Generation of Code ('Code Injection') •