Page 28 of 196 results (0.002 seconds)

CVSS: 9.3EPSS: 6%CPEs: 4EXPL: 0

Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921 http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html http://marc.info/?t=110378596500001&r=1&w=2 http://secunia.com/advisories/17277 http://securitytracker.com/id?1012646 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.gentoo.org&# • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 2%CPEs: 28EXPL: 2

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://marc.info/?l=bugtraq&m=110296048613575&w=2 http://secunia.com/advisories/13254 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.kde.org/info/security/advisory-20041213-1.txt http://www.novell.com/linux/security/advisories/2005_01_sr.html http://www.redhat.com/support/errata/RHS •

CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html http://marc.info/?l=bugtraq&m=110178786809694&w=2 http://marc.info/?l=bugtraq&m=110261063201488&w=2 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://securitytracker.com/id?1012471 http://www.ciac.org/ciac/bulletins/p-051.shtml http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml http://www.kb.cert.org/vuls/id/305294 http •

CVSS: 7.5EPSS: 81%CPEs: 10EXPL: 1

Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP commands via an ftp:// URL that contains a URL-encoded newline ("%0a") before the FTP command, which causes the commands to be inserted into the resulting FTP session, as demonstrated using a PORT command. • https://www.exploit-db.com/exploits/24801 http://marc.info/?l=bugtraq&m=110245752232681&w=2 http://www.debian.org/security/2005/dsa-631 http://www.gentoo.org/security/en/glsa/glsa-200501-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 http://www.redhat.com/support/errata/RHSA-2005-009.html http://www.redhat.com/support/errata/RHSA-2005-065.html https://exchange.xforce.ibmcloud.com/vulnerabilities/18384 https://oval.cisecurity.org/repository/search&# •

CVSS: 10.0EPSS: 8%CPEs: 93EXPL: 0

Multiple integer overflows in xpdf 2.0 and 3.0, and other packages that use xpdf code such as CUPS, gpdf, and kdegraphics, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0889. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000886 http://marc.info/?l=bugtraq&m=109880927526773&w=2 http://marc.info/?l=bugtraq&m=110815379627883&w=2 http://www.debian.org/security/2004/dsa-573 http://www.debian.org/security/2004/dsa-581 http://www.debian.org/security/2004/dsa-599 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/ •