CVE-2005-1527
https://notcve.org/view.php?id=CVE-2005-1527
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. • http://secunia.com/advisories/16412 http://secunia.com/advisories/17463 http://securitytracker.com/id?1014636 http://www.debian.org/security/2005/dsa-892 http://www.idefense.com/application/poi/display?id=290&type=vulnerabilities&flashstatus=false http://www.novell.com/linux/security/advisories/2005_19_sr.html http://www.osvdb.org/18696 http://www.securiteam.com/unixfocus/5DP0J00GKE.html http://www.securityfocus.com/bid/14525 https://exchange.xforce.ibmcloud.com/vulnerabilities/21769 h • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVE-2005-1268
https://notcve.org/view.php?id=CVE-2005-1268
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte. Error de fuera-por-uno en la retrollamda de verificación de Lista de Revocación de Certificados (CRL) de mod_ssl para Apache, cuando se configura para usar un CRL, permite a atacantes remotos causar una denegación de servicio (caída de proceso hijo) mediante una CRL que causa un desbordamiento de búfer de un byte nule. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://rhn.redhat.com/errata/RHSA-2005-582.html http://secunia.com/advisories/19072 http://secunia.com/advisories/19185 http://securityreason.com/securityalert/604 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102198-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.debian.org/security/2005/dsa-805 http://www.mandriva.com/security/advisories?name=MDKSA-2005:129 http:/& • CWE-193: Off-by-one Error •
CVE-2005-2456
https://notcve.org/view.php?id=CVE-2005-2456
Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array. Desbordamiento en el índice del array en la función xfrm_sk_policy_insert en xfrm_user.c en el kernel de Linux 2.6 permite que usuarios locales provoquen una denegación de servicio y posiblemente ejeucten código arbitrario mediante una valor de p->dir que sea mayor que XFRM_POLICY_OUT (usado como índice en el array sock->sk_policy). • http://secunia.com/advisories/16298 http://secunia.com/advisories/16500 http://secunia.com/advisories/17002 http://secunia.com/advisories/17073 http://secunia.com/advisories/17826 http://secunia.com/advisories/18056 http://secunia.com/advisories/18059 http://www.debian.org/security/2005/dsa-921 http://www.debian.org/security/2005/dsa-922 http://www.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=blobdiff%3Bh=8da3e25b2c4c1f305fd85428d3a9eb62b543bfba%3Bhp=ecade4893a139cc35d • CWE-667: Improper Locking •
CVE-2005-1920
https://notcve.org/view.php?id=CVE-2005-1920
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. Las aplicaciones Kate y Kwrite en KDE 3.2.x hasta la 3.4.0 no fijan adecuadamente los permisos en los ficheros de backup, lo que podría permitir que usuarios locales, y posiblemente también remotos, obtengan información confidencial. • http://marc.info/?l=bugtraq&m=112171434023679&w=2 http://secunia.com/advisories/16099 http://secunia.com/advisories/23099 http://security.gentoo.org/glsa/glsa-200611-21.xml http://securitytracker.com/id?1014512 http://www.debian.org/security/2005/dsa-804 http://www.kde.org/info/security/advisory-20050718-1.txt http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.redhat.com/support/errata/RHSA-2005-612.html http://www.securityfocus.com/archive • CWE-281: Improper Preservation of Permissions •
CVE-2005-1689
https://notcve.org/view.php?id=CVE-2005-1689
Double free vulnerability in the krb5_recvauth function in MIT Kerberos 5 (krb5) 1.4.1 and earlier allows remote attackers to execute arbitrary code via certain error conditions. Vulnerabilidad de doble liberación de memoria en la función krb5_recvauth en MIT Kerberos 5 (krb5) 1.4.1 y anteriores permite que atacantes remotos ejecuten código arbitrario mediante ciertas condiciones de error. • ftp://patches.sgi.com/support/free/security/advisories/20050703-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000993 http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://marc.info/?l=bugtraq&m=112119974704542&w=2 http://secunia.com/advisories/16041 http://secunia.com/advisories/17135 http://secunia.com/advisories/17899 http://secunia.com/advisories/22090 • CWE-415: Double Free •