CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2008-0892 – Server: shell command injection in CGI replication monitor
https://notcve.org/view.php?id=CVE-2008-0892
The replication monitor CGI script (repl-monitor-cgi.pl) in Red Hat Administration Server, as used by Red Hat Directory Server 8.0 EL4 and EL5, allows remote attackers to execute arbitrary commands. Las secuencias de comandos CGI Replication Monitor (monitor de duplicación) en Red Hat Administration Server, como lo usan Red Hat Directory Server 8.0 EL4 y EL5, permite a atacantes remotos ejecutar comandos de su elección. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01433676 http://secunia.com/advisories/29761 http://secunia.com/advisories/29826 http://secunia.com/advisories/30114 http://www.redhat.com/support/errata/RHSA-2008-0199.html http://www.redhat.com/support/errata/RHSA-2008-0201.html http://www.securityfocus.com/bid/28802 http://www.securitytracker.com/id?1019856 http://www.vupen.com/english/advisories/2008/1449/references https://bugzilla.redhat.com/show_bug.cg • CWE-20: Improper Input Validation CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 0CVE-2008-0890 – 7.1: insecure default permissions on jars directory
https://notcve.org/view.php?id=CVE-2008-0890
Red Hat Directory Server 7.1 before SP4 uses insecure permissions for certain directories, which allows local users to modify JAR files and execute arbitrary code via unknown vectors. Red Hat Directory Server 7.1 anterior al SP4 usa permisos inseguros para ciertos directorios, lo que permite a usuarios locales modificar archivos JAR y ejecutar código de su elección mediante vectores no especificados. • http://secunia.com/advisories/29350 http://www.redhat.com/support/errata/RHSA-2008-0173.html http://www.securityfocus.com/bid/28204 http://www.securitytracker.com/id?1019577 https://exchange.xforce.ibmcloud.com/vulnerabilities/41152 https://access.redhat.com/security/cve/CVE-2008-0890 https://bugzilla.redhat.com/show_bug.cgi?id=436116 • CWE-264: Permissions, Privileges, and Access Controls CWE-732: Incorrect Permission Assignment for Critical Resource •
CVSS: 10.0EPSS: 11%CPEs: 1EXPL: 0CVE-2004-1236
https://notcve.org/view.php?id=CVE-2004-1236
Buffer overflow in the LDAP component for Netscape Directory Server (NDS) 3.6 on HP-UX and other operating systems allows remote attackers to execute arbitrary code. • http://marc.info/?l=bugtraq&m=110384298016120 http://secunia.com/advisories/14960 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57754-1 http://www.ciac.org/ciac/bulletins/p-083.shtml http://www.kb.cert.org/vuls/id/258905 http://www.securityfocus.com/bid/12099 https://exchange.xforce.ibmcloud.com/vulnerabilities/18676 https://access.redhat.com/security/cve/CVE-2004-1236 https://bugzilla.redhat.com/show_bug.cgi?id=1617398 •
CVSS: 7.5EPSS: 3%CPEs: 93EXPL: 0CVE-2004-0826
https://notcve.org/view.php?id=CVE-2004-0826
Heap-based buffer overflow in Netscape Network Security Services (NSS) library allows remote attackers to execute arbitrary code via a modified record length field in an SSLv2 client hello message. • http://marc.info/?l=bugtraq&m=109351293827731&w=2 http://www.securityfocus.com/bid/11015 http://xforce.iss.net/xforce/alerts/id/180 https://exchange.xforce.ibmcloud.com/vulnerabilities/16314 •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2001-0164
https://notcve.org/view.php?id=CVE-2001-0164
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. • http://www.atstake.com/research/advisories/2001/a030701-1.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/6233 •