Page 32 of 265 results (0.009 seconds)

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0

CVE-2007-1349 – mod_perl PerlRun denial of service

https://notcve.org/view.php?id=CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. PerlRun.pm en Apache mod_perl versiones anteriores a 1.30, y RegistryCooker.pm en mod_perl versiones 2.x, no escapa correctamente el PATH_INFO antes de usarlo en una expresión regular, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de un URI especialmente diseñado. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://rhn.redhat.com/errata/RHSA-2007-0395.html http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/24678 http://secunia.com/advisories/24839 http://secunia.com/advisories/25072 http://secunia.com/advisories/25110 http://secunia.com/advisories/25432 http://secunia.com/advisories/25655 http://secunia.com/advisories/25730 http://secunia.com/advisories/25894 http://secun • CWE-20: Improper Input Validation •

CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 3

CVE-2007-1285 – PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service

https://notcve.org/view.php?id=CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. El motor Zend en PHP versión 4.x anterior a 4.4.7, y versión 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegación de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursión en la variable de rutinas de destrucción. • https://www.exploit-db.com/exploits/29692 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24909 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24941 http://secunia.com/advisories/24945 http://secunia.com/advisories&#x • CWE-674: Uncontrolled Recursion •

CVSS: 10.0EPSS: 13%CPEs: 9EXPL: 0

CVE-2007-1007

https://notcve.org/view.php?id=CVE-2007-1007

Format string vulnerability in GnomeMeeting 1.0.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in the name, which is not properly handled in a call to the gnomemeeting_log_insert function. Vulnerabilidad de cadena de formato en GnomeMeeting 1.0.2 y anteriores permiten a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar código de su elección mediante cadenas de formato en el nombre, que no es tratado adecuadamente en una llamada a la función gnomemeeting_log_insert. • ftp://patches.sgi.com/support/free/security/advisories/20070201-01-P.asc http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=229266 http://osvdb.org/32083 http://secunia.com/advisories/24185 http://secunia.com/advisories/24271 http://secunia.com/advisories/24284 http://secunia.com/advisories/24379 http://secunia.com/advisories/25119 http://www.debian.org/security/2007/dsa-1262 http://www.mandriva.com/security/advisories?name=MDKSA-2007:045 http://www.novell.com/linux&#x •

CVSS: 10.0EPSS: 2%CPEs: 8EXPL: 0

CVE-2007-0980

https://notcve.org/view.php?id=CVE-2007-0980

Unspecified vulnerability in HP Serviceguard for Linux; packaged for SuSE SLES8 and United Linux 1.0 before SG A.11.15.07, SuSE SLES9 and SLES10 before SG A.11.16.10, and Red Hat Enterprise Linux (RHEL) before SG A.11.16.10; allows remote attackers to obtain unauthorized access via unspecified vectors. Vulnerabilidad no especificada en HP Serviceguard para Linux; empaquetado para SuSE SLES8 y United Linux 1.0 versiones anteriores a SG A.11.15.07, SuSE SLES9 y SLES10 versiones anteriores a SG A.11.16.10, y Red Hat Enterprise Linux (RHEL) versiones anteriores a SG A.11.16.10; permite a atacantes remotos obtener acceso no autorizado mediante vectores no especificados. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c00860750 http://osvdb.org/33201 http://secunia.com/advisories/24134 http://www.securityfocus.com/bid/22574 http://www.securitytracker.com/id?1017655 http://www.vupen.com/english/advisories/2007/0619 •

CVSS: 7.5EPSS: 5%CPEs: 13EXPL: 0

CVE-2007-0455 – gd: buffer overrun

https://notcve.org/view.php?id=CVE-2007-0455

Buffer overflow in the gdImageStringFTEx function in gdft.c in GD Graphics Library 2.0.33 and earlier allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted string with a JIS encoded font. Desbordamiento de búfer en la función gdImageStringFTEx en gdft.c de GD Graphics Library 2.0.33 y anteriores permite a atacantes remotos provocar una denegación de servicio (cierre de aplicación) y posiblemente ejecutar código de su elección mediante una cadena manipulada con una fuente JIS codificada. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=224607 http://fedoranews.org/cms/node/2631 http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052848.html http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052854.html http://lists.rpath.com/pipermail/security-announce/2007-February/000145.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://secunia.com/advisories/23916 http://secunia.com/advisories/24022 http://secunia.com/advisories/24052 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •