Page 4 of 90 results (0.004 seconds)

CVSS: 7.5EPSS: 57%CPEs: 9EXPL: 2

05 Aug 2003 — The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up. El código de procesamiento de direcciones en Postfix 1.1.12 y anteriores permite a atacan... • https://www.exploit-db.com/exploits/22981 •

CVSS: 10.0EPSS: 0%CPEs: 11EXPL: 0

01 Feb 2003 — Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. El cliente de ftp Kerberos permite a sitios FTP remotos ejecutar código arbitrario mediante un carácter de tubería (|) en un nombre de fichero que recupera el cliente • http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0047.html • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •

CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 5

31 Dec 2002 — Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. • https://www.exploit-db.com/exploits/21583 •

CVSS: 5.5EPSS: 0%CPEs: 77EXPL: 2

31 Dec 2002 — The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. • ftp://patches.sgi.com/support/free/security/advisories/20020901-01-A •

CVSS: 7.5EPSS: 4%CPEs: 33EXPL: 0

04 Nov 2002 — Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Fuga de memoria en ypdb_open en yp_db.c en ypserv anteriores a 2.5 en el paquete NIS 3.9 y anteriores permite a atacantes remotos causar una denegación de servicio (consumición de memoria) mediante un número grande de peticiones de un mapa inexistente. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt •

CVSS: 9.8EPSS: 12%CPEs: 27EXPL: 0

28 Oct 2002 — dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. El conversor dvips para ficheros Postscript en el paquete tetex llama a la función system() de forma insegura, lo que permite a atacantes ejecutar comandos arbitrarios mediante ciertos trabajos de impresión, posiblemente conteniendo fuentes. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537 •

CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 0

12 Aug 2002 — Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt. Desbordamiento de buffer en newt.c de la librería de ventanas newt (libnewt) 0.50.33 y anteriores que podría permitir a atacantes causar una denegación de servicio o ejecutar código arbitrario en programas que usen libnewt. • http://online.securityfocus.com/archive/1/264699 •

CVSS: 7.0EPSS: 0%CPEs: 29EXPL: 0

12 Aug 2002 — setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. setpwnam.c en el paquete util-linux, como se incluye en Red Hat Linux 7.3 y antieriores, y en otros sistemas operativos, no bloquea adecuadamente un fichero temporal cuando se mo... • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

01 Aug 2002 — Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call. Vulnerabilidad de cadena de formato en la función startprinting() de printjob.c en el paquete lpr lpd basado en BSD puede permitir a usuarios locales ganar privilegios mediante una llamada impropia a syslog que usa cadenas de formato de la llamada checkremote(). • http://marc.info/?l=bugtraq&m=96994604300675&w=2 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

15 Mar 2002 — rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. rsync no llama adecuadamente a 'setgroups' antes de establecer los permisos, lo cual podría proveer de ciertos privilegios de grupo a usuarios locales, los cuales podrían leer ciertos ficheros que de otro modo les estarían vetados. • http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt • CWE-269: Improper Privilege Management •