Page 5 of 26 results (0.009 seconds)

CVSS: 4.3EPSS: 96%CPEs: 3EXPL: 2

CVE-2005-2088

https://notcve.org/view.php?id=CVE-2005-2088

The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." • http://docs.info.apple.com/article.html?artnum=302847 http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html http://marc.info/?l=apache-httpd-announce&m=112931556417329&w=3 http://seclists.org/lists/bugtraq/2005/Jun/0025.html http://secunia.com/advisories/14530 http://secunia.com/advisories/17319 http://secunia.com/advisories/17487 http://secunia.com/advisories/17813 http://secunia.com/advisories/19072 http://secunia.com/advisories/19073 http://secunia. • CWE-444: Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') •

CVSS: 7.5EPSS: 8%CPEs: 3EXPL: 0

CVE-2005-1796

https://notcve.org/view.php?id=CVE-2005-1796

Format string vulnerability in the curses_msg function in the Ncurses interface (ec_curses.c) for Ettercap before 0.7.3 allows remote attackers to execute arbitrary code. • http://ettercap.sourceforge.net/history.php http://secunia.com/advisories/15535 http://secunia.com/advisories/15664 http://secunia.com/advisories/16000 http://securitytracker.com/id?1014084 http://www.debian.org/security/2005/dsa-749 http://www.gentoo.org/security/en/glsa/glsa-200506-07.xml http://www.securityfocus.com/bid/13820 http://www.vupen.com/english/advisories/2005/0670 •

CVSS: 5.0EPSS: 1%CPEs: 6EXPL: 0

CVE-2005-1260

https://notcve.org/view.php?id=CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://docs.info.apple.com/article.html?artnum=307041 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://secunia.com/advisories/15447 http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http • CWE-400: Uncontrolled Resource Consumption •

CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0

CVE-2005-1111

https://notcve.org/view.php?id=CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://marc.info/?l=bugtraq&m=111342664116120&w=2 http://secunia.com/advisories/16998 http://secunia.com/advisories/17123 http://secunia.com/advisories/17532 http://secunia&# • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2003-0385 – Xaos 3.0 - Language Option Local Buffer Overflow

https://notcve.org/view.php?id=CVE-2003-0385

Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option. Desbordamiento de búfer en xaos 3.0-23 y anteriores, cuando se ejecuta con setuid, permite a usuarios locales ganar privilegios de root mediante una opción -language. • https://www.exploit-db.com/exploits/22748 http://marc.info/?l=bugtraq&m=105491469815197&w=2 http://www.debian.org/security/2003/dsa-310 •