Page 5 of 23 results (0.004 seconds)

CVSS: 5.0EPSS: 8%CPEs: 16EXPL: 2

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. El servicio Perforce (p4s.exe) en Perforce Server 2007.3/143793 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un parámetro faltante a los comandos (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, y posiblemente otros sin especificar, lo que dispara una referencia a un puntero nulo. • https://www.exploit-db.com/exploits/31338 http://aluigi.altervista.org/adv/perforces-adv.txt http://aluigi.org/poc/perforces.zip http://secunia.com/advisories/29231 http://securityreason.com/securityalert/3735 http://www.securityfocus.com/archive/1/489179/100/0/threaded http://www.securityfocus.com/bid/28108 https://exchange.xforce.ibmcloud.com/vulnerabilities/41015 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 3%CPEs: 2EXPL: 0

P4Webs.exe in Perforce P4Web 2006.2 and earlier, when running on Windows, allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with an empty body and a Content-Length greater than 0. P4Webs.exe de Perforce P4Web 2006.2 y anteriores, cuando se ejecuta sobre Windows, permite a atacantes remotos provocar una denegación de servicio (agotamiento de CPU) mediante una petición HTTP con un cuerpo vacío y un valor Content-Length mayor que 0. • http://secunia.com/advisories/28158 http://securityreason.com/securityalert/3476 http://www.osvdb.org/39297 http://www.securityfocus.com/archive/1/485321/100/0/threaded http://www.securityfocus.com/bid/26806 http://www.symantec.com/content/en/us/enterprise/research/SYMSA-2007-015.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/39142 • CWE-399: Resource Management Errors •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows remote attackers to overwrite arbitrary files by modifying the client config file on the server, or by operating a malicious server. El cliente Perforce no restringe el conjunto de archivos que sobrescribe al recibir una petición del servidor, lo que permite a atacantes remotos sobrescribir archivos de su elección modificando el archivo de configuración de cliente en el servidor, u operando un servidor malicioso. • http://osvdb.org/33369 http://www.securityfocus.com/archive/1/455977/100/0/threaded •