Page 52 of 275 results (0.027 seconds)

CVSS: 6.8EPSS: 14%CPEs: 88EXPL: 2

CVE-2008-0411 – Ghostscript 8.0.1/8.15 - 'zseticcspace()' Remote Buffer Overflow

https://notcve.org/view.php?id=CVE-2008-0411

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator. Desbordamiento de búfer basado en pila en la función zseticcspace de zicc.c en Ghostscript 8.61 y anteriores permite a atacantes remotos ejecutar código de su elección a través de un archivo postscript (.ps) que contiene un array de Range (rango) largo en un operador .seticcspace. • https://www.exploit-db.com/exploits/31309 http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00009.html http://scary.beasts.org/security/CESA-2008-001.html http://secunia.com/advisories/29101 http://secunia.com/advisories/29103 http://secunia.com/advisories/29112 http://secunia.com/advisories/29135 http://secunia.com/advisories/29147 http://secunia.com/advisories/29154 http://secunia.com/advisories/29169 http://secunia.com/advisories/29196 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-121: Stack-based Buffer Overflow •

CVSS: 4.3EPSS: 84%CPEs: 9EXPL: 5

CVE-2008-0455 – Apache 2.2.6 mod_negotiation - HTML Injection / HTTP Response Splitting

https://notcve.org/view.php?id=CVE-2008-0455

Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) "406 Not Acceptable" or (2) "300 Multiple Choices" HTTP response when the extension is omitted in a request for the file. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en el módulo mod_negotiation de Apache HTTP Server 2.2.6 y anteriores en las series 2.2.x, 2.0.61 y anteriores en las series 2.0.x, y 1.3.39 y anteriores en las series 1.3.x permite a usuarios remotos autenticados inyectar secuencias de comandos web o HTML de su elección subiendo un fichero con un nombre que contiene secuencias XSS y una extensión de fichero, lo cual conduce conduce a la inyección en respuestas HTTP (1) "406 Not Acceptable" o (2) "300 Multiple Choices" cuando se omite la extensión en la petición del fichero. • https://www.exploit-db.com/exploits/31052 http://rhn.redhat.com/errata/RHSA-2012-1591.html http://rhn.redhat.com/errata/RHSA-2012-1592.html http://rhn.redhat.com/errata/RHSA-2012-1594.html http://rhn.redhat.com/errata/RHSA-2013-0130.html http://secunia.com/advisories/29348 http://secunia.com/advisories/51607 http://security.gentoo.org/glsa/glsa-200803-19.xml http://securityreason.com/securityalert/3575 http://securitytracker.com/id?1019256 http://www.mindedsecurity.c • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.2EPSS: 0%CPEs: 2EXPL: 0

CVE-2007-6285 – autofs default doesn't set nodev in /net

https://notcve.org/view.php?id=CVE-2007-6285

The default configuration for autofs 5 (autofs5) in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 4 and 5, does not specify the nodev mount option for the -hosts map, which allows local users to access "important devices" by operating a remote NFS server and creating special device files on that server, as demonstrated by the /dev/mem device. La configuración predeterminada para autofs 5 (autofs5) en algunas distribuciones de Linux, como Red Hat Enterprise Linux (RHEL) versiones 4 y 5, no especifica la opción de montaje nodev para el mapa -hosts, que permite a los usuarios locales acceder a "important devices" mediante la operación de un servidor NFS remoto y creando archivos de dispositivo especial en ese servidor, como es demostrado por el dispositivo /dev/mem. • http://osvdb.org/40442 http://rhn.redhat.com/errata/RHSA-2007-1176.html http://rhn.redhat.com/errata/RHSA-2007-1177.html http://secunia.com/advisories/28156 http://secunia.com/advisories/28168 http://secunia.com/advisories/28456 http://securitytracker.com/id?1019137 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 http://www.securityfocus.com/bid/26970 https://bugzilla.redhat.com/show_bug.cgi?id=426218 https://exchange.xforce.ibmcloud.com/vulnerabilities/39188 • CWE-16: Configuration •

CVSS: 4.9EPSS: 0%CPEs: 9EXPL: 0

CVE-2007-6283 – bind: /etc/rndc.key has 644 permissions by default

https://notcve.org/view.php?id=CVE-2007-6283

Red Hat Enterprise Linux 5 and Fedora install the Bind /etc/rndc.key file with world-readable permissions, which allows local users to perform unauthorized named commands, such as causing a denial of service by stopping named. Red Hat Enterprise Linux 5 y Fedora instalan el fichero Bind /etc/rndc.key file con permisos de lectura por todos, lo cual permite a usuarios locales realizar comandos no autorizados, como provocar una denegación de servicio por un comando de parada. • http://secunia.com/advisories/28180 http://secunia.com/advisories/30313 http://www.redhat.com/support/errata/RHSA-2008-0300.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2007-6283 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9977 https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00587.html https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00671.html https://access.redhat.com/security/cve/CVE-2007 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 6.9EPSS: 0%CPEs: 1EXPL: 1

CVE-2007-5964 – autofs defaults don't restrict suid in /net

https://notcve.org/view.php?id=CVE-2007-5964

The default configuration of autofs 5 in some Linux distributions, such as Red Hat Enterprise Linux (RHEL) 5, omits the nosuid option for the hosts (/net filesystem) map, which allows local users to gain privileges via a setuid program on a remote NFS server. La configuración predeterminada de autofs versión 5 en algunas distribuciones de Linux, como Red Hat Enterprise Linux (RHEL) versión 5, omite la opción nosuid para el mapa de hosts (sistema de archivos /net), permite a los usuarios locales alcanzar privilegios por medio de un programa setuid en un servidor NFS remoto. • http://osvdb.org/40441 http://secunia.com/advisories/28052 http://secunia.com/advisories/28097 http://secunia.com/advisories/28456 http://securitytracker.com/id?1019087 http://www.mandriva.com/security/advisories?name=MDVSA-2008:009 http://www.redhat.com/support/errata/RHSA-2007-1128.html http://www.redhat.com/support/errata/RHSA-2007-1129.html http://www.securityfocus.com/bid/26841 https://bugzilla.redhat.com/show_bug.cgi?id=409701 https://bugzilla.redhat.com/show_bug& • CWE-16: Configuration •