Page 52 of 265 results (0.020 seconds)

CVSS: 7.5EPSS: 7%CPEs: 9EXPL: 0

BIND before 9.2.6-P1 and 9.3.x before 9.3.2-P1 allows remote attackers to cause a denial of service (crash) via certain SIG queries, which cause an assertion failure when multiple RRsets are returned. BIND anterior a 9.2.6-P1 y 9.3.x anterior a 9.3.2-P1 permite a un atacante remoto provocar denegación de servicio (caida) a través de ciertas consultas SIG, lo cual provoca una falta de aserción cuando múltiples RRsets se devuelven. • http://docs.info.apple.com/article.html?artnum=305530 http://lists.apple.com/archives/security-announce/2007/May/msg00004.html http://secunia.com/advisories/21752 http://secunia.com/advisories/21786 http://secunia.com/advisories/21816 http://secunia.com/advisories/21818 http://secunia.com/advisories/21828 http://secunia.com/advisories/21835 http://secunia.com/advisories/21838 http://secunia.com/advisories/21912 http://secunia.com/advisories/21926 http://secunia.com/advisories&#x • CWE-617: Reachable Assertion •

CVSS: 9.3EPSS: 1%CPEs: 5EXPL: 0

Multiple heap-based buffer overflows in the (1) str_repeat and (2) wordwrap functions in ext/standard/string.c in PHP before 5.1.5, when used on a 64-bit system, have unspecified impact and attack vectors, a different vulnerability than CVE-2006-1990. Múltiples vulnerabilidades de desbordamiento de búfer en las funciones (1) str_repeat y (2) wordwrap en ext/standard/string.c en PHP anterior a 5.1.5, cuando se uso sobre sistemas de 64-bit, tiene un impacto desconocido y ataque a vectores, una vulnerabilidad diferente que la CVE-2006-1990. • ftp://patches.sgi.com/support/free/security/advisories/20061001-01-P.asc http://cvs.php.net/viewvc.cgi/php-src/ext/standard/string.c?r1=1.445.2.14.2.10&r2=1.445.2.14.2.11 http://rhn.redhat.com/errata/RHSA-2006-0688.html http://secunia.com/advisories/21546 http://secunia.com/advisories/21768 http://secunia.com/advisories/22004 http://secunia.com/advisories/22039 http://secunia.com/advisories/22069 http://secunia.com/advisories/22225 http://secunia.com/ • CWE-787: Out-of-bounds Write •

CVSS: 4.9EPSS: 0%CPEs: 6EXPL: 0

Linux kernel 2.x.6 before 2.6.17.9 and 2.4.x before 2.4.33.1 on PowerPC PPC970 systems allows local users to cause a denial of service (crash) related to the "HID0 attention enable on PPC970 at boot time." El núcleo de Linux 2.x.6 anterior a 2.6.17.9 y 2.4.x anterior a 2.4.33.1 en sistemas PowerPC PPC970 permite a usuarios locales provocar una denegación de servicio (caída) relacionada con "activación de la atención a HID0 en PPC970 en tiempo de arranque". • http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.33.1 http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.17.9 http://secunia.com/advisories/21563 http://secunia.com/advisories/21695 http://secunia.com/advisories/21847 http://secunia.com/advisories/21934 http://secunia.com/advisories/22093 http://secunia.com/advisories/22148 http://secunia.com/advisories/22292 http://secunia.com/advisories/22945 http://support.avaya.com/elmodocs2/security/ASA-2006-249 •

CVSS: 7.6EPSS: 97%CPEs: 7EXPL: 5

Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules. Error de superación de límite (off-by-one) en el esquema ldap manejado en el modulo Rewrite (mod_rewrite) en Apache 1.3 desde 1.3.28, 2.0.46 y otras versiones anteriores 2.0.59, y 2.2, cuando RewriteEngine está activo, permite a atacantes remotos provocar denegación de servicio (Caida de aplicación) y posiblemente ejecutar código a rtavés de URLs manipuladas que no se manejan de forma adecuada utilizando ciertas reglas de reescritura. • https://www.exploit-db.com/exploits/2237 https://www.exploit-db.com/exploits/3996 https://www.exploit-db.com/exploits/16752 https://www.exploit-db.com/exploits/3680 https://github.com/defensahacker/CVE-2006-3747 http://docs.info.apple.com/article.html?artnum=307562 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01118771 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01428449 http://kbase.redhat.com/faq/FAQ_68_8653.shtm http:/&#x • CWE-189: Numeric Errors •

CVSS: 4.3EPSS: 97%CPEs: 8EXPL: 5

http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file. http_protocol.c en (1) IBM HTTP Server 6.0 anterioa a 6.0.2.13 y 6.1 anterior 6.1.0.1, y (2) Apache HTTP Server 1.3 anterior a 1.3.35, 2.0 anterior a 2.0.58, y 2.2 anterior a 2.2.2, no desinfecta la cabecera Expect desde una respuesta HTTP cuando se refleja en un mensaje de error, lo cul podría permitir un ataque de tipo secuencia de comandos en sitios cruzados (XSS) utilizando los componentes web del cliente que puede enviar cabeceras de su elección en las respuesta, como se demostró con la utilización de un archivo Flash SWF. Oracle HTTP Server for Oracle Application Server 10g version 10.1.2.0.2 suffers from a cross site scripting vulnerability. • https://www.exploit-db.com/exploits/28424 ftp://patches.sgi.com/support/free/security/advisories/20060801-01-P http://archives.neohapsis.com/archives/bugtraq/2006-05/0151.html http://archives.neohapsis.com/archives/bugtraq/2006-07/0425.html http://kb.vmware.com/KanisaPlatform/Publishing/466/5915871_f.SAL_Public.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00004.html http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://marc.info/?l=bugtraq&m=12919089961 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •