Page 54 of 363 results (0.009 seconds)

CVSS: 5.0EPSS: 0%CPEs: 16EXPL: 0

CVE-2007-1349 – mod_perl PerlRun denial of service

https://notcve.org/view.php?id=CVE-2007-1349

PerlRun.pm in Apache mod_perl before 1.30, and RegistryCooker.pm in mod_perl 2.x, does not properly escape PATH_INFO before use in a regular expression, which allows remote attackers to cause a denial of service (resource consumption) via a crafted URI. PerlRun.pm en Apache mod_perl versiones anteriores a 1.30, y RegistryCooker.pm en mod_perl versiones 2.x, no escapa correctamente el PATH_INFO antes de usarlo en una expresión regular, lo que permite a atacantes remotos causar una denegación de servicio (consumo de recursos) por medio de un URI especialmente diseñado. • ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://rhn.redhat.com/errata/RHSA-2007-0395.html http://rhn.redhat.com/errata/RHSA-2008-0630.html http://secunia.com/advisories/24678 http://secunia.com/advisories/24839 http://secunia.com/advisories/25072 http://secunia.com/advisories/25110 http://secunia.com/advisories/25432 http://secunia.com/advisories/25655 http://secunia.com/advisories/25730 http://secunia.com/advisories/25894 http://secun • CWE-20: Improper Input Validation •

CVSS: 4.3EPSS: 1%CPEs: 2EXPL: 0

CVE-2006-7176 – sendmail allows external mail with from address xxx@localhost.localdomain

https://notcve.org/view.php?id=CVE-2006-7176

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not reject the "localhost.localdomain" domain name for e-mail messages that come from external hosts, which might allow remote attackers to spoof messages. La versión de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no rechazan el nombre de dominio "localhost.localdomain" para mensajes de correo electrónico que provienen de estaciones externas, lo cual podría permitir a atacantes remotos falsificar mensajes. • http://secunia.com/advisories/25098 http://secunia.com/advisories/25743 http://support.avaya.com/elmodocs2/security/ASA-2007-248.htm http://www.redhat.com/support/errata/RHSA-2007-0252.html http://www.securityfocus.com/bid/23742 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=171838 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11499 https://access.redhat.com/security/cve/CVE-2006-7176 https://bugzilla.redhat.com/show_bug.cgi?id=23854 •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0

CVE-2006-7175

https://notcve.org/view.php?id=CVE-2006-7175

The version of Sendmail 8.13.1-2 on Red Hat Enterprise Linux 4 Update 4 and earlier does not allow the administrator to disable SSLv2 encryption, which could cause less secure channels to be used than desired. La version de Sendmail 8.13.1-2 en Red Hat Enterprise Linux 4 Update 4 y anteriores no permiten al administrador deshabilitar la encriptación SSLv2, lo cual podría provocar que se pudieran usar canales menos seguros de lo deseado. • https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=172352 •

CVSS: 7.5EPSS: 15%CPEs: 15EXPL: 3

CVE-2007-1285 – PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service

https://notcve.org/view.php?id=CVE-2007-1285

The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. El motor Zend en PHP versión 4.x anterior a 4.4.7, y versión 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegación de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursión en la variable de rutinas de destrucción. • https://www.exploit-db.com/exploits/29692 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24909 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24941 http://secunia.com/advisories/24945 http://secunia.com/advisories&#x • CWE-674: Uncontrolled Recursion •

CVSS: 9.3EPSS: 81%CPEs: 42EXPL: 0

CVE-2007-1282

https://notcve.org/view.php?id=CVE-2007-1282

Integer overflow in Mozilla Thunderbird before 1.5.0.10 and SeaMonkey before 1.0.8 allows remote attackers to trigger a buffer overflow and possibly execute arbitrary code via a text/enhanced or text/richtext e-mail message with an extremely long line. Desbordamiento de entero en Mozilla Thunderbird anterior a 1.5.0.10 y SeaMonkey anterior a 1.0.8 permite a atacantes remotos disparar un desbordamiento de búfer y posiblemente ejecutar código de su elección mediante un mensaje de correo electrónico de tipo texto/mejorado o texto/enriquecido con una línea extremadamente larga. • ftp://patches.sgi.com/support/free/security/advisories/20070202-01-P.asc http://fedoranews.org/cms/node/2747 http://fedoranews.org/cms/node/2749 http://osvdb.org/33810 http://secunia.com/advisories/24406 http://secunia.com/advisories/24456 http://secunia.com/advisories/24457 http://secunia.com/advisories/24522 http://secunia.com/advisories/25588 http://security.gentoo.org/glsa/glsa-200703-18.xml http://slackware.com/security/viewer.php?l=slackware-security&y=2007&m •