Page 6 of 84 results (0.004 seconds)

CVSS: 8.1EPSS: 3%CPEs: 27EXPL: 0

16 Sep 2004 — Internet Explorer 6.0 allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk, and .sch.uk, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. • http://marc.info/?l=bugtraq&m=109536612321898&w=2 •

CVSS: 9.6EPSS: 5%CPEs: 62EXPL: 1

14 Sep 2004 — Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows remote attackers to perform cross-domain scripting and possibly execute arbitrary code by convincing a user to drag and drop javascript: links to a frame or page in another domain. • http://bugzilla.mozilla.org/show_bug.cgi?id=250862 •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

31 Dec 2002 — Buffer overflow in the French documentation patch for Gnuplot 3.7 in SuSE Linux before 8.0 allows local users to execute arbitrary code as root via unknown attack vectors. • http://www.securityfocus.com/bid/6329 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.8EPSS: 0%CPEs: 28EXPL: 0

08 Mar 2002 — Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling." El desbordamiento del búfer en ncurses 5.0, y el paquete de compatibilidad ncurses4 basado en él, permite a usuarios locales la obtención de privilegios. • http://www.debian.org/security/2002/dsa-113 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •

CVSS: 7.5EPSS: 2%CPEs: 12EXPL: 0

06 Dec 2001 — htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429 •

CVSS: 9.1EPSS: 0%CPEs: 14EXPL: 0

06 Dec 2001 — Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432 •

CVSS: 9.8EPSS: 25%CPEs: 9EXPL: 1

18 Oct 2001 — Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function. • https://www.exploit-db.com/exploits/20908 •

CVSS: 7.8EPSS: 0%CPEs: 13EXPL: 2

20 Sep 2001 — Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option. • https://www.exploit-db.com/exploits/20843 •

CVSS: 7.8EPSS: 0%CPEs: 5EXPL: 0

05 Sep 2001 — Vulnerability in screen before 3.9.10, related to a multi-attach error, allows local users to gain root privileges when there is a subdirectory under /tmp/screens/. • http://www.novell.com/linux/security/advisories/2001_030_screen_txt.html •

CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 1

14 Aug 2001 — Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument. • http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html •