Page 7 of 38 results (0.007 seconds)

CVSS: 2.1EPSS: 0%CPEs: 7EXPL: 0

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. • http://marc.info/?l=bugtraq&m=110667936707597&w=2 http://secunia.com/advisories/14015 http://secunia.com/advisories/14050 http://securitytracker.com/id?1013007 http://www.debian.org/security/2005/dsa-658 http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:030 http://www.redhat.com/support/errata/RHSA-2005-072.html http://www.securityfocus.com/archive/1/426530/30/6600/threaded http://www.securityfocus •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839 http://marc.info/?l=bugtraq&m=110549296126351&w=2 http://qa.debian.org/bts-security.html •

CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 0

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive. • http://www.cups.org/str.php?L700 http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.redhat.com/support/errata/RHSA-2005-571.html http://www.ubuntu.com/usn/usn-185-1 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162405 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163274 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9940 https://access.redhat.com/security/cve/CVE-2004-2154 https://bugzilla • CWE-178: Improper Handling of Case Sensitivity •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a multithreaded Unix webserver, allows local users to bypass safe_mode_exec_dir restrictions and execute commands outside of the intended safe_mode_exec_dir via shell metacharacters in the current directory name. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** No usar este número de candidata. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915 http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.osvdb.org/12412 http://www.php.net/release_4_3_10.php http://www.securityfocus.com/advisories/9028 http://www.securityfocus.com/archive/1/384545 http://www&# •

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 0

The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate the file path before passing the data to the realpath function, which could allow attackers to bypass safe mode. NOTE: this issue was originally REJECTed by its CNA before publication, but that decision is in active dispute. This candidate may change significantly in the future as a result of further discussion. ** RECHAZADA ** No usar este número de candidata. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000915 http://www.gentoo.org/security/en/glsa/glsa-200412-14.xml http://www.hardened-php.net/advisories/012004.txt http://www.mandriva.com/security/advisories?name=MDKSA-2004:151 http://www.mandriva.com/security/advisories?name=MDKSA-2005:072 http://www.php.net/release_4_3_10.php http://www.securityfocus.com/advisories/9028 http://www.securityfocus.com/archive/1/384545 http://www.securityfocus.com/bid/11964 https: •