Page 7 of 76 results (0.019 seconds)

CVSS: 7.5EPSS: 3%CPEs: 51EXPL: 0

CVE-2007-5116 – perl regular expression UTF parsing errors

https://notcve.org/view.php?id=CVE-2007-5116

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression. Desbordamiento de búfer en el soporte opcode polimórfico del Motor de Expresiones Regulares (regcomp.c) en Perl 5.8 permite a atacantes dependientes de contexto ejecutar código de su elección cambiando de byte a caracteres Unicode (UTF) en una expresión regular. • ftp://aix.software.ibm.com/aix/efixes/security/README http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://lists.vmware.com/pipermail/security-announce/2008/000002.html http://marc.info/?l=bugtraq&m=120352263023774&w=2 http://secunia.com/advisories/27479 http://secunia.com/advisories/27515 http://secunia.com/advisories/27531 http://secunia.com/advisories/27546 http://secunia.com/advisories/27548 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 6.2EPSS: 0%CPEs: 6EXPL: 1

CVE-2007-3103 – X.Org xorg-x11-xfs 1.0.2-3.1 - Local Race Condition

https://notcve.org/view.php?id=CVE-2007-3103

The init.d script for the X.Org X11 xfs font server on various Linux distributions might allow local users to change the permissions of arbitrary files via a symlink attack on the /tmp/.font-unix temporary file. El script init.d para el servidor de fuentes xfs de X.Org X11 en varias distribuciones de Linux podría permitir a los usuarios locales cambiar los permisos de archivos arbitrarios por medio de un ataque de tipo symlink en el archivo temporal /tmp/.font-unix. • https://www.exploit-db.com/exploits/5167 http://bugs.gentoo.org/show_bug.cgi?id=185660 http://bugzilla.redhat.com/242903 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=557 http://osvdb.org/40945 http://secunia.com/advisories/26056 http://secunia.com/advisories/26081 http://secunia.com/advisories/26282 http://secunia.com/advisories/27240 http://secunia.com/advisories/35674 http://security.gentoo.org/glsa/glsa-200710-11.xml http://www.debian.org&#x • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.3EPSS: 6%CPEs: 17EXPL: 0

CVE-2006-5752 – httpd mod_status XSS

https://notcve.org/view.php?id=CVE-2006-5752

Cross-site scripting (XSS) vulnerability in mod_status.c in the mod_status module in Apache HTTP Server (httpd), when ExtendedStatus is enabled and a public server-status page is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors involving charsets with browsers that perform "charset detection" when the content-type is not specified. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en mod_status.c en el módulo mod_status en Apache HTTP Server (httpd), cuando ExtendedStatus está activado y una página pública estado-servidor está siendo usada, permite a atacantes remotos inyectar secuencias de comandos web o HTML a través de vectores no especificados afectando a caracteres con navegadores que realizan "detecciones de caracteres" cuando el tipo de contenido no está especificado. • http://bugs.gentoo.org/show_bug.cgi?id=186219 http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=245112 http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01178795 http://httpd.apache.org/security/vulnerabilities_13.html http://httpd.apache.org/security/vulnerabilities_20.html http://httpd.apache.org/security/vulnerabilities_22.html http://lists.vmware.com/pipermail/security-announce/2009/000062.html http://osvdb.org/37052 http://rhn.redhat.com/errata/RHSA-2007-053 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 4.6EPSS: 0%CPEs: 13EXPL: 0

CVE-2007-1859 – xscreensaver authentication bypass

https://notcve.org/view.php?id=CVE-2007-1859

XScreenSaver 4.10, when using a remote directory service for credentials, does not properly handle the results from the getpwuid function in drivers/lock.c when there is no network connectivity, which causes XScreenSaver to crash and unlock the screen and allows local users to bypass authentication. XScreenSaver versión 4.10, cuando está usando un servicio de directorio remoto para credenciales, no maneja apropiadamente los resultados de la función getpwuid en el archivo drivers/lock.c cuando no hay conectividad de red, lo que causa que XScreenSaver bloquee y desbloquee la pantalla y permita a usuarios locales omitir la autenticación. • http://osvdb.org/35531 http://secunia.com/advisories/25065 http://secunia.com/advisories/25105 http://secunia.com/advisories/25116 http://secunia.com/advisories/25118 http://secunia.com/advisories/25119 http://secunia.com/advisories/25225 http://secunia.com/advisories/25610 http://security.gentoo.org/glsa/glsa-200705-14.xml http://www.mandriva.com/security/advisories?name=MDKSA-2007:097 http://www.novell.com/linux/security/advisories/2007_9_sr.html http://www.redhat • CWE-287: Improper Authentication •

CVSS: 8.5EPSS: 5%CPEs: 45EXPL: 0

CVE-2007-1351 – Multiple font integer overflows (CVE-2007-1352)

https://notcve.org/view.php?id=CVE-2007-1351

Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow. Desbordamiento de enteros en la función bdfReadCharacters en (1) X.Org libXfont before 20070403 y (2) freetype 2.3.2 y permite a usuarios remotos validados ejecutar código de su elección a través de fuentes manipuladas BDF, las cueles dan como resultado un desbordamiento de pila. • http://issues.foresightlinux.org/browse/FL-223 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=501 http://lists.apple.com/archives/Security-announce/2007/Nov/msg00003.html http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.freedesktop.org/archives/xorg-announce/2007-April/000286.html http://rhn.redhat.com/errata/RHSA-2007-0125.html http://secunia.com/advisories/24741 http://secunia.com/advisories/24745 http://secunia.com/advisories/ • CWE-189: Numeric Errors •