Page 90 of 455 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 105EXPL: 1

A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, when using the nonstandard rulesets (1) recipient (2), final, or (3) mailer-specific envelope recipients, has unknown consequences. Un "desbordamiento de búfer potencial en el análisis de reglas" (ruleset parsing) en Sendmail 8.12.9 cuando se usan los conjuntos de reglas no estándar: (1) receptor, (2) final, o (3) receptores de envoltorio específicos del enviador de correo, tienen consecuencias desconocidas. • https://www.exploit-db.com/exploits/23154 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000742 http://marc.info/?l=bugtraq&m=106383437615742&w=2 http://marc.info/?l=bugtraq&m=106398718909274&w=2 http://www.debian.org/security/2003/dsa-384 http://www.kb.cert.org/vuls/id/108964 http://www.mandriva.com/security/advisories?name=MDKSA-2003:092 http://www.redhat.com/support/errata/RHSA-2003-283.html http://www.securityfocus.com/bid/8649 http://www •

CVSS: 10.0EPSS: 79%CPEs: 8EXPL: 7

Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of length MAXPATHLEN+1 to trigger a buffer overflow, including (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, or (8) RNTO. Error de fuera-por-uno (off-by-one) en la función fb_realpath(), derivada de la función realpath de BSD, pude permitir a atacantes ejecutar código arbitrario, como se ha demostrado en wu-ftpd 2.5.0 a 2.6.2 mediante comandos que causan que nombres de rutas de tamaño MAXPATHLEN+1 disparen un desbordamiento de búfer, incluyendo: (1) STOR, (2) RETR, (3) APPE, (4) DELE, (5) MKD, (6) RMD, (7) STOU, y (8) RNTO. • https://www.exploit-db.com/exploits/22976 https://www.exploit-db.com/exploits/78 https://www.exploit-db.com/exploits/74 https://www.exploit-db.com/exploits/22974 https://www.exploit-db.com/exploits/22975 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-011.txt.asc http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0065.html http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-019-01 http://isec.pl/vulnerabilities/isec-0011-wu • CWE-193: Off-by-one Error •

CVSS: 4.6EPSS: 0%CPEs: 14EXPL: 0

The screen saver in MacOS X allows users with physical access to cause the screen saver to crash and gain access to the underlying session via a large number of characters in the password field, possibly triggering a buffer overflow. El salvapantallas de MacOS X permite a usuarios con acceso físico a la máquina hacer que el salvapantallas se caiga y ganar acceso a la sesión subyacente mediante un número de caracteres largo en el campo de contraseña, posiblemente disparando un desbordamiento de búfer. • http://archives.neohapsis.com/archives/bugtraq/2003-07/0034.html http://archives.neohapsis.com/archives/bugtraq/2003-07/0187.html http://docs.info.apple.com/article.html?artnum=120232 •

CVSS: 4.6EPSS: 0%CPEs: 1EXPL: 0

Information leak in dsimportexport for Apple Macintosh OS X Server 10.2.6 allows local users to obtain the username and password of the account running the tool. • http://secunia.com/advisories/9025 http://www.auscert.org.au/render.html?it=3165 http://www.kb.cert.org/vuls/id/JPLA-5NTL8E http://www.securityfocus.com/bid/7894 https://exchange.xforce.ibmcloud.com/vulnerabilities/12342 •

CVSS: 7.2EPSS: 0%CPEs: 22EXPL: 1

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program. DirectoryServices en MacOS X se fia de la variable de entorno PATH para localizar y ejecutar el comando touch, lo que permite a usurarios locales ejecutar comandos arbitrarios modificando PATH para que apunte a un directorio que contenga un programa 'touch' malicioso. • https://www.exploit-db.com/exploits/15 http://lists.apple.com/mhonarc/security-announce/msg00028.html http://www.atstake.com/research/advisories/2003/a041003-1.txt •