CVSS: 4.6EPSS: 0%CPEs: 23EXPL: 1CVE-2010-0935
https://notcve.org/view.php?id=CVE-2010-0935
Perforce Server 2009.2 and earlier, when the protection table is empty, allows remote authenticated users to obtain super privileges via a "p4 protect" command. Perforce Server 2009.2 y anteriores, cuando la tabla de proteccion esta vacia, permite a usuarios remotos autenticados obtener super privilegios a traves del comando "p4 protect". • http://lists.immunitysec.com/pipermail/dailydave/2010-March/006063.html http://www.perforce.com/perforce/doc.current/manuals/cmdref/protect.html http://www.securityfocus.com/bid/36261 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 1CVE-2008-1338
https://notcve.org/view.php?id=CVE-2008-1338
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted. El servicio Perforce (p4s.exe) de Perforce Server 2007.3/143793 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (parada del servicio) mediante la utilización de un comando server-DiffFile con un valor entero dentro de cierto rango, causando un bucle de ejecución hasta que toda la memoria es ocupada. • http://aluigi.altervista.org/adv/perforces-adv.txt http://aluigi.org/poc/perforces.zip http://secunia.com/advisories/29231 http://securityreason.com/securityalert/3735 http://www.securityfocus.com/archive/1/489179/100/0/threaded http://www.securityfocus.com/bid/28108 https://exchange.xforce.ibmcloud.com/vulnerabilities/41017 https://exchange.xforce.ibmcloud.com/vulnerabilities/41361 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 4%CPEs: 2EXPL: 0CVE-2008-1302
https://notcve.org/view.php?id=CVE-2008-1302
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a (1) server-DiffFile or (2) server-ReleaseFile command with a large integer value, which is used in an array initialization calculation, and leads to invalid memory access. El servicio Perforce (p4s.exe) en Perforce Server 2007.3/143793 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de los comandos (1) server-DiffFile o (2) server-ReleaseFile con un valor entero grande, el cual es utilizado en un cálculo de inicialización de array y lleva a un acceso a memoria no válido. • http://aluigi.altervista.org/adv/perforces-adv.txt http://aluigi.org/poc/perforces.zip http://secunia.com/advisories/29231 http://securityreason.com/securityalert/3735 http://www.securityfocus.com/archive/1/489179/100/0/threaded http://www.securityfocus.com/bid/28108 https://exchange.xforce.ibmcloud.com/vulnerabilities/41016 https://exchange.xforce.ibmcloud.com/vulnerabilities/41363 • CWE-189: Numeric Errors •
CVSS: 5.0EPSS: 9%CPEs: 16EXPL: 2CVE-2008-1303 – Perforce Server 2007.3 - Multiple Remote Denial of Service Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1303
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a missing parameter to the (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, and possibly unspecified other commands, which triggers a NULL pointer dereference. El servicio Perforce (p4s.exe) en Perforce Server 2007.3/143793 y anteriores permite a atacantes remotos provocar una denegación de servicio (caída del demonio) a través de un parámetro faltante a los comandos (1) dm-FaultFile, (2) dm-LazyCheck, (3) dm-ResolvedFile, (4) dm-OpenFile, (5) crypto, y posiblemente otros sin especificar, lo que dispara una referencia a un puntero nulo. • https://www.exploit-db.com/exploits/31338 http://aluigi.altervista.org/adv/perforces-adv.txt http://aluigi.org/poc/perforces.zip http://secunia.com/advisories/29231 http://securityreason.com/securityalert/3735 http://www.securityfocus.com/archive/1/489179/100/0/threaded http://www.securityfocus.com/bid/28108 https://exchange.xforce.ibmcloud.com/vulnerabilities/41015 • CWE-20: Improper Input Validation •