10 results (0.005 seconds)

CVSS: 5.0EPSS: 34%CPEs: 1EXPL: 1

telnetd.exe in Pragma TelnetServer 7.0.4.589 allows remote attackers to cause a denial of service (process crash and resource exhaustion) via a crafted TELOPT PRAGMA LOGON telnet option, which triggers a NULL pointer dereference. telnetd.exe en Pragma TelnetServer 7.0.4.589 permite a atacantes remotos provoquen una denegación de servicio (por caída del proceso y agotamiento de recursos) a traves de una opción telnet TELOPT PRAGMA LOGON manipulada, que provoca la referencia a un puntero NULL • https://www.exploit-db.com/exploits/30991 http://aluigi.altervista.org/adv/pragmatel-adv.txt http://marc.info/?l=bugtraq&m=119947184730448&w=2 http://www.securityfocus.com/bid/27143 https://exchange.xforce.ibmcloud.com/vulnerabilities/39353 • CWE-399: Resource Management Errors •

CVSS: 7.5EPSS: 5%CPEs: 1EXPL: 0

Stack-based buffer overflow in Pragma FortressSSH 4.0.7.20 allows remote attackers to execute arbitrary code via long SSH_MSG_KEXINIT messages, which may cause an overflow when being logged. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. • http://secunia.com/advisories/20114 http://www.securityfocus.com/bid/17991 http://www.vupen.com/english/advisories/2006/1820 https://exchange.xforce.ibmcloud.com/vulnerabilities/26498 •

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

Cross-site scripting (XSS) vulnerability in Pragma Systems Telnetserver 6.0 allows remote attackers to inject arbitrary web script or HTML, and hide activities in log files, via a "<!--" (HTML comment) in a session. • http://secunia.com/advisories/15642 http://securitytracker.com/id?1014127 http://www.rgod.altervista.org/pragma.html •

CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0

Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html http://securitytracker.com/id?1005812 http://securitytracker.com/id?1005813 http://www.cert.org/advisories/CA-2002-36.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5721 • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 4%CPEs: 16EXPL: 0

Multiple SSH2 servers and clients do not properly handle strings with null characters in them when the string length is specified by a length field, which could allow remote attackers to cause a denial of service or possibly execute arbitrary code due to interactions with the use of null-terminated strings as implemented using languages such as C, as demonstrated by the SSHredder SSH protocol test suite. • http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0110.html http://securitytracker.com/id?1005812 http://securitytracker.com/id?1005813 http://www.cert.org/advisories/CA-2002-36.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5797 • CWE-20: Improper Input Validation •