6 results (0.004 seconds)

CVSS: 10.0EPSS: 0%CPEs: 3EXPL: 2

Buffer overflow in the DumpSysVar function in var.c in Remind before 3.1.15 allows attackers to have unspecified impact via a long name. Desbordamiento de buffer en la función DumpSysVar en var.c en Remind en versiones anteriores a 3.1.15, permite a atacantes tener un impacto no especificado a través de un nombre largo. • http://lists.opensuse.org/opensuse-updates/2015-09/msg00025.html http://lists.roaringpenguin.com/pipermail/remind-fans/2015/003172.html http://www.openwall.com/lists/oss-security/2015/07/29/2 http://www.openwall.com/lists/oss-security/2015/08/07/1 http://www.securityfocus.com/bid/76099 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.5EPSS: 10%CPEs: 2EXPL: 0

Buffer overflow in Roaring Penguin MIMEDefang 2.59 and 2.60 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via unspecified vectors. Desbordamiento de búfer en Roaring Penguin MIMEDefang 2.59 y 2.60 permite a atacantes remotos provocar denegación (caida de aplicación) y posiblemente ejecutar código de su elección a través de vectores no especificados. • http://lists.roaringpenguin.com/pipermail/mimedefang/2007-February/032011.html http://osvdb.org/33171 http://secunia.com/advisories/24133 http://www.mimedefang.org/node.php?id=62 http://www.securityfocus.com/bid/22514 http://www.vupen.com/english/advisories/2007/0572 https://exchange.xforce.ibmcloud.com/vulnerabilities/32466 •

CVSS: 7.5EPSS: 0%CPEs: 28EXPL: 0

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. MIMEDefang de MIME-tools 5.414 permite a atacantes remotos sortear escaner de virus mediante adjuntos en correo electrónico con virus que contengan una cadena de límite vacia en la cabecera Content-Type. • http://lists.roaringpenguin.com/pipermail/mimedefang/2004-October/024959.html http://www.gentoo.org/security/en/glsa/glsa-200411-06.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:123 http://www.securityfocus.com/bid/11563 https://exchange.xforce.ibmcloud.com/vulnerabilities/17940 •

CVSS: 2.1EPSS: 0%CPEs: 15EXPL: 0

Roaring Penguin pppoe (rp-ppoe), if installed or configured to run setuid root contrary to its design, allows local users to overwrite arbitrary files. NOTE: the developer has publicly disputed the claim that this is a vulnerability because pppoe "is NOT designed to run setuid-root." Therefore this identifier applies *only* to those configurations and installations under which pppoe is run setuid root despite the developer's warnings. Roaring Penguin pppoe, cuando se ejecuta con setuid root, no libera privilegios adecuadamente, lo que permite a usuarios locales sobreescribir ficheros arbitrarios. • http://marc.info/?l=bugtraq&m=110247119200510&w=2 http://marc.info/?l=bugtraq&m=110253341209450&w=2 http://www.debian.org/security/2004/dsa-557 http://www.fedoralegacy.org/updates/FC1/2005-11-14-FLSA_2005_152794__Updated_rp_pppoe_package_fixes_security_issue.html http://www.securityfocus.com/bid/11315 https://exchange.xforce.ibmcloud.com/vulnerabilities/17576 •

CVSS: 7.5EPSS: 1%CPEs: 11EXPL: 0

SMTP content filter engines, including (1) GFI MailSecurity for Exchange/SMTP before 7.2, (2) InterScan VirusWall before 3.52 build 1494, (3) the default configuration of MIMEDefang before 2.21, and possibly other products, do not detect fragmented emails as defined in RFC2046 ("Message Fragmentation and Reassembly") and supported in such products as Outlook Express, which allows remote attackers to bypass content filtering, including virus checking, via fragmented emails of the message/partial content type. motores de filtrado de contenido SMTP, incluyendo GFI MailSecurity para Exchange/SMTP anteriores a 7.2 InterScan VirusWall anteriores a 3.52 compilación 1494 la configuración por defecto de MIMEDefang anteriores a 2.21 y posiblemente otros productos, no detectan correos electrónicos fragmentados como se define en la RFC2046 ("Fragmentación y ensamblaje de Mensajes"), y soportado en productos como Outlook Express, lo que permite a atacantes remotos evitar el filtrado de contenido, incluyendo la comprobación de virus, mediante correos fragmentados con el tipo de contenido message/partial. • http://archives.neohapsis.com/archives/bugtraq/2002-09/0134.html http://archives.neohapsis.com/archives/bugtraq/2002-09/0135.html http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0113.html http://marc.info/?l=bugtraq&m=103184267105132&w=2 http://marc.info/?l=bugtraq&m=103184501408453&w=2 http://www.iss.net/security_center/static/10088.php http://www.kb.cert.org/vuls/id/836088 http://www.securiteam.com/securitynews/5YP0A0K8CM.html http://www.securityfocus.com/bid& •