CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 1CVE-2008-1922
https://notcve.org/view.php?id=CVE-2008-1922
Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file. Múltiples desbordamientos de búfer basados en pila en Sarg pueden permitir a los atacantes ejecutar código de su elección a través de vectores desconocidos, probablemente a través de un log Squid manipulado. • http://lists.opensuse.org/opensuse-security-announce/2008-05/msg00000.html http://secunia.com/advisories/30156 http://secunia.com/advisories/30202 http://www.mandriva.com/security/advisories?name=MDVSA-2009:073 http://www.securityfocus.com/bid/29141 https://exchange.xforce.ibmcloud.com/vulnerabilities/42321 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 10.0EPSS: 45%CPEs: 1EXPL: 0CVE-2008-1167
https://notcve.org/view.php?id=CVE-2008-1167
Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en una función useragent de useragent.c en Squid Analysis Report Generator (Sarg) permite a atacantes remotos ejecutar código de su elección a través una cabecera User-Agent en un servidor proxy de Squid. NOTA: algunos de estos detalles han sido obtenidos a partir de la información de terceros. • http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00004.html http://secunia.com/advisories/28668 http://secunia.com/advisories/29309 http://secunia.com/advisories/29323 http://secunia.com/advisories/29500 http://sourceforge.net/project/shownotes.php?release_id=581212 http://www.gentoo.org/security/en/glsa/glsa-200803-21.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:079 http://www.securityfocus.com/archive/1/489018/100/0/threaded http://www.securit • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2008-1168
https://notcve.org/view.php?id=CVE-2008-1168
Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to inject arbitrary web script or HTML via the User-Agent header, which is not properly handled when displaying the Squid proxy log. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en Squid Analysis Report Generator (Sarg) 2.2.3.1 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección a través de la cabecera User-Agent, la cual no se manipula correctamente cuando se muestra el log del proxy de Squid. NOTA: el origen de esta información es desconocido; los detalles se han obtenido únicamente de información de terceros. • http://secunia.com/advisories/28668 http://secunia.com/advisories/29309 http://secunia.com/advisories/29500 http://sourceforge.net/project/shownotes.php?release_id=581509 http://www.gentoo.org/security/en/glsa/glsa-200803-21.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:079 http://www.securityfocus.com/bid/28077 http://www.vupen.com/english/advisories/2008/0750/references https://exchange.xforce.ibmcloud.com/vulnerabilities/40972 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •