4 results (0.002 seconds)

CVSS: 3.6EPSS: 0%CPEs: 20EXPL: 0

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character. La función DoCommand de jhead.c en Matthias Wandel jhead v2.84 y anteriores, permite a los usuarios locales eliminar ficheros de su elección a través de vectores que contengan un nombre de fichero de entrada modificado en los que (1) el carácter "z" final es reemplazado por un carácter "t" o (2) el carácter "t" final es reemplazado por un carácter "z". • http://www.openwall.com/lists/oss-security/2008/10/16/3 http://www.openwall.com/lists/oss-security/2008/11/26/4 http://www.securityfocus.com/bid/32506 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 21EXPL: 0

jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file. El archivo jhead.c en Matthias Wandel jhead versión 2.84 y anteriores, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque symlink en un archivo temporal. • http://www.openwall.com/lists/oss-security/2008/10/15/5 http://www.openwall.com/lists/oss-security/2008/10/15/6 http://www.openwall.com/lists/oss-security/2008/10/16/3 http://www.openwall.com/lists/oss-security/2009/02/06/5 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 10.0EPSS: 0%CPEs: 20EXPL: 0

The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input. La función DoCommand en el archivo jhead.c en Matthias Wandel jhead 2.84 y versiones anteriores, que permite a los atacantes remotos ejecutar arbitrariamente comandos a través del intérprete de meta-caracteres en entradas no especificadas. • http://www.openwall.com/lists/oss-security/2008/10/15/5 http://www.openwall.com/lists/oss-security/2008/10/15/6 http://www.openwall.com/lists/oss-security/2008/10/16/3 http://www.openwall.com/lists/oss-security/2008/11/26/4 http://www.securityfocus.com/bid/31921 https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 1%CPEs: 20EXPL: 1

Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows." Desbordamiento de búfer en la función DoCommand de jhead before 2.84 podría permitir a atacantes dependientes del contexto provocar una denegación de servicio (caída) mediante (1) un argumento -cmd largo y (2) posiblemente otros vectores no especificados. • http://secunia.com/advisories/32363 http://www.openwall.com/lists/oss-security/2008/10/15/6 http://www.securityfocus.com/bid/31770 http://www.sentex.net/~mwandel/jhead/changes.txt https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020 https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •