CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 0CVE-2012-2150 – xfsprogs: xfs_metadump information disclosure flaw
https://notcve.org/view.php?id=CVE-2012-2150
25 Aug 2015 — xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image. Vulnerabilidad en xfs_metadump en xfsprogs en versiones anteriores a la 3.2.4, no ofusca apropiadamente los datos de archivo, lo cual permite a atacantes remotos obtener información sensible mediante la lectura de una imagen generada. It was discovered that the xfs_metadump tool of the xfsprogs suite did not fully adhere to the standards of ... • http://lists.fedoraproject.org/pipermail/package-announce/2015-August/163690.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 0%CPEs: 17EXPL: 0CVE-2012-5530
https://notcve.org/view.php?id=CVE-2012-5530
29 Nov 2012 — The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file. Las secuencias de comandos (1) pcmd y (2) pmlogger en Performance Co-Pilot (PCP) v3.6.10, permite a usuarios locales sobrescribir archivos de su elección a través de un ataque de enlace simbólico en un archivo temporal /var/tmp/##### • http://lists.opensuse.org/opensuse-security-announce/2013-01/msg00024.html • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 13EXPL: 0CVE-2012-3418
https://notcve.org/view.php?id=CVE-2012-3418
27 Aug 2012 — libpcp in Performance Co-Pilot (PCP) before 3.6.5 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a PDU with the numcreds field value greater than the number of actual elements to the __pmDecodeCreds function in p_creds.c; (2) the string byte number value to the __pmDecodeNameList function in p_pmns.c; (3) the numids value to the __pmDecodeIDList function in p_pmns.c; (4) unspecified vectors to the __pmDecodeProfile function in p_profile.c; the (5) status num... • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html • CWE-189: Numeric Errors •
CVSS: 9.1EPSS: 1%CPEs: 12EXPL: 0CVE-2012-3419
https://notcve.org/view.php?id=CVE-2012-3419
27 Aug 2012 — Performance Co-Pilot (PCP) before 3.6.5 exports some of the /proc file system, which allows attackers to obtain sensitive information such as proc/pid/maps and command line arguments. Performance Co-Pilot (PCP) anterior a v3.6.5 realiza exportaciones de algunos de los sistema de archivos /proc, que permite a los atacantes obtener información confidencial, como proc / pid / maps y los argumentos de línea de comandos. • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 3%CPEs: 13EXPL: 0CVE-2012-3420
https://notcve.org/view.php?id=CVE-2012-3420
27 Aug 2012 — Multiple memory leaks in Performance Co-Pilot (PCP) before 3.6.5 allow remote attackers to cause a denial of service (memory consumption or daemon crash) via a large number of PDUs with (1) a crafted context number to the DoFetch function in pmcd/src/dofetch.c or (2) a negative type value to the __pmGetPDU function in libpcp/src/pdu.c. Múltiples pérdidas de memoria en Performance Co-Pilot (PCP) anterior a v3.6.5 permite a atacantes remotos provocar una denegación de servicio (consumo de memoria o un acciden... • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 2%CPEs: 13EXPL: 0CVE-2012-3421
https://notcve.org/view.php?id=CVE-2012-3421
27 Aug 2012 — The pduread function in pdu.c in libpcp in Performance Co-Pilot (PCP) before 3.6.5 does not properly time out connections, which allows remote attackers to cause a denial of service (pmcd hang) by sending individual bytes of a PDU separately, related to an "event-driven programming flaw." La función pduread en pdu.c en libpcp en Performance Co-Pilot (PCP) anterior a v3.6.5 no realiza el tiempo de espera de conexiones, permitiendo a atacantes remotos provocar una denegación de servicio (pmcd bloquea) mediant... • http://lists.fedoraproject.org/pipermail/package-announce/2012-August/085324.html •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0CVE-2011-3337
https://notcve.org/view.php?id=CVE-2011-3337
04 Jan 2012 — eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/. eEye Audit ID 2499 en eEye Digital Security Audits 2406 hasta 2423 para eEye Retina Network Security Scanner en HP-UX, IRIX, y Solaris, permite a usuarios locales ganar privilegios a través de un caballo de troya en un directorio de su elección bajo /usr/... • http://www.eeye.com/Resources/Security-Center/Research/Security-Advisories/AL20111108 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 8.8EPSS: 0%CPEs: 75EXPL: 0CVE-2010-2594
https://notcve.org/view.php?id=CVE-2010-2594
01 Jul 2010 — Multiple cross-site request forgery (CSRF) vulnerabilities in the web management interface in InterSect Alliance Snare Agent 3.2.3 and earlier on Solaris, Snare Agent 3.1.7 and earlier on Windows, Snare Agent 1.5.0 and earlier on Linux and AIX, Snare Agent 1.4 and earlier on IRIX, Snare Epilog 1.5.3 and earlier on Windows, and Snare Epilog 1.2 and earlier on UNIX allow remote attackers to hijack the authentication of administrators for requests that (1) change the password or (2) change the listening port. ... • http://holisticinfosec.org/content/view/144/45 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 10.0EPSS: 26%CPEs: 45EXPL: 1CVE-2010-1039 – rpc.pcnfsd - Remote Format String
https://notcve.org/view.php?id=CVE-2010-1039
20 May 2010 — Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name. Vulnerabilidad de cadena de formato en la función _msgout en rpc.pcnfsd en AIX de IBM versiones 6.1, 5.3 y anteriores; VIOS de IBM versiones 2.1, 1.5 ... • https://www.exploit-db.com/exploits/14407 • CWE-134: Use of Externally-Controlled Format String •
CVSS: 6.1EPSS: 1%CPEs: 9EXPL: 2CVE-2007-6232 – ftp Admin 0.1.0 - Local File Inclusion / Cross-Site Scripting / Authentication Bypass
https://notcve.org/view.php?id=CVE-2007-6232
04 Dec 2007 — Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action. Vulnerabilidad de secuencia de comandos en sitios cruzados (XSS) en index.php en FTP Admin 0.1.0 permite a atacantes remotos inyectar secuencias de comandos web o HTML a través del parámetro error en una acción de página de error. • https://www.exploit-db.com/exploits/4681 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •