2 results (0.015 seconds)

CVSS: 5.0EPSS: 33%CPEs: 38EXPL: 1

The "cache update reply processing" functionality in Squid 2.x before 2.6.STABLE17 and Squid 3.0 allows remote attackers to cause a denial of service (crash) via unknown vectors related to HTTP headers and an Array memory leak during requests for cached objects. La funcionalidad de "cache update reply processing" en Squid versiones 2.x anteriores a 2.6.STABLE17 y Squid versión 3.0, permite a atacantes remotos causar una denegación de servicio (bloqueo) por medio de vectores desconocidos relacionados con encabezados HTTP y una pérdida de memoria de Matriz durante las peticiones de objetos en caché. • http://bugs.gentoo.org/show_bug.cgi?id=201209 http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html http://secunia.com/advisories/27910 http://secunia.com/advisories/28091 http://secunia.com/advisories/28109 http://secunia.com/advisories/28350 http://secunia.com/advisories/28381 http://secunia.com/advisories/28403 http://secunia.com/advisories/28412 http://secunia.com/advisories/28814 http://secunia.com/advisories/34467 http://security.gentoo.org/glsa/ • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 96%CPEs: 2EXPL: 2

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable). Desbordamiento de búfer en la función ntlm_check_auth (autenticación NTLM) de Squid Web Proxy Cache 2.5.x y 3.x, cuando se compila con manejadores NTLM activados, permite a atacantes remotos ejecutar código de su elección mediante una contraseña larga (variable "pass") • https://www.exploit-db.com/exploits/16847 https://www.exploit-db.com/exploits/9951 ftp://patches.sgi.com/support/free/security/advisories/20040604-01-U.asc http://fedoranews.org/updates/FEDORA--.shtml http://www.gentoo.org/security/en/glsa/glsa-200406-13.xml http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities http://www.mandrakesecure.net/en/advisories/advisory.php?name=MDKSA-2004:059 http://www.redhat.com/support/errata/RHSA-2004-242.html http:/& •