Search Results (Refine Search)
- CPE Product Version: cpe:/o:debian:debian_linux:3.0
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2004-0583 |
The account lockout functionality in (1) Webmin 1.140 and (2) Usermin 1.070 does not parse certain character strings, which allows remote attackers to conduct a brute force attack to guess user IDs and passwords. Published: August 06, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2004-0594 |
The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when register_globals is enabled, allows remote attackers to execute arbitrary code by triggering a memory_limit abort during execution of the zend_hash_init function and overwriting a HashTable destructor pointer before the initialization of key data structures is complete. Published: July 27, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 5.1 MEDIUM |
CVE-2004-0398 |
Heap-based buffer overflow in the ne_rfc1036_parse date parsing function for the neon library (libneon) 0.24.5 and earlier, as used by cadaver before 0.22, allows remote WebDAV servers to execute arbitrary code on the client. Published: July 07, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0434 |
k5admind (kadmind) for Heimdal allows remote attackers to execute arbitrary code via a Kerberos 4 compatibility administration request whose framing length is less than 2, which leads to a heap-based buffer overflow. Published: July 07, 2004; 12:00:00 AM -0400 |
V3.1: 9.8 CRITICAL V2.0: 10.0 HIGH |
CVE-2004-0488 |
Stack-based buffer overflow in the ssl_util_uuencode_binary function in ssl_util.c for Apache mod_ssl, when mod_ssl is configured to trust the issuing CA, may allow remote attackers to execute arbitrary code via a client certificate with a long subject DN. Published: July 07, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2004-0179 |
Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, and other products that use neon including (2) Cadaver, (3) Subversion, and (4) OpenOffice, allow remote malicious WebDAV servers to execute arbitrary code. Published: June 01, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2003-0618 |
Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local user to obtain sensitive information about files for which the user does not have appropriate permissions. Published: May 04, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2003-0648 |
Multiple buffer overflows in vfte, based on FTE, before 0.50, allow local users to execute arbitrary code. Published: May 04, 2004; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2004-1180 |
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). Published: February 16, 2004; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2003-0615 |
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter. Published: August 27, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2003-0440 |
The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and possibly other versions, allows local users to overwrite arbitrary files via a symlink attack on temporary files. Published: August 18, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2003-0367 |
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. Published: July 02, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2003-0382 |
Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable. Published: July 02, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2003-0358 |
Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1.9.3 and earlier, which is based on nethack, allows local users to gain privileges via a long -s command line option. Published: June 09, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 4.6 MEDIUM |
CVE-2003-0308 |
The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely create temporary files, which could allow local users to gain additional privileges via (1) expn, (2) checksendmail, or (3) doublebounce.pl. Published: May 15, 2003; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |
CVE-2003-0098 |
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server. Published: March 03, 2003; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2002-1372 |
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta. Published: December 26, 2002; 12:00:00 AM -0500 |
V3.1: 7.5 HIGH V2.0: 5.0 MEDIUM |
CVE-2002-1232 |
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist. Published: November 04, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2002-1235 |
The kadm_ser_in function in (1) the Kerberos v4compatibility administration daemon (kadmind4) in the MIT Kerberos 5 (krb5) krb5-1.2.6 and earlier, (2) kadmind in KTH Kerberos 4 (eBones) before 1.2.1, and (3) kadmind in KTH Kerberos 5 (Heimdal) before 0.5.1 when compiled with Kerberos 4 support, does not properly verify the length field of a request, which allows remote attackers to execute arbitrary code via a buffer overflow attack. Published: November 04, 2002; 12:00:00 AM -0500 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2002-0839 |
The shared memory scoreboard in the HTTP daemon for Apache 1.3.x before 1.3.27 allows any user running as the Apache UID to send a SIGUSR1 signal to any process as root, resulting in a denial of service (process kill) or possibly other behaviors that would not normally be allowed, by modifying the parent[].pid and parent[].last_rtime segments in the scoreboard. Published: October 11, 2002; 12:00:00 AM -0400 |
V3.x:(not available) V2.0: 7.2 HIGH |