Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 804

Количество 63 804

ubuntu логотип

CVE-2009-5078

больше 14 лет назад

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

CVSS3: 6.5
EPSS: Низкий
ubuntu логотип

CVE-2009-5074

почти 15 лет назад

Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2009-5067

больше 13 лет назад

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

CVSS2: 4.3
EPSS: Средний
ubuntu логотип

CVE-2009-5066

больше 13 лет назад

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2009-5065

почти 15 лет назад

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

CVSS2: 4.3
EPSS: Низкий
ubuntu логотип

CVE-2009-5064

почти 15 лет назад

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

CVSS2: 6.9
EPSS: Низкий
ubuntu логотип

CVE-2009-5063

больше 14 лет назад

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2009-5057

почти 15 лет назад

The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2009-5056

почти 15 лет назад

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

CVSS2: 2.1
EPSS: Низкий
ubuntu логотип

CVE-2009-5055

почти 15 лет назад

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

CVSS2: 3.5
EPSS: Низкий
ubuntu логотип

CVE-2009-5054

около 15 лет назад

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-5053

около 15 лет назад

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-5052

около 15 лет назад

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2009-5050

больше 6 лет назад

konversation before 1.2.3 allows attackers to cause a denial of service.

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-5049

больше 6 лет назад

WebApp JSP Snoop page XSS in jetty though 6.1.21.

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2009-5048

больше 6 лет назад

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2009-5047

около 6 лет назад

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

EPSS: Низкий
ubuntu логотип

CVE-2009-5046

больше 6 лет назад

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

CVSS3: 6.1
EPSS: Низкий
ubuntu логотип

CVE-2009-5045

больше 6 лет назад

Dump Servlet information leak in jetty before 6.1.22.

CVSS3: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2009-5044

больше 14 лет назад

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

CVSS2: 3.3
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2009-5078

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 launches the Ghostscript program without the -dSAFER option, which allows remote attackers to create, overwrite, rename, or delete arbitrary files via a crafted document.

CVSS3: 6.5
1%
Низкий
больше 14 лет назад
ubuntu логотип
CVE-2009-5074

Unspecified vulnerability in the MojoX::Dispatcher::Static implementation in Mojolicious before 0.991250 has unknown impact and attack vectors.

CVSS2: 10
0%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2009-5067

Directory traversal vulnerability in html2ps before 1.0b6 allows remote attackers to read arbitrary files via a .. (dot dot) in the "include file" SSI directive. NOTE: this issue only might be a vulnerability in limited scenarios, such as if html2ps is invoked by a web application, or if a user-assisted attacker provides filenames whose contents could cause a denial of service, such as certain devices.

CVSS2: 4.3
21%
Средний
больше 13 лет назад
ubuntu логотип
CVE-2009-5066

twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.

CVSS2: 2.1
0%
Низкий
больше 13 лет назад
ubuntu логотип
CVE-2009-5065

Cross-site scripting (XSS) vulnerability in feedparser.py in Universal Feed Parser (aka feedparser or python-feedparser) before 5.0 allows remote attackers to inject arbitrary web script or HTML via vectors involving nested CDATA stanzas.

CVSS2: 4.3
7%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2009-5064

ldd in the GNU C Library (aka glibc or libc6) 2.13 and earlier allows local users to gain privileges via a Trojan horse executable file linked with a modified loader that omits certain LD_TRACE_LOADED_OBJECTS checks. NOTE: the GNU C Library vendor states "This is just nonsense. There are a gazillion other ways to introduce code if people are downloading arbitrary binaries and install them in appropriate directories or set LD_LIBRARY_PATH etc.

CVSS2: 6.9
0%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2009-5063

Memory leak in the embedded_profile_len function in pngwutil.c in libpng before 1.2.39beta5 allows context-dependent attackers to cause a denial of service (memory leak or segmentation fault) via a JPEG image containing an iCCP chunk with a negative embedded profile length. NOTE: this is due to an incomplete fix for CVE-2006-7244.

CVSS2: 5
0%
Низкий
больше 14 лет назад
ubuntu логотип
CVE-2009-5057

The S/MIME feature in Open Ticket Request System (OTRS) before 2.3.4 does not configure the RANDFILE and HOME environment variables for OpenSSL, which might make it easier for remote attackers to decrypt e-mail messages that had lower than intended entropy available for cryptographic operations, related to inability to write to the seeding file.

CVSS2: 5
0%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2009-5056

Open Ticket Request System (OTRS) before 2.4.0-beta2 does not properly enforce the move_into permission setting for a queue, which allows remote authenticated users to bypass intended access restrictions and read a ticket by watching this ticket, and then selecting the ticket from the watched-tickets list.

CVSS2: 2.1
0%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2009-5055

Open Ticket Request System (OTRS) before 2.4.4 grants ticket access on the basis of single-digit substrings of the CustomerID value, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by visiting a ticket, as demonstrated by leveraging the CustomerID 12 account to read tickets that should be available only to CustomerID 1 or CustomerID 2.

CVSS2: 3.5
0%
Низкий
почти 15 лет назад
ubuntu логотип
CVE-2009-5054

Smarty before 3.0.0 beta 4 does not consider the umask value when setting the permissions of files, which might allow attackers to bypass intended access restrictions via standard filesystem operations.

CVSS2: 7.5
0%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2009-5053

Unspecified vulnerability in Smarty before 3.0.0 beta 6 allows remote attackers to execute arbitrary PHP code by injecting this code into a cache file.

CVSS2: 7.5
1%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2009-5052

Multiple unspecified vulnerabilities in Smarty before 3.0.0 beta 6 have unknown impact and attack vectors.

CVSS2: 10
1%
Низкий
около 15 лет назад
ubuntu логотип
CVE-2009-5050

konversation before 1.2.3 allows attackers to cause a denial of service.

CVSS3: 7.5
0%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-5049

WebApp JSP Snoop page XSS in jetty though 6.1.21.

CVSS3: 6.1
1%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-5048

Cookie Dump Servlet stored XSS vulnerability in jetty though 6.1.20.

CVSS3: 6.1
1%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-5047

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2009-4611. Reason: This candidate is a duplicate of CVE-2009-4611. Notes: All CVE users should reference CVE-2009-4611 rather than this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage

около 6 лет назад
ubuntu логотип
CVE-2009-5046

JSP Dump and Session Dump Servlet XSS in jetty before 6.1.22.

CVSS3: 6.1
1%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-5045

Dump Servlet information leak in jetty before 6.1.22.

CVSS3: 7.5
3%
Низкий
больше 6 лет назад
ubuntu логотип
CVE-2009-5044

contrib/pdfmark/pdfroff.sh in GNU troff (aka groff) before 1.21 allows local users to overwrite arbitrary files via a symlink attack on a pdf#####.tmp temporary file.

CVSS2: 3.3
0%
Низкий
больше 14 лет назад

Уязвимостей на страницу