Логотип exploitDog
source:"ubuntu"
Консоль
Логотип exploitDog

exploitDog

source:"ubuntu"

Количество 63 796

Количество 63 796

ubuntu логотип

CVE-2008-3659

больше 17 лет назад

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

CVSS2: 6.4
EPSS: Средний
ubuntu логотип

CVE-2008-3658

больше 17 лет назад

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2008-3657

больше 17 лет назад

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2008-3656

больше 17 лет назад

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

CVSS2: 7.8
EPSS: Высокий
ubuntu логотип

CVE-2008-3655

больше 17 лет назад

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

CVSS2: 7.5
EPSS: Средний
ubuntu логотип

CVE-2008-3654

больше 17 лет назад

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

CVSS2: 5
EPSS: Низкий
ubuntu логотип

CVE-2008-3653

больше 17 лет назад

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

CVSS2: 10
EPSS: Низкий
ubuntu логотип

CVE-2008-3652

больше 17 лет назад

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

CVSS2: 7.8
EPSS: Средний
ubuntu логотип

CVE-2008-3651

больше 17 лет назад

Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

CVSS2: 4
EPSS: Низкий
ubuntu логотип

CVE-2008-3650

больше 17 лет назад

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

CVSS2: 9
EPSS: Низкий
ubuntu логотип

CVE-2008-3641

больше 17 лет назад

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

CVSS2: 10
EPSS: Средний
ubuntu логотип

CVE-2008-3640

больше 17 лет назад

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2008-3639

больше 17 лет назад

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3632

больше 17 лет назад

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

CVSS2: 9.3
EPSS: Средний
ubuntu логотип

CVE-2008-3600

больше 17 лет назад

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.

CVSS2: 6.8
EPSS: Низкий
ubuntu логотип

CVE-2008-3577

больше 17 лет назад

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.

CVSS2: 4.6
EPSS: Низкий
ubuntu логотип

CVE-2008-3576

больше 17 лет назад

Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information.

CVSS2: 10
EPSS: Средний
ubuntu логотип

CVE-2008-3568

больше 17 лет назад

Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1.

CVSS2: 7.5
EPSS: Низкий
ubuntu логотип

CVE-2008-3547

почти 17 лет назад

Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."

CVSS2: 9
EPSS: Средний
ubuntu логотип

CVE-2008-3546

больше 17 лет назад

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

CVSS2: 7.5
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
ubuntu логотип
CVE-2008-3659

Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via the delimiter argument to the explode function. NOTE: the scope of this issue is limited since most applications would not use an attacker-controlled delimiter, but local attacks against safe_mode are feasible.

CVSS2: 6.4
14%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3658

Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP 4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted font file.

CVSS2: 7.5
11%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3657

The dl module in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not check "taintness" of inputs, which allows context-dependent attackers to bypass safe levels and execute dangerous functions by accessing a library using DL.dlopen.

CVSS2: 7.5
25%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3656

Algorithmic complexity vulnerability in the WEBrick::HTTPUtils.split_header_value function in WEBrick::HTTP::DefaultFileHandler in WEBrick in Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 allows context-dependent attackers to cause a denial of service (CPU consumption) via a crafted HTTP request that is processed by a backtracking regular expression.

CVSS2: 7.8
73%
Высокий
больше 17 лет назад
ubuntu логотип
CVE-2008-3655

Ruby 1.8.5 and earlier, 1.8.6 through 1.8.6-p286, 1.8.7 through 1.8.7-p71, and 1.9 through r18423 does not properly restrict access to critical variables and methods at various safe levels, which allows context-dependent attackers to bypass intended access restrictions via (1) untrace_var, (2) $PROGRAM_NAME, and (3) syslog at safe level 4, and (4) insecure methods at safe levels 1 through 3.

CVSS2: 7.5
39%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3654

Unspecified vulnerability in TikiWiki CMS/Groupware before 2.0 allows attackers to obtain "path and PHP configuration" via unknown vectors.

CVSS2: 5
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3653

Multiple unspecified vulnerabilities in TikiWiki CMS/Groupware before 2.0 have unknown impact and attack vectors.

CVSS2: 10
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3652

src/racoon/handler.c in racoon in ipsec-tools does not remove an "orphaned ph1" (phase 1) handle when it has been initiated remotely, which allows remote attackers to cause a denial of service (resource consumption).

CVSS2: 7.8
21%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3651

Memory leak in racoon/proposal.c in the racoon daemon in ipsec-tools before 0.7.1 allows remote authenticated users to cause a denial of service (memory consumption) via invalid proposals.

CVSS2: 4
5%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3650

Multiple unspecified vulnerabilities in Horde Groupware Webmail before Edition 1.1.1 (final) have unknown impact and attack vectors related to "unescaped output," possibly cross-site scripting (XSS), in the (1) object browser and (2) contact view.

CVSS2: 9
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3641

The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.

CVSS2: 10
48%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3640

Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.

CVSS2: 6.8
9%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3639

Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.

CVSS2: 7.5
8%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3632

Use-after-free vulnerability in WebKit in Apple iPod touch 1.1 through 2.0.2, and iPhone 1.0 through 2.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a web page with crafted Cascading Style Sheets (CSS) import statements.

CVSS2: 9.3
11%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3600

Directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1.5.7 and 1.6-alpha3, when register_globals is enabled, allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the phpEx parameter within a modload action.

CVSS2: 6.8
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3577

Buffer overflow in src/openttd.cpp in OpenTTD before 0.6.2 allows local users to execute arbitrary code via a large filename supplied to the "-g" parameter in the ttd_main function. NOTE: it is unlikely that this issue would cross privilege boundaries in typical environments.

CVSS2: 4.6
0%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3576

Buffer overflow in the TruncateString function in src/gfx.cpp in OpenTTD before 0.6.2 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a crafted string. NOTE: some of these details are obtained from third party information.

CVSS2: 10
10%
Средний
больше 17 лет назад
ubuntu логотип
CVE-2008-3568

Absolute path traversal vulnerability in fckeditor/editor/filemanager/browser/default/connectors/php/connector.php in UNAK-CMS 1.5.5 allows remote attackers to include and execute arbitrary local files via a full pathname in the Dirroot parameter, a different vulnerability than CVE-2006-4890.1.

CVSS2: 7.5
2%
Низкий
больше 17 лет назад
ubuntu логотип
CVE-2008-3547

Buffer overflow in the server in OpenTTD 0.6.1 and earlier allows remote authenticated users to cause a denial of service (persistent game disruption) or possibly execute arbitrary code via vectors involving many long names for "companies and clients."

CVSS2: 9
13%
Средний
почти 17 лет назад
ubuntu логотип
CVE-2008-3546

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

CVSS2: 7.5
2%
Низкий
больше 17 лет назад

Уязвимостей на страницу