Debian Linux 3.1 PPC Edition

diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.

Published: 2008-02-25T21:00:00.000Z
Updated: 2024-08-07T08:01:40.118Z

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Published: 2008-02-28T21:00:00.000Z
Updated: 2024-08-07T07:46:54.069Z

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Published: 2008-01-12T02:00:00.000Z
Updated: 2024-08-07T16:02:36.031Z

vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.

Published: 2007-10-30T21:00:00.000Z
Updated: 2024-08-07T15:39:13.645Z

File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

Published: 2007-04-30T22:00:00.000Z
Updated: 2024-08-07T13:23:50.258Z

Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.

Published: 2007-02-06T02:00:00.000Z
Updated: 2024-08-07T12:19:30.137Z

The save_log_local function in Fully Automatic Installation (FAI) 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to obtain the hash.

Published: 2006-12-18T02:00:00.000Z
Updated: 2024-08-07T20:33:59.717Z

Buffer overflow in man and mandb (man-db) 2.4.3 and earlier allows local users to execute arbitrary code via crafted arguments to the -H flag.

Published: 2007-04-10T18:00:00.000Z
Updated: 2024-08-07T19:06:06.608Z

debconf in Debian GNU/Linux, when configuring mnogosearch in the mnogosearch-common 3.2.31-1 package, uses the world-readable config.dat file instead of the restricted passwords.dat for storing the cleartext database administrator password in the mnogosearch-common/database_admin_pass record, which allows local users to view the password.

Published: 2006-04-13T10:00:00.000Z
Updated: 2024-08-07T17:27:28.606Z

A cron job in fcheck before 2.7.59 allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Published: 2006-04-18T20:00:00.000Z
Updated: 2024-08-07T17:27:27.691Z

Untrusted search path vulnerability in libtunepimp-perl 0.4.2-1 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the tunepimp.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

Published: 2006-03-31T11:00:00.000Z
Updated: 2024-08-07T17:19:48.665Z

Untrusted search path vulnerability in libgpib-perl 3.2.06-2 in Debian GNU/Linux includes an RPATH value under the /tmp/buildd directory for the LinuxGpib.so module, which might allow local users to gain privileges by installing malicious libraries in that directory.

Published: 2006-03-31T11:00:00.000Z
Updated: 2024-08-07T17:19:48.349Z

Untrusted search path vulnerability in libapache2-svn 1.3.0-4 for Subversion in Debian GNU/Linux includes RPATH values under the /tmp/svn directory for the (1) mod_authz_svn.so and (2) mod_dav_svn.so modules, which might allow local users to gain privileges by installing malicious libraries in that directory.

Published: 2006-03-31T11:00:00.000Z
Updated: 2024-08-07T17:19:48.319Z

Unspecified vulnerability in certain versions of xpdf after 3.00, as used in various products including (a) pdfkit.framework, (b) gpdf, (c) pdftohtml, and (d) libextractor, has unknown impact and user-assisted attack vectors, possibly involving errors in (1) gmem.c, (2) SplashXPathScanner.cc, (3) JBIG2Stream.cc, (4) JPXStream.cc, and/or (5) Stream.cc. NOTE: this description is based on Debian advisory DSA 979, which is based on changes that were made after other vulnerabilities such as CVE-2006-0301 and CVE-2005-3624 through CVE-2005-3628 were fixed. Some of these newer fixes appear to be security-relevant, although it is not clear if they fix specific issues or are defensive in nature.

Published: 2006-03-15T19:00:00.000Z
Updated: 2024-08-07T17:03:28.588Z

snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file.

Published: 2006-03-23T11:00:00.000Z
Updated: 2024-08-07T16:18:20.808Z

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.446Z

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.366Z

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

Published: 2006-01-06T22:00:00.000Z
Updated: 2024-08-07T23:17:23.457Z

cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.

Published: 2005-10-05T04:00:00.000Z
Updated: 2024-08-07T22:53:29.987Z

Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090.

Published: 2005-09-28T04:00:00.000Z
Updated: 2024-08-07T22:30:01.787Z

Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.

Published: 2005-08-29T04:00:00.000Z
Updated: 2024-08-07T22:06:58.086Z