Debian Linux 4.0 IA-32 Edition

Xfig, possibly 3.2.5, allows local users to read and write arbitrary files via a symlink attack on the (1) xfig-eps[PID], (2) xfig-pic[PID].pix, (3) xfig-pic[PID].err, (4) xfig-pcx[PID].pix, (5) xfig-xfigrc[PID], (6) xfig[PID], (7) xfig-print[PID], (8) xfig-export[PID].err, (9) xfig-batch[PID], (10) xfig-exp[PID], or (11) xfig-spell.[PID] temporary files, where [PID] is a process ID.

Published: 2009-06-06T18:00:00.000Z
Updated: 2024-08-07T05:36:20.195Z

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

Published: 2008-06-10T00:00:00.000Z
Updated: 2024-08-07T08:32:01.473Z

policyd-weight 0.1.14 beta-16 and earlier allows local users to modify or delete arbitrary files via a symlink attack on temporary files that are used when creating a socket.

Published: 2008-03-31T22:00:00.000Z
Updated: 2024-08-07T08:24:42.735Z

diatheke.pl in The SWORD Project Diatheke 1.5.9 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the range parameter.

Published: 2008-02-25T21:00:00.000Z
Updated: 2024-08-07T08:01:40.118Z

lib/Driver/sql.php in Turba 2 (turba2) Contact Manager H3 2.1.x before 2.1.7 and 2.2.x before 2.2-RC3, as used in products such as Horde Groupware before 1.0.4 and Horde Groupware Webmail Edition before 1.0.5, does not properly check access rights, which allows remote authenticated users to modify address data via a modified object_id parameter to edit.php, as demonstrated by modifying a personal address book entry when there is write access to a shared address book.

Published: 2008-02-19T00:00:00.000Z
Updated: 2024-08-07T08:01:38.898Z

Stack-based buffer overflow in the zseticcspace function in zicc.c in Ghostscript 8.61 and earlier allows remote attackers to execute arbitrary code via a postscript (.ps) file containing a long Range array in a .seticcspace operator.

Published: 2008-02-28T21:00:00.000Z
Updated: 2024-08-07T07:46:54.069Z

The write_array_file function in utils/include.pl in GForge 4.5.14 updates configuration files by truncating them to zero length and then writing new data, which might allow attackers to bypass intended access restrictions or have unspecified other impact in opportunistic circumstances.

Published: 2008-05-18T14:00:00.000Z
Updated: 2024-08-07T07:39:34.003Z

misc.c in splitvt 1.6.6 and earlier does not drop group privileges before executing xprop, which allows local users to gain privileges.

Published: 2008-02-22T21:00:00.000Z
Updated: 2024-08-07T07:32:23.903Z

The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

Published: 2008-01-12T02:00:00.000Z
Updated: 2024-08-07T16:02:36.031Z

iSCSI Enterprise Target (iscsitarget) 0.4.15 uses weak permissions for /etc/ietd.conf, which allows local users to obtain passwords.

Published: 2007-11-05T19:00:00.000Z
Updated: 2024-08-07T15:47:00.755Z

vobcopy 0.5.14 allows local users to append data to an arbitrary file, or create an arbitrary new file, via a symlink attack on the (1) /tmp/vobcopy.bla or (2) /tmp/vobcopy_0.5.14.log temporary file.

Published: 2007-10-30T21:00:00.000Z
Updated: 2024-08-07T15:39:13.645Z

Buffer overflow in the Mono.Math.BigInteger class in Mono 1.2.5.1 and earlier allows context-dependent attackers to execute arbitrary code via unspecified vectors related to Reduce in Montgomery-based Pow methods.

Published: 2007-11-02T16:00:00.000Z
Updated: 2024-08-07T15:24:42.132Z

Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.

Published: 2007-11-07T20:00:00.000Z
Updated: 2024-08-07T15:17:28.328Z

(1) xenbaked and (2) xenmon.py in Xen 3.1 and earlier allow local users to truncate arbitrary files via a symlink attack on /tmp/xenq-shm.

Published: 2007-10-28T16:00:00.000Z
Updated: 2024-08-07T14:37:05.580Z

The populate_conns function in src/populate_conns.c in GSAMBAD 0.1.4 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gsambadtmp temporary file.

Published: 2007-07-03T01:00:00.000Z
Updated: 2024-08-07T13:57:53.350Z

The (1) getRule and (2) getChains functions in server/rules.cpp in fireflierd (fireflier-server) in FireFlier 1.1.6 allow local users to overwrite arbitrary files via a symlink attack on the /tmp/fireflier.rules temporary file.

Published: 2007-07-03T18:00:00.000Z
Updated: 2024-08-07T13:57:53.386Z

Emacs 21 allows user-assisted attackers to cause a denial of service (crash) via certain crafted images, as demonstrated via a GIF image in vm mode, related to image size calculation.

Published: 2007-06-21T20:00:00.000Z
Updated: 2024-08-07T13:49:57.659Z

File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

Published: 2007-04-30T22:00:00.000Z
Updated: 2024-08-07T13:23:50.258Z

Memory leak in the token OCR functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

Published: 2007-06-27T00:00:00.000Z
Updated: 2024-08-07T13:06:26.105Z

ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service (NULL pointer dereference) via a vector related to the token OCR functionality.

Published: 2007-06-27T00:00:00.000Z
Updated: 2024-08-07T13:06:25.956Z

Memory leak in the image message functionality in ekg before 1:1.7~rc2-1etch1 on Debian GNU/Linux Etch allows remote attackers to cause a denial of service.

Published: 2007-06-27T00:00:00.000Z
Updated: 2024-08-07T13:06:26.082Z

pptpgre.c in PoPToP Point to Point Tunneling Server (pptpd) before 1.3.4 allows remote attackers to cause a denial of service (PPTP connection tear-down) via (1) GRE packets with out-of-order sequence numbers or (2) certain GRE packets that are processed using a wrong pointer and improperly dequeued.

Published: 2007-05-11T03:55:00.000Z
Updated: 2024-08-07T12:12:17.564Z