CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register   Reset Password   Activate Account
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Openpkg : Security Vulnerabilities

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2007-5116 119 Exec Code Overflow 2007-11-07 2010-08-21
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
2 CVE-2005-0373 Exec Code Overflow 2004-10-07 2008-09-10
7.5
User Remote Low Not required Partial Partial Partial
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.
3 CVE-2004-1997 +Priv 2004-05-05 2008-09-10
4.6
User Local Low Not required Partial Partial Partial
Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges.
4 CVE-2004-1471 DoS Exec Code 2004-12-31 2008-09-05
7.1
Admin Remote High Single system Complete Complete Complete
Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
5 CVE-2004-1065 Exec Code Overflow 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the exif_read_data function in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to execute arbitrary code via a long section name in an image file.
6 CVE-2004-1019 20 DoS Exec Code 2005-01-10 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 allows remote attackers to cause a denial of service and execute arbitrary code via untrusted data to the unserialize function that may trigger "information disclosure, double-free and negative reference index array underflow" results.
7 CVE-2004-1013 Exec Code Mem. Corr. 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x through 2.2.8 allows remote authenticated users to execute arbitrary code via certain commands such as (1) "body[p", (2) "binary[p", or (3) "binary[p") that cause an index increment error that leads to an out-of-bounds memory corruption.
8 CVE-2004-1012 Exec Code Mem. Corr. 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 and earlier allows remote authenticated users to execute arbitrary code via a certain command ("body[p") that is treated as a different command ("body.peek") and causes an index increment error that leads to an out-of-bounds memory corruption.
9 CVE-2004-1011 Exec Code Overflow 2005-01-10 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, with the imapmagicplus option enabled, allows remote attackers to execute arbitrary code via a long (1) PROXY or (2) LOGIN command, a different vulnerability than CVE-2004-1015.
10 CVE-2004-0990 DoS Exec Code Overflow 2005-03-01 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via PNG image files with large image rows values that lead to a heap-based buffer overflow in the gdImageCreateFromPngCtx function, a different set of vulnerabilities than CVE-2004-0941.
11 CVE-2004-0957 2005-02-09 2008-09-10
6.8
User Remote Medium Not required Partial Partial Partial
Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user has privileges for a database whose name includes a "_" (underscore), grants privileges to other databases that have similar names, which can allow the user to conduct unauthorized activities.
12 CVE-2004-0940 119 Exec Code Overflow XSS 2005-02-09 2008-09-10
6.9
Admin Local Medium Not required Complete Complete Complete
Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error.
13 CVE-2004-0918 399 DoS 2005-01-27 2010-08-21
5.0
None Remote Low Not required None None Partial
The asn_parse_header function (asn1.c) in the SNMP module for Squid Web Proxy Cache before 2.4.STABLE7 allows remote attackers to cause a denial of service (server restart) via certain SNMP packets with negative length fields that trigger a memory allocation error.
14 CVE-2004-0421 DoS 2004-08-18 2010-08-21
5.0
None Remote Low Not required None None Partial
The Portable Network Graphics library (libpng) 1.0.15 and earlier allows attackers to cause a denial of service (crash) via a malformed PNG image file that triggers an error that causes an out-of-bounds read when creating the error message.
15 CVE-2004-0418 Exec Code 2004-08-06 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
16 CVE-2004-0417 Overflow 2004-08-06 2010-08-21
5.0
None Remote Low Not required None None Partial
Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
17 CVE-2004-0416 119 Exec Code Overflow 2004-08-06 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
18 CVE-2004-0414 DoS Exec Code 2004-08-06 2010-08-21
10.0
Admin Remote Low Not required Complete Complete Complete
CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
19 CVE-2004-0413 DoS Exec Code Overflow 2004-08-06 2008-09-05
10.0
Admin Remote Low Not required Complete Complete Complete
libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn://, (2) svn+ssh://, and (3) other svn protocol URL strings, which allows remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via an integer overflow that leads to a heap-based buffer overflow.
20 CVE-2004-0333 Exec Code Overflow 2004-11-23 2008-09-10
10.0
Admin Remote Low Not required Complete Complete Complete
Buffer overflow in the UUDeview package, as used in WinZip 6.2 through WinZip 8.1 SR-1, and possibly other packages, allows remote attackers to execute arbitrary code via a MIME archive with certain long MIME parameters.
21 CVE-2003-0615 XSS 2003-08-27 2013-07-21
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form's action parameter.
22 CVE-2003-0367 2003-07-02 2008-09-10
2.1
None Local Low Not required None Partial None
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
23 CVE-2003-0147 2003-03-31 2008-09-10
5.0
None Remote Low Not required Partial None None
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
24 CVE-2002-0083 189 +Priv 2002-03-15 2008-11-20
10.0
Admin Remote Low Not required Complete Complete Complete
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
Total number of vulnerabilities : 24   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.