Gentoo Linux Distribution - Page 181
Find the information you need for your favorite open source distribution .
Find the information you need for your favorite open source distribution .
The email variable and the default error page in mailmain 2.1 contains cross site scripting vulnerabilities.
A wave file will let the attacker to execute all the code he wants on the victim.
All versions < 0.2.2 have a major security vulnerability in the directory parser.
The overflow appears when the slocate is run with two parameters: -c and -r, using as arguments a 1024 bytes string.
An attacker may be able to execute arbitrary code by sending a specially crafted e-mail to a system using SpamAssassin's spamc program in BSMTP mode.
Opening a specially crafted text file with vim can execute arbitrary shell commands and pass parameters to them.
According to CERT advisory CA-2003-01 a buffer overflow exists in the minires library embedded in ISC DHCPD versions 3.0 through 3.0.1RC10.
On servers which are configured to allow anonymous read-only access, this bug could be used by anonymous users to gain write privileges.
In some instances KDE fails to properly quote parameters of instructions passed to a command shell for execution.
The Internet Software Consortium (ISC) has discovered several buffer overflow vulnerabilities in their implementation of DHCP (ISC DHCPD).
fnord 1.6 contained a buffer overrun in the CGI code. However, since the function does not return, this does not appear to be exploitable.
If you use the wordwrap() function on user-supplied input, a specially-crafted input can overflow the allocated buffer and overwrite the heap.
There is a problem in connection with 16-bit samples from libpng.
The vulnerabilities in LCDproc allow an attacker to remotely execute arbitrary code or cause the LCDproc server to crash.
A buffer overflow exist in the messaging framework which would allow a remote user to execute commands as the user running the game server.
limbcrypt versions prior to 2.5.5 contain a number of buffer overflow vulnerabilities that stem from imporper or lacking input validation.
A lack of input validation on an external script may make it possible for commands injected by a malicious DHCP server to be executed through the use of shell metacharacters such as ';' and '|'. These commands may run with root privileges.
This vulnerability can make leafnode's nntpd server, named leafnode, go into an unterminated loop when a particular article is requested.
The pdftops filter in the Xpdf and CUPS packages contains an integer overflow that can be exploited to gain the privileges of the target user or in some cases the increased privileges of the 'lp' user if installed setuid.