Summary
Detail | |||
---|---|---|---|
Vendor | Mandrakesoft | First view | 2003-07-24 |
Product | Mandrake Linux Corporate Server | Last view | 2005-12-31 |
Version | 2.1 | Type | Os |
Update | * | ||
Edition | * | ||
Language | * | ||
Sofware Edition | * | ||
Target Software | * | ||
Target Hardware | * | ||
Other | * | ||
CPE Product | cpe:2.3:o:mandrakesoft:mandrake_linux_corporate_server |
Activity : Overall
Related : CVE
Date | Alert | Description | |
---|---|---|---|
5 | 2005-12-31 | CVE-2005-3626 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. |
10 | 2005-12-31 | CVE-2005-3625 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." |
5 | 2005-12-31 | CVE-2005-3624 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. |
6.8 | 2005-04-27 | CVE-2005-0085 | Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. |
2.1 | 2005-04-14 | CVE-2005-0003 | The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file. |
6.2 | 2005-04-14 | CVE-2004-1235 | Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. |
7.5 | 2005-03-02 | CVE-2005-0605 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. |
7.2 | 2005-03-01 | CVE-2004-1051 | sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. |
5 | 2005-03-01 | CVE-2004-0983 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. |
2.1 | 2005-02-09 | CVE-2004-0977 | The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files. |
2.1 | 2005-02-09 | CVE-2004-0975 | The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. |
2.1 | 2005-02-09 | CVE-2004-0974 | The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. |
7.5 | 2005-01-10 | CVE-2004-1098 | MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. |
5 | 2005-01-10 | CVE-2004-1014 | statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. |
2.1 | 2004-12-31 | CVE-2004-2395 | Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer. |
2.1 | 2004-12-31 | CVE-2004-2394 | Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks. |
5 | 2004-12-31 | CVE-2004-2392 | libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs. |
7.5 | 2004-12-31 | CVE-2004-0817 | Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file. |
5.1 | 2004-12-31 | CVE-2004-0802 | Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817. |
7.2 | 2004-12-23 | CVE-2004-0834 | Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3. |
7.5 | 2004-12-23 | CVE-2004-0805 | Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file. |
2.1 | 2004-12-06 | CVE-2004-0565 | Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit. |
2.1 | 2004-12-06 | CVE-2004-0497 | Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4. |
7.2 | 2004-12-06 | CVE-2004-0496 | Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool. |
2.1 | 2004-10-20 | CVE-2004-0559 | The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. |
CWE : Common Weakness Enumeration
% | id | Name |
---|---|---|
66% (2) | CWE-399 | Resource Management Errors |
33% (1) | CWE-189 | Numeric Errors |
Open Source Vulnerability Database (OSVDB)
id | Description |
---|---|
22235 | Multiple Products Xpdf/kpdf Crafted FlateDecode Stream NULL Dereference DoS |
22234 | Multiple Products Xpdf/kpdf Crafted CCITTFaxDecode / DCTDecode Stream DoS |
22233 | Multiple Products Xpdf/kpdf Stream.cc CCITTFaxStream::CCITTFaxStream Function... |
19790 | Linux passwd Failed Read Attempt Local DoS |
19789 | Linux passwd --stdin Off-by-one Password Generation Weakness |
19100 | Mandrake ibuser Unspecified Read Failure Related DoS |
14373 | libXpm XPM Image GetImagePixels() / PutImagePixels() Overflow |
13778 | netkit-rwho rwhod Packet Validation Remote DoS |
13735 | MIME-tools MIMEDefang Empty Boundary Content-Type Virus Scan Bypass |
13520 | ht://Dig (htdig) config Parameter XSS |
12917 | Linux Kernel Elf Binary Overlapping VMA Local Privilege Escalation |
12791 | Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation |
12240 | nfs-utils rpc.statd SIGPIPE TCP Connection DoS |
11716 | sudo Bash Script Subversion Arbitrary Command Execution |
11534 | Ruby cgi.rb Malformed HTTP Request CPU Utilization DoS |
11125 | OpenSSL der_chop Script Symlink Arbitrary File Modification |
11123 | Netatalk etc2ps.sh Symlink Arbitrary File Modification |
11004 | Thomson SpeedTouch USB Driver Multiple Function Format String |
10941 | PostgreSQL make_oidjoins_check Arbitrary File Overwrite |
10297 | Linux Kernel env_start/env_end Race Condition DoS |
9781 | imlib2 BMP Image Decoding Overflow |
9775 | Usermin Installation .webmin Symlink Privilege Escalation |
9748 | mpg123 layer2.c Header Remote Overflow |
9436 | imlib2 BMP Decoding Overflow |
9435 | imlib BMP Decoding Overflow |
ExploitDB Exploits
id | Description |
---|---|
718 | Linux Kernel 2.6.x chown() Group Ownership Alteration Exploit |
OpenVAS Exploits
id | Description |
---|---|
2010-02-03 | Name : Solaris Update for Runtime library for Solaris 10 119281-22 File : nvt/gb_solaris_119281_22.nasl |
2010-02-03 | Name : Solaris Update for CDE 1.6 119280-22 File : nvt/gb_solaris_119280_22.nasl |
2009-11-17 | Name : Mac OS X Version File : nvt/macosx_version.nasl |
2009-10-10 | Name : SLES9: Security update for htdig File : nvt/sles9p5018082.nasl |
2009-10-10 | Name : SLES9: Security update for ruby File : nvt/sles9p5013198.nasl |
2009-10-10 | Name : SLES9: Security update for imlib File : nvt/sles9p5014360.nasl |
2009-10-10 | Name : SLES9: Security update for Linux kernel core File : nvt/sles9p5014380.nasl |
2009-10-10 | Name : SLES9: Security update for XFree86-libs File : nvt/sles9p5016773.nasl |
2009-05-05 | Name : HP-UX Update for Apache HPSBUX01064 File : nvt/gb_hp_ux_HPSBUX01064.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-16 (PostgreSQL) File : nvt/glsa_200410_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200406-05 (Apache) File : nvt/glsa_200406_05.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-02 (Kernel) File : nvt/glsa_200407_02.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200407-16 (Kernel) File : nvt/glsa_200407_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-07 (xv) File : nvt/glsa_200409_07.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-12 (imagemagick imlib) File : nvt/glsa_200409_12.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-15 (Usermin) File : nvt/glsa_200409_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200409-20 (mpg123) File : nvt/glsa_200409_20.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200410-25 (Netatalk) File : nvt/glsa_200410_25.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-04 (speedtouch) File : nvt/glsa_200411_04.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-06 (MIME-tools) File : nvt/glsa_200411_06.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-15 (OpenSSL) File : nvt/glsa_200411_15.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200411-23 (Ruby) File : nvt/glsa_200411_23.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200412-08 (nfs-utils) File : nvt/glsa_200412_08.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200502-16 (htdig) File : nvt/glsa_200502_16.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200503-08 (openmotif) File : nvt/glsa_200503_08.nasl |
Snort® IPS/IDS
Date | Description |
---|---|
2019-09-10 | nfs-utils TCP connection termination denial-of-service attempt RuleID : 50913 - Type : SERVER-OTHER - Revision : 1 |
2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222-community - Type : SERVER-WEBAPP - Revision : 20 |
2014-01-10 | Infinity CGI exploit scanner nph-exploitscanget.cgi access RuleID : 2222 - Type : SERVER-WEBAPP - Revision : 20 |
Nessus® Vulnerability Scanner
id | Description |
---|---|
2013-01-24 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0523.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-010.nasl - Type: ACT_GATHER_INFO |
2012-09-24 | Name: The remote Fedora Core host is missing a security update. File: fedora_2006-011.nasl - Type: ACT_GATHER_INFO |
2012-01-04 | Name: Arbitrary files could be overwritten on the remote server. File: openssl_0_9_7f.nasl - Type: ACT_GATHER_INFO |
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0261.nasl - Type: ACT_GATHER_INFO |
2010-01-10 | Name: The remote Red Hat host is missing one or more security updates. File: redhat-RHSA-2008-0524.nasl - Type: ACT_GATHER_INFO |
2009-09-24 | Name: The remote SuSE 9 host is missing a security-related patch. File: suse9_9833.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_00644f03fb5811d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_15e0e96302ed11d9a20900061bc2ad93.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_6a164d842f7f11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ae7b7f6505c711d9b45d000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing a security-related update. File: freebsd_pkg_ba005226fb5b11d89837000c41e2cdad.nasl - Type: ACT_GATHER_INFO |
2009-04-23 | Name: The remote FreeBSD host is missing one or more security-related updates. File: freebsd_pkg_d656296b33ff11d9a9e70001020eed82.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-371-1.nasl - Type: ACT_GATHER_INFO |
2007-11-10 | Name: The remote Ubuntu host is missing one or more security-related patches. File: ubuntu_USN-394-1.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-192.nasl - Type: ACT_GATHER_INFO |
2007-02-18 | Name: The remote Mandrake Linux host is missing one or more security updates. File: mandrake_MDKSA-2006-225.nasl - Type: ACT_GATHER_INFO |
2006-12-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1234.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1067.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1069.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1070.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-1082.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-931.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-932.nasl - Type: ACT_GATHER_INFO |
2006-10-14 | Name: The remote Debian host is missing a security-related update. File: debian_DSA-936.nasl - Type: ACT_GATHER_INFO |