Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by daniel_stenberg
CVE-2007-3152 (GCVE-0-2007-3152)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI
Summary
c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://osvdb.org/37171 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/25579 | third-party-advisoryx_refsource_SECUNIA |
| http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24386 | vdb-entryx_refsource_BID |
Date Public
2007-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.235Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "cares-transactionid-dns-spoofing(34979)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34979"
},
{
"name": "37171",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37171"
},
{
"name": "25579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25579"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "cares-transactionid-dns-spoofing(34979)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34979"
},
{
"name": "37171",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37171"
},
{
"name": "25579",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25579"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "c-ares before 1.4.0 uses a predictable seed for the random number generator for the DNS Transaction ID field, which might allow remote attackers to spoof DNS responses by guessing the field value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "cares-transactionid-dns-spoofing(34979)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34979"
},
{
"name": "37171",
"refsource": "OSVDB",
"url": "http://osvdb.org/37171"
},
{
"name": "25579",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25579"
},
{
"name": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup",
"refsource": "CONFIRM",
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3152",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.235Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3153 (GCVE-0-2007-3153)
Vulnerability from cvelistv5 – Published: 2007-06-11 22:00 – Updated: 2024-08-07 14:05
VLAI
Summary
The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://osvdb.org/37172 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/24386 | vdb-entryx_refsource_BID |
Date Public
2007-05-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.360Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "37172",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/37172"
},
{
"name": "cares-aresinitrandomizekey-weak-security(34980)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34980"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "37172",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/37172"
},
{
"name": "cares-aresinitrandomizekey-weak-security(34980)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34980"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24386"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3153",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ares_init:randomize_key function in c-ares, on platforms other than Windows, uses a weak facility for producing a random number sequence (Unix rand), which makes it easier for remote attackers to spoof DNS responses by guessing certain values."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "37172",
"refsource": "OSVDB",
"url": "http://osvdb.org/37172"
},
{
"name": "cares-aresinitrandomizekey-weak-security(34980)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34980"
},
{
"name": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup",
"refsource": "CONFIRM",
"url": "http://cool.haxx.se/cvs.cgi/curl/ares/CHANGES?rev=HEAD\u0026content-type=text/vnd.viewcvs-markup"
},
{
"name": "24386",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24386"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3153",
"datePublished": "2007-06-11T22:00:00.000Z",
"dateReserved": "2007-06-11T00:00:00.000Z",
"dateUpdated": "2024-08-07T14:05:29.360Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2006-1061 (GCVE-0-2006-1061)
Vulnerability from cvelistv5 – Published: 2006-03-21 01:00 – Updated: 2024-08-07 16:56
VLAI
Summary
Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
13 references
| URL | Tags |
|---|---|
| http://www.redhat.com/archives/fedora-announce-li… | vendor-advisoryx_refsource_FEDORA |
| http://secunia.com/advisories/19371 | third-party-advisoryx_refsource_SECUNIA |
| http://www.gentoo.org/security/en/glsa/glsa-20060… | vendor-advisoryx_refsource_GENTOO |
| http://www.vupen.com/english/advisories/2006/1008 | vdb-entryx_refsource_VUPEN |
| http://curl.haxx.se/docs/adv_20060320.html | x_refsource_CONFIRM |
| http://secunia.com/advisories/19335 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/17154 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/23982 | vdb-entryx_refsource_OSVDB |
| http://archives.neohapsis.com/archives/fulldisclo… | mailing-listx_refsource_FULLDISC |
| http://www.trustix.org/errata/2006/0016 | vendor-advisoryx_refsource_TRUSTIX |
| http://secunia.com/advisories/19271 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://secunia.com/advisories/19344 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2006-03-20 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:56:15.565Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FEDORA-2006-189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.html"
},
{
"name": "19371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19371"
},
{
"name": "GLSA-200603-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml"
},
{
"name": "ADV-2006-1008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1008"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20060320.html"
},
{
"name": "19335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19335"
},
{
"name": "17154",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17154"
},
{
"name": "23982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/23982"
},
{
"name": "20060320 [SSAG#001] :: cURL tftp:// URL Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html"
},
{
"name": "2006-0016",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0016"
},
{
"name": "19271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19271"
},
{
"name": "curl-tftp-bo(25318)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25318"
},
{
"name": "19344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19344"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-03-20T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "FEDORA-2006-189",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.html"
},
{
"name": "19371",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19371"
},
{
"name": "GLSA-200603-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml"
},
{
"name": "ADV-2006-1008",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1008"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20060320.html"
},
{
"name": "19335",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19335"
},
{
"name": "17154",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17154"
},
{
"name": "23982",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/23982"
},
{
"name": "20060320 [SSAG#001] :: cURL tftp:// URL Buffer Overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html"
},
{
"name": "2006-0016",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0016"
},
{
"name": "19271",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19271"
},
{
"name": "curl-tftp-bo(25318)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25318"
},
{
"name": "19344",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19344"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2006-1061",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in cURL and libcURL 7.15.0 through 7.15.2 allows remote attackers to execute arbitrary commands via a TFTP URL (tftp://) with a valid hostname and a long path."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FEDORA-2006-189",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2006-March/msg00048.html"
},
{
"name": "19371",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19371"
},
{
"name": "GLSA-200603-19",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-19.xml"
},
{
"name": "ADV-2006-1008",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1008"
},
{
"name": "http://curl.haxx.se/docs/adv_20060320.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20060320.html"
},
{
"name": "19335",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19335"
},
{
"name": "17154",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17154"
},
{
"name": "23982",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/23982"
},
{
"name": "20060320 [SSAG#001] :: cURL tftp:// URL Buffer Overflow",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2006-03/1326.html"
},
{
"name": "2006-0016",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0016"
},
{
"name": "19271",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19271"
},
{
"name": "curl-tftp-bo(25318)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25318"
},
{
"name": "19344",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19344"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2006-1061",
"datePublished": "2006-03-21T01:00:00.000Z",
"dateReserved": "2006-03-07T00:00:00.000Z",
"dateUpdated": "2024-08-07T16:56:15.565Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-4077 (GCVE-0-2005-4077)
Vulnerability from cvelistv5 – Published: 2005-12-08 01:00 – Updated: 2024-08-07 23:31
VLAI
Summary
Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a "?" separator in the hostname portion, which causes a "/" to be prepended to the resulting string.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
36 references
Date Public
2005-12-07 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:31:48.962Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17951",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "GLSA-200603-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml"
},
{
"name": "ADV-2006-1779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "ADV-2005-2791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2791"
},
{
"name": "ADV-2006-0960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0960"
},
{
"name": "DSA-919",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-919"
},
{
"name": "19433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19433"
},
{
"name": "FEDORA-2005-1129",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
},
{
"name": "RHSA-2005:875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-875.html"
},
{
"name": "20051207 Advisory 24/2005: libcurl URL parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/418849/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.hardened-php.net/advisory_242005.109.html"
},
{
"name": "oval:org.mitre.oval:def:10855",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "USN-228-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/228-1/"
},
{
"name": "17977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17977"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://curl.haxx.se/docs/adv_20051207.html"
},
{
"name": "18105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18105"
},
{
"name": "15756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15756"
},
{
"name": "SCOSA-2006.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO",
"x_transferred"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt"
},
{
"name": "APPLE-SA-2006-05-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "18336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18336"
},
{
"name": "19261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19261"
},
{
"name": "GLSA-200512-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml"
},
{
"name": "TSLSA-2005-0072",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0072/"
},
{
"name": "17965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17965"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://qa.openoffice.org/issues/show_bug.cgi?id=59032"
},
{
"name": "19457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19457"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "17960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17960"
},
{
"name": "MDKSA-2005:224",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:224"
},
{
"name": "17907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17907"
},
{
"name": "20077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20077"
},
{
"name": "18188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18188"
},
{
"name": "17961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17961"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-07T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a \"?\" separator in the hostname portion, which causes a \"/\" to be prepended to the resulting string."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17951",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "GLSA-200603-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml"
},
{
"name": "ADV-2006-1779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "ADV-2005-2791",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2791"
},
{
"name": "ADV-2006-0960",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0960"
},
{
"name": "DSA-919",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-919"
},
{
"name": "19433",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19433"
},
{
"name": "FEDORA-2005-1129",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
},
{
"name": "RHSA-2005:875",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2005-875.html"
},
{
"name": "20051207 Advisory 24/2005: libcurl URL parsing vulnerability",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/418849/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.hardened-php.net/advisory_242005.109.html"
},
{
"name": "oval:org.mitre.oval:def:10855",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "USN-228-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/228-1/"
},
{
"name": "17977",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17977"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://curl.haxx.se/docs/adv_20051207.html"
},
{
"name": "18105",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18105"
},
{
"name": "15756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15756"
},
{
"name": "SCOSA-2006.16",
"tags": [
"vendor-advisory",
"x_refsource_SCO"
],
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt"
},
{
"name": "APPLE-SA-2006-05-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "18336",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18336"
},
{
"name": "19261",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19261"
},
{
"name": "GLSA-200512-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml"
},
{
"name": "TSLSA-2005-0072",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0072/"
},
{
"name": "17965",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17965"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://qa.openoffice.org/issues/show_bug.cgi?id=59032"
},
{
"name": "19457",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19457"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "17960",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17960"
},
{
"name": "MDKSA-2005:224",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:224"
},
{
"name": "17907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17907"
},
{
"name": "20077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20077"
},
{
"name": "18188",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18188"
},
{
"name": "17961",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17961"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4077",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple off-by-one errors in the cURL library (libcurl) 7.11.2 through 7.15.0 allow local users to trigger a buffer overflow and cause a denial of service or bypass PHP security restrictions via certain URLs that (1) are malformed in a way that prevents a terminating null byte from being added to either a hostname or path buffer, or (2) contain a \"?\" separator in the hostname portion, which causes a \"/\" to be prepended to the resulting string."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "GLSA-200603-25",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200603-25.xml"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "ADV-2005-2791",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2791"
},
{
"name": "ADV-2006-0960",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0960"
},
{
"name": "DSA-919",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-919"
},
{
"name": "19433",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19433"
},
{
"name": "FEDORA-2005-1129",
"refsource": "FEDORA",
"url": "http://www.redhat.com/archives/fedora-announce-list/2005-December/msg00020.html"
},
{
"name": "RHSA-2005:875",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2005-875.html"
},
{
"name": "20051207 Advisory 24/2005: libcurl URL parsing vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/418849/100/0/threaded"
},
{
"name": "http://www.hardened-php.net/advisory_242005.109.html",
"refsource": "MISC",
"url": "http://www.hardened-php.net/advisory_242005.109.html"
},
{
"name": "oval:org.mitre.oval:def:10855",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10855"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "USN-228-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/228-1/"
},
{
"name": "17977",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17977"
},
{
"name": "http://curl.haxx.se/docs/adv_20051207.html",
"refsource": "CONFIRM",
"url": "http://curl.haxx.se/docs/adv_20051207.html"
},
{
"name": "18105",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18105"
},
{
"name": "15756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15756"
},
{
"name": "SCOSA-2006.16",
"refsource": "SCO",
"url": "ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.16/SCOSA-2006.16.txt"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "18336",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18336"
},
{
"name": "19261",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19261"
},
{
"name": "GLSA-200512-09",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200512-09.xml"
},
{
"name": "TSLSA-2005-0072",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0072/"
},
{
"name": "17965",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17965"
},
{
"name": "http://qa.openoffice.org/issues/show_bug.cgi?id=59032",
"refsource": "MISC",
"url": "http://qa.openoffice.org/issues/show_bug.cgi?id=59032"
},
{
"name": "19457",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19457"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "17960",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17960"
},
{
"name": "MDKSA-2005:224",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:224"
},
{
"name": "17907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17907"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "18188",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18188"
},
{
"name": "17961",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17961"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4077",
"datePublished": "2005-12-08T01:00:00.000Z",
"dateReserved": "2005-12-08T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:31:48.962Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2002-1868 (GCVE-0-2002-1868)
Vulnerability from cvelistv5 – Published: 2005-06-28 04:00 – Updated: 2024-09-16 20:11
VLAI
Summary
Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://www.iss.net/security_center/static/9787.php | vdb-entryx_refsource_XF |
| http://www.contactor.se/~dast/dispair/dispair.cgi… | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/5392 | vdb-entryx_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T03:43:33.555Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "dispair-execute-commands(9787)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "http://www.iss.net/security_center/static/9787.php"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz\u0026dir=\u0026view=CHANGES"
},
{
"name": "5392",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/5392"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-06-28T04:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "dispair-execute-commands(9787)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "http://www.iss.net/security_center/static/9787.php"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz\u0026dir=\u0026view=CHANGES"
},
{
"name": "5392",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/5392"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2002-1868",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell commands via certain form fields."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "dispair-execute-commands(9787)",
"refsource": "XF",
"url": "http://www.iss.net/security_center/static/9787.php"
},
{
"name": "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz\u0026dir=\u0026view=CHANGES",
"refsource": "CONFIRM",
"url": "http://www.contactor.se/~dast/dispair/dispair.cgi?file=dispair-0.3.tar.gz\u0026dir=\u0026view=CHANGES"
},
{
"name": "5392",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/5392"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2002-1868",
"datePublished": "2005-06-28T04:00:00.000Z",
"dateReserved": "2005-06-28T04:00:00.000Z",
"dateUpdated": "2024-09-16T20:11:39.244Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2000-0973 (GCVE-0-2000-0973)
Vulnerability from cvelistv5 – Published: 2001-01-22 05:00 – Updated: 2024-08-08 05:37
VLAI
Summary
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories… | vendor-advisoryx_refsource_FREEBSD |
| http://www.securityfocus.com/bid/1804 | vdb-entryx_refsource_BID |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://archives.neohapsis.com/archives/bugtraq/20… | vendor-advisoryx_refsource_REDHAT |
Date Public
2000-10-13 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T05:37:31.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "FreeBSD-SA-00:72",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD",
"x_transferred"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc"
},
{
"name": "1804",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/1804"
},
{
"name": "curl-error-bo(5374)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5374"
},
{
"name": "RHBA-2000:092-01",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2000-10-13T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-02T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "FreeBSD-SA-00:72",
"tags": [
"vendor-advisory",
"x_refsource_FREEBSD"
],
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc"
},
{
"name": "1804",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/1804"
},
{
"name": "curl-error-bo(5374)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5374"
},
{
"name": "RHBA-2000:092-01",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2000-0973",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "FreeBSD-SA-00:72",
"refsource": "FREEBSD",
"url": "ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc"
},
{
"name": "1804",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/1804"
},
{
"name": "curl-error-bo(5374)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/5374"
},
{
"name": "RHBA-2000:092-01",
"refsource": "REDHAT",
"url": "http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2000-0973",
"datePublished": "2001-01-22T05:00:00.000Z",
"dateReserved": "2000-11-24T00:00:00.000Z",
"dateUpdated": "2024-08-08T05:37:31.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}