Search

Find a vulnerability

Search criteria Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.

    10 vulnerabilities by sentex

    CVE-2024-0261 (GCVE-0-2024-0261)

    Vulnerability from nvd – Published: 2024-01-07 01:31 – Updated: 2025-06-03 14:40
    VLAI
    Title
    Sentex FTPDMIN RNFR Command denial of service
    Summary
    A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sentex FTPDMIN Affected: 0.96
    Create a notification for this product.
    Credits
    fernando.mengali (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.249817"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.249817"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=q-CVJfYdd-g"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0261",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:34:53.813791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:40:31.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "RNFR Command Handler"
              ],
              "product": "FTPDMIN",
              "vendor": "Sentex",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.96"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "fernando.mengali (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In Sentex FTPDMIN 0.96 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente RNFR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-07T01:31:03.748Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.249817"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.249817"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://www.youtube.com/watch?v=q-CVJfYdd-g"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-06T09:40:09.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Sentex FTPDMIN RNFR Command denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0261",
        "datePublished": "2024-01-07T01:31:03.748Z",
        "dateReserved": "2024-01-06T08:32:51.208Z",
        "dateUpdated": "2025-06-03T14:40:31.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4641 (GCVE-0-2008-4641)

    Vulnerability from nvd – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31921",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31921"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31921",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31921"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31921",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31921"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4641",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4640 (GCVE-0-2008-4640)

    Vulnerability from nvd – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32506",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-12-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32506",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32506",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32506"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4640",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4639 (GCVE-0-2008-4639)

    Vulnerability from nvd – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20090206 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-03-21T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20090206 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20090206 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4639",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4575 (GCVE-0-2008-4575)

    Vulnerability from nvd – Published: 2008-10-15 19:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2008-8928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
              },
              {
                "name": "31770",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31770"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
              },
              {
                "name": "32363",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32363"
              },
              {
                "name": "FEDORA-2008-8941",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-10-23T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2008-8928",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
            },
            {
              "name": "31770",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31770"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
            },
            {
              "name": "32363",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32363"
            },
            {
              "name": "FEDORA-2008-8941",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2008-8928",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
                },
                {
                  "name": "31770",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31770"
                },
                {
                  "name": "http://www.sentex.net/~mwandel/jhead/changes.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
                },
                {
                  "name": "32363",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32363"
                },
                {
                  "name": "FEDORA-2008-8941",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4575",
        "datePublished": "2008-10-15T19:00:00.000Z",
        "dateReserved": "2008-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-0261 (GCVE-0-2024-0261)

    Vulnerability from cvelistv5 – Published: 2024-01-07 01:31 – Updated: 2025-06-03 14:40
    VLAI
    Title
    Sentex FTPDMIN RNFR Command denial of service
    Summary
    A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability.
    SSVC
    Exploitation: poc Automatable: yes Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    Assigner
    Impacted products
    Vendor Product Version
    Sentex FTPDMIN Affected: 0.96
    Create a notification for this product.
    Credits
    fernando.mengali (VulDB User)
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T17:41:16.313Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "vdb-entry",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?id.249817"
              },
              {
                "tags": [
                  "signature",
                  "permissions-required",
                  "x_transferred"
                ],
                "url": "https://vuldb.com/?ctiid.249817"
              },
              {
                "tags": [
                  "exploit",
                  "x_transferred"
                ],
                "url": "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html"
              },
              {
                "tags": [
                  "media-coverage",
                  "x_transferred"
                ],
                "url": "https://www.youtube.com/watch?v=q-CVJfYdd-g"
              }
            ],
            "title": "CVE Program Container"
          },
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-0261",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "yes"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-05-08T15:34:53.813791Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-06-03T14:40:31.879Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "modules": [
                "RNFR Command Handler"
              ],
              "product": "FTPDMIN",
              "vendor": "Sentex",
              "versions": [
                {
                  "status": "affected",
                  "version": "0.96"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "analyst",
              "value": "fernando.mengali (VulDB User)"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "A vulnerability has been found in Sentex FTPDMIN 0.96 and classified as problematic. Affected by this vulnerability is an unknown functionality of the component RNFR Command Handler. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-249817 was assigned to this vulnerability."
            },
            {
              "lang": "de",
              "value": "In Sentex FTPDMIN 0.96 wurde eine Schwachstelle gefunden. Sie wurde als problematisch eingestuft. Betroffen ist eine unbekannte Verarbeitung der Komponente RNFR Command Handler. Durch das Manipulieren mit unbekannten Daten kann eine denial of service-Schwachstelle ausgenutzt werden. Der Angriff kann \u00fcber das Netzwerk passieren. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.1"
              }
            },
            {
              "cvssV3_0": {
                "baseScore": 5.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
                "version": "3.0"
              }
            },
            {
              "cvssV2_0": {
                "baseScore": 5,
                "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
                "version": "2.0"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-404",
                  "description": "CWE-404 Denial of Service",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2024-01-07T01:31:03.748Z",
            "orgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
            "shortName": "VulDB"
          },
          "references": [
            {
              "tags": [
                "vdb-entry"
              ],
              "url": "https://vuldb.com/?id.249817"
            },
            {
              "tags": [
                "signature",
                "permissions-required"
              ],
              "url": "https://vuldb.com/?ctiid.249817"
            },
            {
              "tags": [
                "exploit"
              ],
              "url": "https://packetstormsecurity.com/files/176342/FTPDMIN-0.96-Denial-Of-Service.html"
            },
            {
              "tags": [
                "media-coverage"
              ],
              "url": "https://www.youtube.com/watch?v=q-CVJfYdd-g"
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2024-01-06T00:00:00.000Z",
              "value": "Advisory disclosed"
            },
            {
              "lang": "en",
              "time": "2024-01-06T01:00:00.000Z",
              "value": "VulDB entry created"
            },
            {
              "lang": "en",
              "time": "2024-01-06T09:40:09.000Z",
              "value": "VulDB entry last update"
            }
          ],
          "title": "Sentex FTPDMIN RNFR Command denial of service"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5",
        "assignerShortName": "VulDB",
        "cveId": "CVE-2024-0261",
        "datePublished": "2024-01-07T01:31:03.748Z",
        "dateReserved": "2024-01-06T08:32:51.208Z",
        "dateUpdated": "2025-06-03T14:40:31.879Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4639 (GCVE-0-2008-4639)

    Vulnerability from cvelistv5 – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.863Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20090206 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2009-03-21T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20090206 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4639",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20090206 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2009/02/06/5"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4639",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.863Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4641 (GCVE-0-2008-4641)

    Vulnerability from cvelistv5 – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    Date Public
    2008-10-15 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.785Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "31921",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31921"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-15T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-11-15T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "31921",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31921"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4641",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows attackers to execute arbitrary commands via shell metacharacters in unspecified input."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "31921",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31921"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/5"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4641",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.785Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4640 (GCVE-0-2008-4640)

    Vulnerability from cvelistv5 – Published: 2008-10-21 16:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final "z" character is replaced by a "t" character or (2) a final "t" character is replaced by a "z" character.
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-10-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.685Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "32506",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/32506"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081127 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
              },
              {
                "name": "[oss-security] 20081016 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-10-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-12-02T10:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "32506",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/32506"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081127 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
            },
            {
              "name": "[oss-security] 20081016 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4640",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "The DoCommand function in jhead.c in Matthias Wandel jhead 2.84 and earlier allows local users to delete arbitrary files via vectors involving a modified input filename in which (1) a final \"z\" character is replaced by a \"t\" character or (2) a final \"t\" character is replaced by a \"z\" character."
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "32506",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/32506"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081127 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/11/26/4"
                },
                {
                  "name": "[oss-security] 20081016 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/16/3"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4640",
        "datePublished": "2008-10-21T16:00:00.000Z",
        "dateReserved": "2008-10-21T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.685Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2008-4575 (GCVE-0-2008-4575)

    Vulnerability from cvelistv5 – Published: 2008-10-15 19:00 – Updated: 2024-08-07 10:24
    VLAI
    Summary
    Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to "a bunch of potential string overflows."
    Severity
    No CVSS data available.
    CWE
    • n/a
    Assigner
    References
    Date Public
    2008-09-16 00:00
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-07T10:24:20.565Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "name": "FEDORA-2008-8928",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
              },
              {
                "name": "31770",
                "tags": [
                  "vdb-entry",
                  "x_refsource_BID",
                  "x_transferred"
                ],
                "url": "http://www.securityfocus.com/bid/31770"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
              },
              {
                "name": "32363",
                "tags": [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
                  "x_transferred"
                ],
                "url": "http://secunia.com/advisories/32363"
              },
              {
                "name": "FEDORA-2008-8941",
                "tags": [
                  "vendor-advisory",
                  "x_refsource_FEDORA",
                  "x_transferred"
                ],
                "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
              },
              {
                "tags": [
                  "x_refsource_CONFIRM",
                  "x_transferred"
                ],
                "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
              },
              {
                "name": "[oss-security] 20081015 Re: CVE request: jhead",
                "tags": [
                  "mailing-list",
                  "x_refsource_MLIST",
                  "x_transferred"
                ],
                "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "product": "n/a",
              "vendor": "n/a",
              "versions": [
                {
                  "status": "affected",
                  "version": "n/a"
                }
              ]
            }
          ],
          "datePublic": "2008-09-16T00:00:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "n/a",
                  "lang": "en",
                  "type": "text"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2008-10-23T09:00:00.000Z",
            "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            "shortName": "mitre"
          },
          "references": [
            {
              "name": "FEDORA-2008-8928",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
            },
            {
              "name": "31770",
              "tags": [
                "vdb-entry",
                "x_refsource_BID"
              ],
              "url": "http://www.securityfocus.com/bid/31770"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
            },
            {
              "name": "32363",
              "tags": [
                "third-party-advisory",
                "x_refsource_SECUNIA"
              ],
              "url": "http://secunia.com/advisories/32363"
            },
            {
              "name": "FEDORA-2008-8941",
              "tags": [
                "vendor-advisory",
                "x_refsource_FEDORA"
              ],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
            },
            {
              "tags": [
                "x_refsource_CONFIRM"
              ],
              "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
            },
            {
              "name": "[oss-security] 20081015 Re: CVE request: jhead",
              "tags": [
                "mailing-list",
                "x_refsource_MLIST"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
            }
          ],
          "x_legacyV4Record": {
            "CVE_data_meta": {
              "ASSIGNER": "cve@mitre.org",
              "ID": "CVE-2008-4575",
              "STATE": "PUBLIC"
            },
            "affects": {
              "vendor": {
                "vendor_data": [
                  {
                    "product": {
                      "product_data": [
                        {
                          "product_name": "n/a",
                          "version": {
                            "version_data": [
                              {
                                "version_value": "n/a"
                              }
                            ]
                          }
                        }
                      ]
                    },
                    "vendor_name": "n/a"
                  }
                ]
              }
            },
            "data_format": "MITRE",
            "data_type": "CVE",
            "data_version": "4.0",
            "description": {
              "description_data": [
                {
                  "lang": "eng",
                  "value": "Buffer overflow in the DoCommand function in jhead before 2.84 might allow context-dependent attackers to cause a denial of service (crash) via (1) a long -cmd argument and (2) unspecified vectors related to \"a bunch of potential string overflows.\""
                }
              ]
            },
            "problemtype": {
              "problemtype_data": [
                {
                  "description": [
                    {
                      "lang": "eng",
                      "value": "n/a"
                    }
                  ]
                }
              ]
            },
            "references": {
              "reference_data": [
                {
                  "name": "FEDORA-2008-8928",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00511.html"
                },
                {
                  "name": "31770",
                  "refsource": "BID",
                  "url": "http://www.securityfocus.com/bid/31770"
                },
                {
                  "name": "http://www.sentex.net/~mwandel/jhead/changes.txt",
                  "refsource": "CONFIRM",
                  "url": "http://www.sentex.net/~mwandel/jhead/changes.txt"
                },
                {
                  "name": "32363",
                  "refsource": "SECUNIA",
                  "url": "http://secunia.com/advisories/32363"
                },
                {
                  "name": "FEDORA-2008-8941",
                  "refsource": "FEDORA",
                  "url": "https://www.redhat.com/archives/fedora-package-announce/2008-October/msg00531.html"
                },
                {
                  "name": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020",
                  "refsource": "CONFIRM",
                  "url": "https://bugs.launchpad.net/ubuntu/+source/jhead/+bug/271020"
                },
                {
                  "name": "[oss-security] 20081015 Re: CVE request: jhead",
                  "refsource": "MLIST",
                  "url": "http://www.openwall.com/lists/oss-security/2008/10/15/6"
                }
              ]
            }
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "assignerShortName": "mitre",
        "cveId": "CVE-2008-4575",
        "datePublished": "2008-10-15T19:00:00.000Z",
        "dateReserved": "2008-10-15T00:00:00.000Z",
        "dateUpdated": "2024-08-07T10:24:20.565Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }