Show filters
20 Total Results
Displaying 11-20 of 20
Sort by:
Attacker Value
Unknown

CVE-2008-2357

Disclosure Date: May 21, 2008 (last updated October 04, 2023)
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
0
0
Attacker Value
Unknown

CVE-2008-0904

Disclosure Date: February 22, 2008 (last updated October 04, 2023)
Unspecified vulnerability in the download servlet in BEA Plumtree Collaboration 4.1 through SP2 and AquaLogic Interaction 4.2 through MP1 allows remote attackers to read arbitrary files via a crafted URL.
0
0
Attacker Value
Unknown

CVE-2008-0867

Disclosure Date: February 21, 2008 (last updated October 04, 2023)
Cross-site scripting (XSS) vulnerability in portal/server.pt in BEA AquaLogic Interaction 6.1 through MP1 and Plumtree Foundation 6.0 through SP1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
0
0
Attacker Value
Unknown

CVE-2005-2082

Disclosure Date: July 05, 2005 (last updated February 22, 2025)
im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter.
0
0
Attacker Value
Unknown

CVE-2004-1224

Disclosure Date: January 10, 2005 (last updated February 22, 2025)
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
0
0
Attacker Value
Unknown

CVE-2004-2563

Disclosure Date: December 31, 2004 (last updated February 22, 2025)
Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive information such as user names, versions, and database information, and conduct cross-site scripting (XSS) attacks, via a direct request to tmtrack.dll with modified LoginPage and Template parameters.
0
0
Attacker Value
Unknown

CVE-2002-0497

Disclosure Date: August 12, 2002 (last updated February 22, 2025)
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
0
0
Attacker Value
Unknown

CVE-2002-0205

Disclosure Date: May 16, 2002 (last updated February 22, 2025)
Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Corporate Portal 3.5 through 4.5 allows remote attackers to execute arbitrary script on other clients via the "Description" parameter.
0
0
Attacker Value
Unknown

CVE-2000-0172

Disclosure Date: March 03, 2000 (last updated February 22, 2025)
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
0
0
Attacker Value
Unknown

CVE-1999-0933

Disclosure Date: October 01, 1999 (last updated February 22, 2025)
TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
0
0
View More Topics  < Previous