mAiUyNQ8

1ORT      STATE    SERVICE       VERSION
221/tcp    open     ftp           vsftpd 2.0.1
3| vulscan: VulDB - https://vuldb.com:
4| [43110] vsftpd up to 2.0.4 Memory Leak denial of service
5| 
6| MITRE CVE - https://cve.mitre.org:
7| [CVE-2008-4969] ltp-network-test 20060918 allows local users to overwrite arbitrary files via a symlink attack on (a) /tmp/vsftpd.conf, (b) /tmp/udp/2/*, (c) /tmp/tcp/2/*, (d) /tmp/udp/3/*, (e) /tmp/tcp/3/*, (f) /tmp/nfs_fsstress.udp.2.log, (g) /tmp/nfs_fsstress.udp.3.log, (h) /tmp/nfs_fsstress.tcp.2.log, (i) /tmp/nfs_fsstress.tcp.3.log, and (j) /tmp/nfs_fsstress.sardata temporary files, related to the (1) ftp_setup_vsftp_conf and (2) nfs_fsstress.sh scripts.
8| [CVE-2008-2375] Memory leak in a certain Red Hat deployment of vsftpd before 2.0.5 on Red Hat Enterprise Linux (RHEL) 3 and 4, when PAM is used, allows remote attackers to cause a denial of service (memory consumption) via a large number of invalid authentication attempts within the same session, a different vulnerability than CVE-2007-5962.
9| [CVE-2007-5962] Memory leak in a certain Red Hat patch, applied to vsftpd 2.0.5 on Red Hat Enterprise Linux (RHEL) 5 and Fedora 6 through 8, and on Foresight Linux and rPath appliances, allows remote attackers to cause a denial of service (memory consumption) via a large number of CWD commands, as demonstrated by an attack on a daemon with the deny_file configuration option.
10| [CVE-2007-4322] BlockHosts before 2.0.4 does not properly parse (1) sshd and (2) vsftpd log files, which allows remote attackers to add arbitrary deny entries to the /etc/hosts.allow file and cause a denial of service by adding arbitrary IP addresses to a daemon log file, as demonstrated by connecting through ssh with a client protocol version identification containing an IP address string, or connecting through ftp with a username containing an IP address string, different vectors than CVE-2007-2765.
11| 
12| SecurityFocus - https://www.securityfocus.com/bid/:
13| [82285] Vsftpd CVE-2004-0042 Remote Security Vulnerability
14| [72451] vsftpd CVE-2015-1419 Security Bypass Vulnerability
15| [51013] vsftpd '__tzfile_read()' Function Heap Based Buffer Overflow Vulnerability
16| [48539] vsftpd Compromised Source Packages Backdoor Vulnerability
17| [46617] vsftpd FTP Server 'ls.c' Remote Denial of Service Vulnerability
18| [41443] Vsftpd Webmin Module Multiple Unspecified Vulnerabilities
19| [30364] vsftpd FTP Server Pluggable Authentication Module (PAM) Remote Denial of Service Vulnerability
20| [29322] vsftpd FTP Server 'deny_file' Option Remote Denial of Service Vulnerability
21| [10394] Vsftpd Listener Denial of Service Vulnerability
22| [7253] Red Hat Linux 9 vsftpd Compiling Error Weakness
23| 
24| IBM X-Force - https://exchange.xforce.ibmcloud.com:
25| [68366] vsftpd package backdoor
26| [65873] vsftpd vsf_filename_passes_filter denial of service
27| [55148] VSFTPD-WEBMIN-MODULE unknown unspecified
28| [43685] vsftpd authentication attempts denial of service
29| [42593] vsftpd deny_file denial of service
30| [16222] vsftpd connection denial of service
31| [14844] vsftpd message allows attacker to obtain username
32| [11729] Red Hat Linux vsftpd FTP daemon tcp_wrapper could allow an attacker to gain access to server
33| 
34| Exploit-DB - https://www.exploit-db.com:
35| [5814] vsftpd 2.0.5 (CWD) Remote Memory Consumption Exploit (post auth)
36| 
37| OpenVAS (Nessus) - http://www.openvas.org:
38| [70399] Debian Security Advisory DSA 2305-1 (vsftpd)
39| 
40| SecurityTracker - https://www.securitytracker.com:
41| [1025186] vsftpd vsf_filename_passes_filter() Bug Lets Remote Authenticated Users Deny Service
42| [1020546] vsftpd Memory Leak When Invalid Authentication Attempts Occur Lets Remote Authenticated Users Deny Service
43| [1020079] vsftpd Memory Leak in 'deny_file' Option Lets Remote Authenticated Users Deny Service
44| [1008628] vsftpd Discloses Whether Usernames are Valid or Not
45| 
46| OSVDB - http://www.osvdb.org:
47| [73573] vsftpd on vsftpd.beasts.org Trojaned Distribution
48| [73340] vsftpd ls.c vsf_filename_passes_filter STAT Command glob Expression Remote DoS
49| [61362] Vsftpd Webmin Module Unspecified Issues
50| [46930] Red Hat Linux vsftpd w/ PAM Memory Exhaustion Remote DoS
51| [45626] vsftpd deny_file Option Crafted FTP Data Remote Memory Exhaustion DoS
52| [36515] BlockHosts sshd/vsftpd hosts.allow Arbitrary Deny Entry Manipulation
53| [28610] vsftpd SIGURG Handler Unspecified Issue
54| [28609] vsftpd tunable_chroot_local_user Filesystem Root Access
55| [6861] vsftpd Login Error Message Username Enumeration
56| [6306] vsftpd Connection Handling DoS
57| [4564] vsftpd on Red Hat Linux Restricted Access Failure
58|_
5922/tcp    open     ssh           OpenSSH 3.9p1 (protocol 1.99)
60| vulscan: VulDB - https://vuldb.com:
61| [56678] OpenSSH up to 3.9 sftp-glob.c process_put denial of service
62| [55641] OpenSSH up to 3.9 information disclosure
63| [60558] OpenBSD OpenSSH up to 3.4p1 gss-serv.c ssh_gssapi_parse_ename denial of service
64| 
65| MITRE CVE - https://cve.mitre.org:
66| [CVE-2007-4654] Unspecified vulnerability in SSHield 1.6.1 with OpenSSH 3.0.2p1 on Cisco WebNS 8.20.0.1 on Cisco Content Services Switch (CSS) series 11000 devices allows remote attackers to cause a denial of service (connection slot exhaustion and device crash) via a series of large packets designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144), possibly a related issue to CVE-2002-1024.
67| [CVE-2004-2760] sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately closes the TCP connection after a root login attempt with the correct password, but leaves the connection open after an attempt with an incorrect password, which makes it easier for remote attackers to guess the password by observing the connection state, a different vulnerability than CVE-2003-0190.  NOTE: it could be argued that in most environments, this does not cross privilege boundaries without requiring leverage of a separate vulnerability.
68| [CVE-2004-2069] sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, when using privilege separation, does not properly signal the non-privileged process when a session has been terminated after exceeding the LoginGraceTime setting, which leaves the connection open and allows remote attackers to cause a denial of service (connection consumption).
69| [CVE-2004-0175] Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allows remote malicious servers to overwrite arbitrary files.  NOTE: this may be a rediscovery of CVE-2000-0992.
70| [CVE-2003-1562] sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled and using PAM keyboard-interactive authentication, does not insert a delay after a root login attempt with the correct password, which makes it easier for remote attackers to use timing differences to determine if the password step of a multi-step authentication is successful, a different vulnerability than CVE-2003-0190.
71| [CVE-2003-0787] The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets an array of structures as an array of pointers, which allows attackers to modify the stack and possibly gain privileges.
72| [CVE-2003-0786] The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3.7.1p1, when Privilege Separation is disabled, does not check the result of the authentication attempt, which can allow remote attackers to gain privileges.
73| [CVE-2003-0695] Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow attackers to cause a denial of service or execute arbitrary code using (1) buffer_init in buffer.c, (2) buffer_free in buffer.c, or (3) a separate function in channels.c, a different vulnerability than CVE-2003-0693.
74| [CVE-2003-0693] A "buffer management error" in buffer_append_space of buffer.c for OpenSSH before 3.7 may allow remote attackers to execute arbitrary code by causing an incorrect amount of memory to be freed and corrupting the heap, a different vulnerability than CVE-2003-0695.
75| [CVE-2003-0682] "Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a different set of vulnerabilities than CVE-2003-0693 and CVE-2003-0695.
76| [CVE-2003-0386] OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system whose reverse DNS hostname contains the numeric IP address.
77| [CVE-2003-0190] OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enabled immediately sends an error message when a user does not exist, which allows remote attackers to determine valid usernames via a timing attack.
78| [CVE-2002-0765] sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
79| [CVE-2002-0640] Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
80| [CVE-2002-0639] Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
81| [CVE-2002-0575] Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
82| [CVE-2002-0083] Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
83| [CVE-2001-1507] OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.
84| [CVE-2001-0872] OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
85| [CVE-1999-0661] A system is running a version of software that was replaced with a Trojan Horse at one of its distribution points, such as (1) TCP Wrappers 7.6, (2) util-linux 2.9g, (3) wuarchive ftpd (wuftpd) 2.2 and 2.1f, (4) IRC client (ircII) ircII 2.2.9, (5) OpenSSH 3.4p1, or (6) Sendmail 8.12.6.
86| 
87| SecurityFocus - https://www.securityfocus.com/bid/:
88| [102780] OpenSSH CVE-2016-10708 Multiple Denial of Service Vulnerabilities
89| [101552] OpenSSH 'sftp-server.c' Remote Security Bypass Vulnerability
90| [94977] OpenSSH CVE-2016-10011 Local Information Disclosure Vulnerability
91| [94975] OpenSSH CVE-2016-10012 Security Bypass Vulnerability
92| [94972] OpenSSH CVE-2016-10010 Privilege Escalation Vulnerability
93| [94968] OpenSSH CVE-2016-10009 Remote Code Execution Vulnerability
94| [93776] OpenSSH 'ssh/kex.c' Denial of Service Vulnerability
95| [92212] OpenSSH CVE-2016-6515 Denial of Service Vulnerability
96| [92210] OpenSSH CBC Padding Weak Encryption Security Weakness
97| [92209] OpenSSH MAC Verification Security Bypass Vulnerability
98| [91812] OpenSSH CVE-2016-6210 User Enumeration Vulnerability
99| [90440] OpenSSH CVE-2004-1653 Remote Security Vulnerability
100| [90340] OpenSSH CVE-2004-2760 Remote Security Vulnerability
101| [89385] OpenSSH CVE-2005-2666 Local Security Vulnerability
102| [88655] OpenSSH CVE-2001-1382 Remote Security Vulnerability
103| [88513] OpenSSH CVE-2000-0999 Remote Security Vulnerability
104| [88367] OpenSSH CVE-1999-1010 Local Security Vulnerability
105| [87789] OpenSSH CVE-2003-0682 Remote Security Vulnerability
106| [86187] OpenSSH 'session.c' Local Security Bypass Vulnerability
107| [86144] OpenSSH CVE-2007-2768 Remote Security Vulnerability
108| [84427] OpenSSH CVE-2016-1908 Security Bypass Vulnerability
109| [84314] OpenSSH CVE-2016-3115 Remote Command Injection Vulnerability
110| [84185] OpenSSH CVE-2006-4925 Denial-Of-Service Vulnerability
111| [81293] OpenSSH CVE-2016-1907 Denial of Service Vulnerability
112| [80698] OpenSSH CVE-2016-0778 Heap Based Buffer Overflow Vulnerability
113| [80695] OpenSSH CVE-2016-0777 Information Disclosure Vulnerability
114| [76497] OpenSSH CVE-2015-6565 Local Security Bypass Vulnerability
115| [76317] OpenSSH PAM Support Multiple Remote Code Execution Vulnerabilities
116| [75990] OpenSSH Login Handling Security Bypass Weakness
117| [75525] OpenSSH 'x11_open_helper()' Function Security Bypass Vulnerability
118| [71420] Portable OpenSSH 'gss-serv-krb5.c' Security Bypass Vulnerability
119| [68757] OpenSSH Multiple Remote Denial of Service Vulnerabilities
120| [66459] OpenSSH Certificate Validation Security Bypass Vulnerability
121| [66355] OpenSSH 'child_set_env()' Function Security Bypass Vulnerability
122| [65674] OpenSSH 'ssh-keysign.c' Local Information Disclosure Vulnerability
123| [65230] OpenSSH 'schnorr.c' Remote Memory Corruption Vulnerability
124| [63605] OpenSSH 'sshd' Process Remote Memory Corruption Vulnerability
125| [61286] OpenSSH Remote Denial of Service Vulnerability
126| [58894] GSI-OpenSSH PAM_USER Security Bypass Vulnerability
127| [58162] OpenSSH CVE-2010-5107 Denial of Service Vulnerability
128| [54114] OpenSSH 'ssh_gssapi_parse_ename()' Function Denial of Service Vulnerability
129| [51702] Debian openssh-server Forced Command Handling Information Disclosure Vulnerability
130| [50416] Linux Kernel 'kdump' and 'mkdumprd' OpenSSH Integration Remote Information Disclosure Vulnerability
131| [49473] OpenSSH Ciphersuite Specification Information Disclosure Weakness
132| [48507] OpenSSH 'pam_thread()' Remote Buffer Overflow Vulnerability
133| [47691] Portable OpenSSH 'ssh-keysign' Local Unauthorized Access Vulnerability
134| [46155] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
135| [45304] OpenSSH J-PAKE Security Bypass Vulnerability
136| [36552] Red Hat Enterprise Linux OpenSSH 'ChrootDirectory' Option Local Privilege Escalation Vulnerability
137| [32319] OpenSSH CBC Mode Information Disclosure Vulnerability
138| [30794] Red Hat OpenSSH Backdoor Vulnerability
139| [30339] OpenSSH 'X11UseLocalhost' X11 Forwarding Session Hijacking Vulnerability
140| [30276] Debian OpenSSH SELinux Privilege Escalation Vulnerability
141| [28531] OpenSSH ForceCommand Command Execution Weakness
142| [28444] OpenSSH X Connections Session Hijacking Vulnerability
143| [26097] OpenSSH LINUX_AUDIT_RECORD_EVENT Remote Log Injection Weakness
144| [25628] OpenSSH X11 Cookie Local Authentication Bypass Vulnerability
145| [23601] OpenSSH S/Key Remote Information Disclosure Vulnerability
146| [20956] OpenSSH Privilege Separation Key Signature Weakness
147| [20418] OpenSSH-Portable Existing Password Remote Information Disclosure Weakness
148| [20245] OpenSSH-Portable GSSAPI Authentication Abort Information Disclosure Weakness
149| [20241] Portable OpenSSH GSSAPI Remote Code Execution Vulnerability
150| [20216] OpenSSH Duplicated Block Remote Denial of Service Vulnerability
151| [16892] OpenSSH Remote PAM Denial Of Service Vulnerability
152| [14963] OpenSSH LoginGraceTime Remote Denial Of Service Vulnerability
153| [14729] OpenSSH GSSAPI Credential Disclosure Vulnerability
154| [14727] OpenSSH DynamicForward Inadvertent GatewayPorts Activation Vulnerability
155| [11781] OpenSSH-portable PAM Authentication Remote Information Disclosure Vulnerability
156| [9986] RCP, OpenSSH SCP Client File Corruption Vulnerability
157| [9040] OpenSSH PAM Conversation Memory Scrubbing Weakness
158| [8677] Multiple Portable OpenSSH PAM Vulnerabilities
159| [8628] OpenSSH Buffer Mismanagement Vulnerabilities
160| [7831] OpenSSH Reverse DNS Lookup Access Control Bypass Vulnerability
161| [7482] OpenSSH Remote Root Authentication Timing Side-Channel Weakness
162| [7467] OpenSSH-portable Enabled PAM Delay Information Disclosure Vulnerability
163| [7343] OpenSSH Authentication Execution Path Timing Information Leakage Weakness
164| [6168] OpenSSH Visible Password Vulnerability
165| [5374] OpenSSH Trojan Horse Vulnerability
166| [5093] OpenSSH Challenge-Response Buffer Overflow Vulnerabilities
167| [4560] OpenSSH Kerberos 4 TGT/AFS Token Buffer Overflow Vulnerability
168| [4241] OpenSSH Channel Code Off-By-One Vulnerability
169| [3614] OpenSSH UseLogin Environment Variable Passing Vulnerability
170| [3560] OpenSSH Kerberos Arbitrary Privilege Elevation Vulnerability
171| [3369] OpenSSH Key Based Source IP Access Control Bypass Vulnerability
172| [3345] OpenSSH SFTP Command Restriction Bypassing Vulnerability
173| [2917] OpenSSH PAM Session Evasion Vulnerability
174| [2825] OpenSSH Client X11 Forwarding Cookie Removal File Symbolic Link Vulnerability
175| [2356] OpenSSH Private Key Authentication Check Vulnerability
176| [1949] OpenSSH Client Unauthorized Remote Forwarding Vulnerability
177| [1334] OpenSSH UseLogin Vulnerability
178| 
179| IBM X-Force - https://exchange.xforce.ibmcloud.com:
180| [83258] GSI-OpenSSH auth-pam.c security bypass
181| [82781] OpenSSH time limit denial of service
182| [82231] OpenSSH pam_ssh_agent_auth PAM code execution
183| [74809] OpenSSH ssh_gssapi_parse_ename denial of service
184| [72756] Debian openssh-server commands information disclosure
185| [68339] OpenSSH pam_thread buffer overflow
186| [67264] OpenSSH ssh-keysign unauthorized access
187| [65910] OpenSSH remote_glob function denial of service
188| [65163] OpenSSH certificate information disclosure
189| [64387] OpenSSH J-PAKE security bypass
190| [63337] Cisco Unified Videoconferencing OpenSSH weak security
191| [46620] OpenSSH and multiple SSH Tectia products CBC mode information disclosure
192| [45202] OpenSSH signal handler denial of service
193| [44747] RHEL OpenSSH backdoor
194| [44280] OpenSSH PermitRootLogin information disclosure
195| [44279] OpenSSH sshd weak security
196| [44037] OpenSSH sshd SELinux role unauthorized access
197| [43940] OpenSSH X11 forwarding information disclosure
198| [41549] OpenSSH ForceCommand directive security bypass
199| [41438] OpenSSH sshd session hijacking
200| [40897] OpenSSH known_hosts weak security
201| [40587] OpenSSH username weak security
202| [37371] OpenSSH username data manipulation
203| [37118] RHSA update for OpenSSH privilege separation monitor authentication verification weakness not installed
204| [37112] RHSA update for OpenSSH signal handler race condition not installed
205| [37107] RHSA update for OpenSSH identical block denial of service not installed
206| [36637] OpenSSH X11 cookie privilege escalation
207| [35167] OpenSSH packet.c newkeys[mode] denial of service
208| [34490] OpenSSH OPIE information disclosure
209| [33794] OpenSSH ChallengeResponseAuthentication information disclosure
210| [32975] Apple Mac OS X OpenSSH denial of service
211| [32387] RHSA-2006:0738 updates for openssh not installed
212| [32359] RHSA-2006:0697 updates for openssh not installed
213| [32230] RHSA-2006:0298 updates for openssh not installed
214| [32132] RHSA-2006:0044 updates for openssh not installed
215| [30120] OpenSSH privilege separation monitor authentication verification weakness
216| [29255] OpenSSH GSSAPI user enumeration
217| [29254] OpenSSH signal handler race condition
218| [29158] OpenSSH identical block denial of service
219| [28147] Apple Mac OS X OpenSSH nonexistent user login denial of service
220| [25116] OpenSSH OpenPAM denial of service
221| [24305] OpenSSH SCP shell expansion command execution
222| [22665] RHSA-2005:106 updates for openssh not installed
223| [22117] OpenSSH GSSAPI allows elevated privileges
224| [22115] OpenSSH GatewayPorts security bypass
225| [20930] OpenSSH sshd.c LoginGraceTime denial of service
226| [19441] Sun Solaris OpenSSH LDAP (1) client authentication denial of service
227| [17213] OpenSSH allows port bouncing attacks
228| [16323] OpenSSH scp file overwrite
229| [13797] OpenSSH PAM information leak
230| [13271] OpenSSH could allow an attacker to corrupt the PAM conversion stack
231| [13264] OpenSSH PAM code could allow an attacker to gain access
232| [13215] OpenSSH buffer management errors could allow an attacker to execute code
233| [13214] OpenSSH memory vulnerabilities
234| [13191] OpenSSH large packet buffer overflow
235| [12196] OpenSSH could allow an attacker to bypass login restrictions
236| [11970] OpenSSH could allow an attacker to obtain valid administrative account
237| [11902] OpenSSH PAM support enabled information leak
238| [9803] OpenSSH &quot
239| [9763] OpenSSH downloaded from the OpenBSD FTP site or OpenBSD FTP mirror sites could contain a Trojan Horse
240| [9307] OpenSSH is running on the system
241| [9169] OpenSSH &quot
242| [8896] OpenSSH Kerberos 4 TGT/AFS buffer overflow
243| [8697] FreeBSD libutil in OpenSSH fails to drop privileges prior to using the login class capability database
244| [8383] OpenSSH off-by-one error in channel code
245| [7647] OpenSSH UseLogin option arbitrary code execution
246| [7634] OpenSSH using sftp and restricted keypairs could allow an attacker to bypass restrictions
247| [7598] OpenSSH with Kerberos allows attacker to gain elevated privileges
248| [7179] OpenSSH source IP access control bypass
249| [6757] OpenSSH &quot
250| [6676] OpenSSH X11 forwarding symlink attack could allow deletion of arbitrary files
251| [6084] OpenSSH 2.3.1 allows remote users to bypass authentication
252| [5517] OpenSSH allows unauthorized access to resources
253| [4646] OpenSSH UseLogin option allows remote users to execute commands as root
254| 
255| Exploit-DB - https://www.exploit-db.com:
256| [21579] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (2)
257| [21578] OpenSSH 3.x Challenge-Response Buffer Overflow Vulnerabilities (1)
258| [17462] FreeBSD OpenSSH 3.5p1 - Remote Root Exploit
259| [3303] Portable OpenSSH <= 3.6.1p-PAM / 4.1-SUSE Timing Attack Exploit
260| [26] OpenSSH/PAM <= 3.6.1p1 Remote Users Ident (gossh.sh)
261| [25] OpenSSH/PAM <= 3.6.1p1 Remote Users Discovery Tool
262| 
263| OpenVAS (Nessus) - http://www.openvas.org:
264| [902488] OpenSSH 'sshd' GSSAPI Credential Disclosure Vulnerability
265| [900179] OpenSSH CBC Mode Information Disclosure Vulnerability
266| [881183] CentOS Update for openssh CESA-2012:0884 centos6 
267| [880802] CentOS Update for openssh CESA-2009:1287 centos5 i386
268| [880746] CentOS Update for openssh CESA-2009:1470 centos5 i386
269| [870763] RedHat Update for openssh RHSA-2012:0884-04
270| [870129] RedHat Update for openssh RHSA-2008:0855-01
271| [861813] Fedora Update for openssh FEDORA-2010-5429
272| [861319] Fedora Update for openssh FEDORA-2007-395
273| [861170] Fedora Update for openssh FEDORA-2007-394
274| [861012] Fedora Update for openssh FEDORA-2007-715
275| [840345] Ubuntu Update for openssh vulnerability USN-597-1
276| [840300] Ubuntu Update for openssh update USN-612-5
277| [840271] Ubuntu Update for openssh vulnerability USN-612-2
278| [840268] Ubuntu Update for openssh update USN-612-7
279| [840259] Ubuntu Update for openssh vulnerabilities USN-649-1
280| [840214] Ubuntu Update for openssh vulnerability USN-566-1
281| [831074] Mandriva Update for openssh MDVA-2010:162 (openssh)
282| [830929] Mandriva Update for openssh MDVA-2010:090 (openssh)
283| [830807] Mandriva Update for openssh MDVA-2010:026 (openssh)
284| [830603] Mandriva Update for openssh MDVSA-2008:098 (openssh)
285| [830523] Mandriva Update for openssh MDVSA-2008:078 (openssh)
286| [830317] Mandriva Update for openssh-askpass-qt MDKA-2007:127 (openssh-askpass-qt)
287| [830191] Mandriva Update for openssh MDKSA-2007:236 (openssh)
288| [802407] OpenSSH 'sshd' Challenge Response Authentication Buffer Overflow Vulnerability
289| [103503] openssh-server Forced Command Handling Information Disclosure Vulnerability
290| [103247] OpenSSH Ciphersuite Specification Information Disclosure Weakness
291| [103064] OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
292| [100584] OpenSSH X Connections Session Hijacking Vulnerability
293| [100153] OpenSSH CBC Mode Information Disclosure Vulnerability
294| [66170] CentOS Security Advisory CESA-2009:1470 (openssh)
295| [65987] SLES10: Security update for OpenSSH
296| [65819] SLES10: Security update for OpenSSH
297| [65514] SLES9: Security update for OpenSSH
298| [65513] SLES9: Security update for OpenSSH
299| [65334] SLES9: Security update for OpenSSH
300| [65248] SLES9: Security update for OpenSSH
301| [65218] SLES9: Security update for OpenSSH
302| [65169] SLES9: Security update for openssh,openssh-askpass
303| [65126] SLES9: Security update for OpenSSH
304| [65019] SLES9: Security update for OpenSSH
305| [65015] SLES9: Security update for OpenSSH
306| [64931] CentOS Security Advisory CESA-2009:1287 (openssh)
307| [61639] Debian Security Advisory DSA 1638-1 (openssh)
308| [61030] Debian Security Advisory DSA 1576-2 (openssh)
309| [61029] Debian Security Advisory DSA 1576-1 (openssh)
310| [60840] FreeBSD Security Advisory (FreeBSD-SA-08:05.openssh.asc)
311| [60803] Gentoo Security Advisory GLSA 200804-03 (openssh)
312| [60667] Slackware Advisory SSA:2008-095-01 openssh 
313| [59014] Slackware Advisory SSA:2007-255-01 openssh 
314| [58741] Gentoo Security Advisory GLSA 200711-02 (openssh)
315| [57919] Gentoo Security Advisory GLSA 200611-06 (openssh)
316| [57895] Gentoo Security Advisory GLSA 200609-17 (openssh)
317| [57585] Debian Security Advisory DSA 1212-1 (openssh (1:3.8.1p1-8.sarge.6))
318| [57492] Slackware Advisory SSA:2006-272-02 openssh 
319| [57483] Debian Security Advisory DSA 1189-1 (openssh-krb5)
320| [57476] FreeBSD Security Advisory (FreeBSD-SA-06:22.openssh.asc)
321| [57470] FreeBSD Ports: openssh
322| [56352] FreeBSD Security Advisory (FreeBSD-SA-06:09.openssh.asc)
323| [56330] Gentoo Security Advisory GLSA 200602-11 (OpenSSH)
324| [56294] Slackware Advisory SSA:2006-045-06 openssh 
325| [53964] Slackware Advisory SSA:2003-266-01 New OpenSSH packages 
326| [53885] Slackware Advisory SSA:2003-259-01 OpenSSH Security Advisory 
327| [53884] Slackware Advisory SSA:2003-260-01 OpenSSH updated again 
328| [53788] Debian Security Advisory DSA 025-1 (openssh)
329| [52638] FreeBSD Security Advisory (FreeBSD-SA-03:15.openssh.asc)
330| [52635] FreeBSD Security Advisory (FreeBSD-SA-03:12.openssh.asc)
331| [11343] OpenSSH Client Unauthorized Remote Forwarding
332| [10954] OpenSSH AFS/Kerberos ticket/token passing
333| [10883] OpenSSH Channel Code Off by 1
334| [10823] OpenSSH UseLogin Environment Variables
335| 
336| SecurityTracker - https://www.securitytracker.com:
337| [1002748] OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
338| 
339| OSVDB - http://www.osvdb.org:
340| [50036] OpenSSH CBC Mode Chosen Ciphertext 32-bit Chunk Plaintext Context Disclosure
341|_
34280/tcp    open     http          Apache httpd 2.0.52 ((CentOS))
343|_http-server-header: Apache/2.0.52 (CentOS)
344| vulscan: VulDB - https://vuldb.com:
345| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
346| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
347| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
348| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
349| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
350| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
351| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
352| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
353| [123197] Apache Sentry up to 2.0.0 privilege escalation
354| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
355| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
356| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
357| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
358| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
359| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
360| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
361| [78987] Apache Ambari up to 2.0.x cross site scripting
362| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
363| [74174] Apache WSS4J up to 2.0.0 privilege escalation
364| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
365| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
366| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
367| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
368| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
369| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
370| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
371| [51757] Apache HTTP Server 2.0.44 cross site scripting
372| [51756] Apache HTTP Server 2.0.44 spoofing
373| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
374| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
375| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
376| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
377| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
378| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
379| [38524] Apache Geronimo 2.0 unknown vulnerability
380| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
381| 
382| MITRE CVE - https://cve.mitre.org:
383| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program.  Therefore this may not be a vulnerability.
384| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
385| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
386| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
387| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes.  NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
388| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
389| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
390| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
391| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
392| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
393| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
394| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
395| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
396| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
397| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
398| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
399| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
400| 
401| SecurityFocus - https://www.securityfocus.com/bid/:
402| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
403| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
404| [5485] Apache 2.0 Path Disclosure Vulnerability
405| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
406| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
407| 
408| IBM X-Force - https://exchange.xforce.ibmcloud.com:
409| [75211] Debian GNU/Linux apache 2 cross-site scripting
410| 
411| Exploit-DB - https://www.exploit-db.com:
412| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
413| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
414| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
415| 
416| OpenVAS (Nessus) - http://www.openvas.org:
417| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
418| [70724] Debian Security Advisory DSA 2405-1 (apache2)
419| [69338] Debian Security Advisory DSA 2202-1 (apache2)
420| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
421| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
422| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
423| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
424| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
425| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
426| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
427| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
428| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
429| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
430| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
431| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
432| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
433| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
434| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
435| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
436| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
437| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
438| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
439| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
440| [11092] Apache 2.0.39 Win32 directory traversal
441| 
442| SecurityTracker - https://www.securitytracker.com:
443| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
444| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
445| 
446| OSVDB - http://www.osvdb.org:
447| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
448|_
449111/tcp   open     rpcbind       2 (RPC #100000)
450139/tcp   open     netbios-ssn   Samba smbd 3.X - 4.X (workgroup: MYGROUP)
451| vulscan: VulDB - https://vuldb.com:
452| [3460] GNU Samba up to 3.x GETDC Stack-based memory corruption
453| [3459] GNU Samba up to 3.x reply_netbios_packet memory corruption
454| 
455| MITRE CVE - https://cve.mitre.org:
456| [CVE-2013-4124] Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
457| [CVE-2011-0719] Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
458| [CVE-2013-0214] Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
459| [CVE-2013-0213] The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
460| [CVE-2012-1182] The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
461| [CVE-2011-2694] Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
462| [CVE-2011-2522] Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
463| [CVE-2004-0186] smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
464| 
465| SecurityFocus - https://www.securityfocus.com/bid/:
466| [36250] Samba 3.x Multiple Unspecified Remote Vulnerabilities
467| 
468| IBM X-Force - https://exchange.xforce.ibmcloud.com:
469| [46975] Samba smbd information disclosure
470| [37092] RHSA update for Samba smbd share connection request denial of service not installed
471| [32301] Samba smbd file rename denial of service
472| [27648] Samba smbd share connection request denial of service
473| [17325] Samba ASN.1 smbd denial of service
474| [86185] Samba read_nttrans_ea_list denial of service
475| [82955] Samba Active Directory Domain Controller unauthorized access
476| [81694] Samba SWAT clickjacking
477| [81693] Samba Samba Web Administration Tool cross-site request forgery
478| [81326] Samba objectClass based LDAP security bypass
479| [78811] Samba unspecified code execution
480| [75277] Samba LSA security bypass
481| [74721] Samba RPC code execution
482| [74438] Samba mount.cifs information disclosure
483| [73361] BlackBerry PlayBook Samba code execution
484| [72775] Samba connection request denial of service
485| [70317] Samba mtab denial of service
486| [69662] Samba check_mtab denial of service
487| [68844] Samba user cross-site scripting
488| [68843] Samba SWAT cross-site request forgery
489| [66702] Samba smbfs security bypass
490| [65724] Samba FD_SET denial of service
491| [61773] Samba sid_parse() buffer overflow
492| [59481] Samba SMB1 packet code execution
493| [58565] Samba Negotiate Protocol Request denial of service
494| [58564] Samba Session Setup AndX denial of service
495| [58393] Samba mount.cifs symlink
496| [56758] Samba CAP_DAC_OVERRIDE flag security bypass
497| [56123] Samba mount.cifs.c denial of service
498| [56111] Samba symlink directory traversal
499| [55944] samba-client mount.cifs utility symlink
500| [53575] Samba SMB denial of service
501| [53574] Samba mount.cifs information disclosure
502| [51328] Samba smbclient format string
503| [51327] Samba ACL security bypass
504| [50439] Samba winbind daemon denial of service
505| [47733] Samba file system security bypass
506| [45251] Xerox ESS/Network Controller Samba code execution
507| [44678] Samba group_mapping.tdb security bypass
508| [42664] Samba receive_smb_raw() buffer overflow
509| [38965] Samba send_mailslot function buffer overflow
510| [38502] Samba reply_netbios_packet() buffer overflow
511| [38501] Samba nmbd buffer overflow
512| [38123] GoSamba include_path file include
513| [36893] SmbFTPD SMBDirList format string
514| [36560] Samba smb.conf privilege escalation
515| [35738] Apple Mac OS X Samba file system security bypass
516| [35401] GSAMBAD populate_conns function symlink
517| [34506] Samba version detected
518| [34316] Samba lsa_io_trans_names buffer overflow
519| [34315] Samba SID name translation privilege escalation
520| [34314] Samba sec_io_acl buffer overflow
521| [34312] Samba smb_io_notify_option_type_data buffer overflow
522| [34311] Samba netdfs_io_dfs_EnumInfo_d buffer overflow
523| [34309] Samba lsa_io_privilege_set buffer overflow
524| [34307] Samba smb.conf shell command execution
525| [32979] Apple Mac OS X Samba module (SMB File Server) buffer overflow
526| [32304] Samba afsacl.so VFS plugin format string
527| [32231] Samba nss_winbind.so.1 library gethostbyname and getipnodebyname buffer overflow
528| [32151] Samba multiple unspecified buffer overflows
529| [30920] Sambar FTP Server SIZE denial of service
530| [29169] HP-UX CIFS Samba privilege escalation
531| [25575] Samba clear text machine trust account credentials
532| [22943] Sambar Server proxy.asp allows cross-site scripting
533| [20710] Sambar Server search/results.stm and session/logout scripts cross-site scripting
534| [18519] Samba MS-RPC request heap corruption
535| [18070] Samba QFILEPATHINFO buffer overflow
536| [17987] Samba ms_fnmatch denial of service
537| [17556] Samba allows file access outside of the share`s defined path
538| [17454] Samba samba-vscan denial of service
539| [17326] Samba nmbd mailslot denial of service
540| [17139] Samba memory leak information disclosure
541| [17138] Samba FindNextPrintChangeNotify request denial of service
542| [16786] Samba mangling method buffer overflow
543| [16785] Samba SWAT invalid base64 character causes buffer overflow
544| [16287] Sambar showlog.asp and showini.asp scripts directory traversal
545| [16286] Sambar show.asp and showperf.asp scripts cross-site scripting
546| [16059] Sambar Server HTTP POST code execution
547| [16056] Sambar Server multiple script cross-site scripting
548| [16054] Sambar Server HTTP keep-alive allows unauthorized access
549| [15545] Samba smbprint.log symlink attack
550| [15132] Samba mksmbpasswd.sh could allow an attacker to gain access to user`s account
551| [15131] Samba smbmnt allows elevated privileges
552| [15071] Sambar Server HTTP POST request buffer overflow
553| [13305] Sambar Server multiple vulnerabilities
554| [12749] Samba reply_nttrans function buffer overflow
555| [12402] Sambar Server search.pl denial of service
556| [11845] Sambar Server Pro Server WebMail interface transmits password and username in plain text
557| [11726] Samba and Samba-TNG call_trans2open() function buffer overflow
558| [11634] Sambar Server remote file cross-site scripting
559| [11633] Sambar Server dot dot directory traversal
560| [11631] Sambar Server multiple scripts cross-site scripting
561| [11630] Sambar Server textcgi.exe and environ.pl path disclosure
562| [11616] Samba-TNG security context management code could allow root access
563| [11551] Samba .reg file code race condition
564| [11550] Samba SMB/CIFS packet fragment re-assembly code buffer overflow
565| [11128] Sambar Server search request cross-site scripting
566| [10683] Samba encrypted password change request buffer overflow
567| [10010] Samba enum_csc_policy memory structure buffer overflow
568| [8876] Sambar Server Perl script source disclosure
569| [8710] Sambar Server Pbcgi.exe denial of service
570| [8709] Sambar Server testcgi.exe denial of service
571| [8707] Sambar Server long HTTP header field denial of service
572| [8705] Sambar Server MSVCRT.dll long username and password buffer overflow
573| [7894] Sambar Server cgitest.exe example script denial of service
574| [6973] Sambar Server Telnet proxy long password buffer overflow
575| [6972] Sambar Server Telnet proxy continuous connections denial of service
576| [6916] Sambar Server &quot
577| [6909] Sambar Server insecure password protection
578| [6731] samba NetBIOS name allows remote attackers to create symlink to SMB log file
579| [6396] Samba tmpfile symlink attack could allow elevated privileges
580| [5445] Samba swat logfile information retrieval
581| [5444] Samba swat URL filename denial of service
582| [5443] Samba swat logging symbolic link
583| [5442] Samba swat brute force attack
584| [5247] Sambar search.dll allows attacker to view folders on the system
585| [4592] Sambar Server 4.3 buffer overflow
586| [3999] Sambar Server hello.bat and echo.bat CGI scripts
587| [3227] Samba smbmnt utility could allow mounting to arbitrary mount points
588| [3225] Samba message service potential buffer overflow
589| [3224] Samba nmbd daemon can be remotely crashed or caused to enter an infinite loop
590| [3223] Sambar server allows remote viewing of environment information
591| [1672] Sambar Server logging code buffer overflow
592| [1671] Sambar mailit client allows script execution
593| [1669] Sambar Server ships with default accounts
594| [1406] Samba wsmbconf binary allows users access to the group root
595| [1311] Samba open share
596| [1237] Samba .. Bug
597| [337] Samba SMB password buffer overflow
598| [9] Samba .. bug
599| 
600| Exploit-DB - https://www.exploit-db.com:
601| [20223] Sambar Server 4.3/4.4 beta 3 Search CGI Vulnerability
602| [10095] Samba 3.0.10 - 3.3.5 Format String And Security Bypass Vulnerabilities
603| [9950] Samba 3.0.21-3.0.24 LSA trans names Heap Overflow
604| [7701] Samba < 3.0.20 - Remote Heap Overflow Exploit
605| [4732] Samba 3.0.27a send_mailslot() Remote Buffer Overflow PoC
606| [364] Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit
607| 
608| OpenVAS (Nessus) - http://www.openvas.org:
609| [90028] Samba 3.0.0 > 3.0.29 vulnerability
610| 
611| SecurityTracker - https://www.securitytracker.com:
612| [1028882] Samba smbd CPU Processing Loop Lets Remote Users Deny Service
613| [1026595] Samba smbd Memory Leak Lets Remote Users Deny Service
614| [1022976] Samba smbd Processing Flaw Lets Remote Authenticated Users Deny Service
615| [1022442] Samba smbd Access Control Bug Lets Remote Authenticated Users Bypass Certain Access Controls
616| [1017587] Samba smbd Deferred File Open Processing Bug Lets Remote Users Deny Service
617| [1016459] Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service
618| [1012587] Samba smbd Integer Overflow in Allocating Security Descriptors May Let Remote Users Execute Arbitrary Code
619| [1011223] Samba smbd Infinite Loop Lets Remote Users Consume All Available Memory
620| [1011097] Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd
621| [1006290] Samba 'smbd' Buffer Overflow May Let Remote Users Gain Root Access
622| [1028389] Samba Bug Lets Remote Authenticated Users Modify Files
623| [1028365] IBM Storwize V7000 Unified Samba Bug Lets Remote Authenticated Users Modify Files
624| [1028312] Samba Active Directory Domain Controller File Permission Flaw Lets Remote Authenticated Users Access Files
625| [1028006] Samba Active Directory Domain Controller Access Control Flaw Lets Remote Authenticated Gain Write Access to Certain Objects
626| [1026988] Samba Local Security Authority Bug Lets Remote Authenticated Users Gain Elevated Privileges
627| [1026913] Samba Buffer Overflow in NDR Marshalling Code Lets Remote Users Execute Arbitrary Code
628| [1026739] Samba Bug in chain_reply()/construct_reply() Lets Remote Users Execute Arbitrary Code
629| [1026727] Blackberry PlayBook Samba File Sharing Lets Remote Users Execute Arbitrary Code
630| [1025984] Samba 'mount.cifs' check_newline() Error Lets Local Users Deny Service
631| [1025852] Samba Web Administration Tool (SWAT) Input Validation Flaws Permit Cross-Site Request Forgery and Cross-Site Scripting Attacks
632| [1025132] Samba FD_SET Stack Corruption Flaw Lets Remote and Local Users Deny Service
633| [1024434] Samba Buffer Overflow in sid_parse() Lets Remote Users Execute Arbitrary Code
634| [1024107] Samba SMB1 Packet Chaining Memory Corruption Error Lets Remote Users Execute Arbitrary Code
635| [1023700] Samba Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges
636| [1023547] Samba 'mount.cifs' Race Condition Lets Local Users Gain Elevated Privileges
637| [1023546] Samba Symlink Configuration Error Lets Remote Users Access Arbitrary Files
638| [1022975] Samba 'mount.cifs' Lets Local Users View Portions of Files on the Target System
639| [1022441] Samba smbclient Format String Bug May Let Users Execute Arbitrary Code
640| [1021513] Samba Grants Remote Authenticated Users Access to the Root Filesystem in Certain Cases
641| [1021287] Samba 'trans', 'trans2', and 'nttrans' Requests Let Remote Users Obtain Memory Contents
642| [1020770] Samba 'group_mapping.ldb' Has Unsafe Permissions That Let Local Users Gain Elevated Privileges
643| [1020123] Samba Buffer Overflow in receive_smb_raw() Lets Remote Users Execute Arbitrary Code
644| [1019065] Samba Buffer Overflow in nmbd send_mailslot() Lets Remote Users Execute Arbitrary Code
645| [1018954] Samba nmbd Buffer Overflow in Processing GETDC mailslot Requests Lets Remote Users Execute Arbitrary Code
646| [1018953] Samba nmbd Buffer Overflow in reply_netbios_packet() Lets Remote Users Execute Arbitrary Code
647| [1018681] Samba Winbind SFU/RFC2307 GID Error Lets Local Users Gain Elevated Privileges
648| [1018051] Samba 'smb.conf' Scripts Input Validation Flaw Lets Remote Users Inject Arbitrary Commands
649| [1018050] Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code
650| [1018049] Samba SID/Name Translation Bug Lets Local Users Gain Root Privileges
651| [1017589] Samba Solaris winbindd Daemon Name Resolution Query Buffer Overflows May Let Remtoe Users Execute Arbitrary Code
652| [1017588] Samba Format String Bug in 'afsacl.so' VFS Plugin May Let Remote Users Execute Arbitrary Code
653| [1017393] Sambar Server FTP SIZE Command Lets Remote Authenticated Users Deny Service
654| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
655| [1012235] Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
656| [1012133] Samba Input Validation Error in ms_fnmatch() Lets Remote Authenticated Users Deny Service
657| [1011949] Samba pppd Callback Control Protocol Pointer Dereference May Let Remote Users Deny Service
658| [1011469] Samba DOS Path Conversion Flaw Discloses Files to Remote Users
659| [1011222] Samba Input Validation Error in nmbd process_logon_packet() Lets Remote Users Crash the nmbd Service
660| [1010753] Samba Buffer Overflows in Web Administration Tool and in 'hash' Mangling Method May Let Remote Users Execute Arbitrary Code
661| [1010353] Sambar Server 'showini.asp' and 'showlog.asp' Disclose Files to Remote Authenticated Administrators
662| [1009503] Samba 'smbprint' Unsafe Temporary File May Let Local Users Gain Elevated Privileges
663| [1009000] Samba 'smbmnt' Permissions May Let Local Users Gain Root Privileges
664| [1008990] Samba May Let Remote Users Access SMB Accounts That Have Invalid Passwords
665| [1008979] Sambar Server 'results.stm' POST Request Buffer Overflow  May Permit Remote Code Execution
666| [1007819] Sambar Server Contains Multiple Unspecified Vulnerabilities
667| [1007016] Sambar Server Buffer Overflow in 'search.pl' Lets Remote Users Crash the Service
668| [1006934] Sambar Server Discloses Files on the System to Remote Users
669| [1006637] Sambar Server WebMail Discloses User Passwords Transmitted Via the Network
670| [1006498] Samba-TNG Buffer Overflow in call_trans2open() Function Lets Remote Users Execute Arbitrary Code With Root Privileges
671| [1006497] Samba Buffer Overflow in call_trans2open() Function Lets Remote Users Execute Arbitrary Code With Root Privileges
672| [1006390] Sambar Server Input Validation Flaws Disclose Files on the System to Remote Users and Permit Cross-Site Scripting Attacks
673| [1005946] Sambar Server Input Validation Hole in Query Feature Lets Remote Users Conduct Cross-Site Scripting Attacks
674| [1005677] Samba Buffer Overflow in User Input Routine May Let Remote Users Execute Arbitrary Code with Root Privileges
675| [1004624] HP-UX Samba Common Internet File System (CIFS) Client Buffer Overflow May Let Local Users Obtain Elevated Privileges on the System
676| [1004084] Sambar Server Discloses Script Source Code to Remote Users and Can Be Crashed By Remote Users via Malformed URLs
677| [1003941] Sambar Server Buffer Overflow Holes Let Remote Users Crash the Service or Execute Arbitrary Code on the System
678| [1003246] Sambar Web Server Sample CGI Allows Remote Users to Crash the Web Server
679| [1002302] HP CIFS/9000 (Samba) Server Lets Authenticated Remote Users Change Another User's Password
680| [1002187] Sambar Telnet Proxy/Server Password Buffer Overflow May Allow Remote Users to Execute Arbitrary Code on the Server
681| [1002082] Sambar Web Server Lets Remote Users Modify Files on the Server
682| [1002079] Sambar Server Password File Can Be Decrypted By Local Users
683| [1002038] Sambar Server's Web Server Lets Local Users Disclose Files Outside of the Documents Directory
684| [1002037] Sambar Server's SMTP Mail Server May Allow Remote Users to Relay Mail Through the Server
685| [1001826] Samba Common Internet File System (CIFS) Lets Remote Users Obtain Root Level Access
686| [1001339] Samba SMB Networking Software Allows Local Users to Destroy Data on Local Devices
687| 
688| OSVDB - http://www.osvdb.org:
689| [95969] Samba smbd nttrans.c read_nttrans_ea_list Function Malformed Packet Handling Remote DoS
690| [78651] Samba smbd Connection Request Parsing Remote DoS
691| [65518] Samba smbd process.c chain_reply Function SMB1 Packet Chaining Memory Corruption
692| [65436] Samba smbd sesssetup.c Session Setup AndX Security Blob Length Value Uninitialized Variable Out-of-bounds DoS
693| [65435] Samba smbd process.c chain_reply Function Session Setup AndX Request NULL Dereference Remote DoS
694| [58519] Samba smbd Crafted SMB Request Remote CPU Consumption DoS
695| [57651] Samba smbd Unspecified Heap Overflow
696| [55411] Samba smbd/posix_acls.c acl_group_override Function Remote Access Control List Modification
697| [50230] Samba smbd *trans* Request Arbitrary Remote Memory Disclosure
698| [33100] Samba smbd Deferred Open Code Infinite Loop DoS
699| [12422] Samba smbd Security Descriptor Parsing Remote Overflow
700| [9362] Samba smbd FindNextPrintChangeNotify() Request Remote DoS
701| [6323] Samba smbd SMB/CIFS Packet Fragment Reassembly Remote Overflow
702| [93189] HP MPE/iX with Samba/iX Unspecified Remote Issue
703| [92247] Red Hat Storage Management Console GlusterFS extras/hook-scripts/S30samba-stop.sh Symlink Arbitrary File Overwrite
704| [91889] Samba SMB2 Implementation CIFS Share Attribute Enforcement Weakness
705| [91503] Samba Active Directory Domain Controller CIFS Shares World-writeable Files Creation Weakness
706| [91255] ASUS RT-N66U Router root$ Samba Share Export Remote Information Disclosure
707| [89627] Samba Web Administration Tool (SWAT) Manipulation CSRF
708| [89626] Samba Web Administration Tool (SWAT) Clickjacking Weakness
709| [89180] Samba AD DC LDAP Directory Objects Erroneous Write Access Permissions
710| [83446] Samba smbmount Multiple Variable Username Handling Local Overflow
711| [81648] Samba Multiple Remote Procedural Calls (RPC) Local Security Authority (LSA) Arbitrary File Manipulation
712| [81490] Samba mount.cifs chdir() Call File Enumeration
713| [81303] Samba RPC Code Generator Network Data Representation (NDR) Multiple Request Parsing Remote Overflow
714| [79443] Samba process.c Any Batched (AndX) Request Packet Parsing Remote Overflow
715| [79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure
716| [76058] Samba mtab Lock File Handling Local DoS
717| [74872] Samba smbfs mount.cifs / umount.cifs RLIMIT_FSIZE Value Handling mtab Local Corruption DoS
718| [74871] Samba mount.cifs Tool Share / Directory Name Newline Injection mtab Corruption Local DoS
719| [74072] Samba Web Administration Tool (SWAT) Change Password Page user Field XSS
720| [74071] Samba Web Administration Tool (SWAT) Multiple Function CSRF
721| [71268] Samba FD_SET Macro Memory Corruption
722| [69288] VLC Media Player Samba Network Share Module Incorrect Calling Convention Stack Corruption
723| [67994] Samba sid_parse() Function SID Parsing Remote Overflow
724| [62803] Samba CAP_DAC_OVERRIDE Capability Flag File Permission Restriction Bypass
725| [62187] Samba sid_parse Stack Overflow
726| [62186] Samba mount.cifs Symlink Arbitrary File Access
727| [62155] Samba smbfs mount.cifs client/mount.cifs.c Crafted String mtab Corruption Local DoS
728| [62145] Samba Guest Account Symlink Traversal Arbitrary File Access
729| [60587] Windows File Sharing Samba Client Resource Exhaustion DoS
730| [59810] Samba reply_nttrans Function Remote Overflow
731| [59511] HP-UX CIFS/9000 Server (SAMBA) Unspecified Resource Modification Arbitrary File Overwrite
732| [59350] Samba Web Administration Tool (SWAT) Malformed HTTP Request Saturation Remote DoS
733| [58520] Samba SUID mount.cifs --verbose Argument Arbitrary File Portion Disclosure
734| [57955] Samba Unconfigured Home Directory Windows File Share Directory Access Restriction Bypass
735| [57653] Samba Unspecified Heap Overflow
736| [57652] Samba --enable-developer Functionality Unspecified Heap Overflow
737| [57172] Samba-TNG Unspecified Remote Privilege Escalation
738| [55412] Samba smbclient client/client.c Filename Specifiers Multiple Format Strings
739| [55370] Sambar Server Pbcgi.exe Remote Overflow
740| [55369] Sambar Server testcgi.exe Remote Overflow
741| [54378] Samba winbind Daemon Unresponsive Child Process Race Condition DoS
742| [53074] Sambar Server /session/sendmail Arbitrary Mail Relay
743| [51152] Samba Crafted Connection Request Remote Root File System Access
744| [48699] CUPS cupsaddsmb Temporary File Cleartext Samba Credential Disclosure
745| [47786] Samba group_mapping.tdb Permission Weakness Privilege Escalation
746| [45657] Samba lib/util_sock.c receive_smb_raw() Function Crafted Packet Handling Overflow
747| [42884] Sambar Server with IndigoPerl /cgi-bin/com1.pl Arbitrary Command Execution
748| [42305] Samba Unspecified Remote Issue
749| [42251] Sambar Server Unspecified Remote Command Execution
750| [41385] SmbFTPD SMBDirList() Function Directory Name Remote Format String
751| [40714] GoSamba main.php include_path Parameter Remote File Inclusion
752| [40713] GoSamba inc_user.php include_path Parameter Remote File Inclusion
753| [40712] GoSamba inc_smb_conf.php include_path Parameter Remote File Inclusion
754| [40711] GoSamba inc_newgroup.php include_path Parameter Remote File Inclusion
755| [40710] GoSamba inc_manager.php include_path Parameter Remote File Inclusion
756| [40709] GoSamba inc_group.php include_path Parameter Remote File Inclusion
757| [40708] GoSamba inc_freigabe3.php include_path Parameter Remote File Inclusion
758| [40707] GoSamba inc_freigabe1.php include_path Parameter Remote File Inclusion
759| [40706] GoSamba inc_freigabe.php include_path Parameter Remote File Inclusion
760| [40705] GoSamba HTML_oben.php include_path Parameter Remote File Inclusion
761| [39191] Samba nmdb send_mailslot() Function GETDC mailslot Request Remote Overflow
762| [39180] Samba nmbd Crafted GETDC mailslot Request Remote Overflow
763| [39179] Samba nmbd nmbd/nmbd_packets.c reply_netbios_packet Function Remote Overflow
764| [39178] Samba idmap_ad.so Winbind nss_info Extension (nsswitch/idmap_ad.c) Local Privilege Escalation
765| [37795] GSAMBAD /tmp/gsambadtmp Symlink Arbitrary File Overwrite
766| [36971] Apple Mac OS X Samba Server Disk Quota Bypass
767| [34852] Apple Mac OS X Apple-specific Samba Module (SMB File Server) ACL Handling Overflow
768| [34733] Samba DFS RPC Interface DFSEnum Request Remote Overflow
769| [34732] Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow
770| [34731] Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow
771| [34700] Samba Unfiltered MS-RPC Calls Arbitrary Remote Command Execution
772| [34699] Samba LSA RPC Interface Multiple Function Remote Overflow
773| [34698] Samba SID/Name Translation Privileged SMB/CIFS Protocol Operation Execution
774| [33101] Samba VFS Plugin afsacl.so Format String
775| [33098] Samba nss_winbind.so.1 Multiple Function Overflow
776| [32336] Sambar FTP Server Malformed SIZE Command DoS
777| [27130] Samba smdb Share Connection Saturation DoS
778| [24263] Samba winbindd Debug Log Server Credentials Local Disclosure
779| [23282] Samba Unspecified Remote Memory Leak Information Disclosure
780| [20434] Sambar Server proxy.asp Multiple Field XSS
781| [16751] Sambar Server Referer XSS
782| [16750] Sambar Server logout RCredirect XSS
783| [16749] Sambar Server results.stm indexname XSS
784| [14525] Samba Encrypted Password String Conversion Decryption Overflow DoS
785| [14233] Sambar Telnet Proxy/Server Long Password Overflow
786| [13872] Samba smbclient mput Symlink Arbitrary File Overwrite
787| [13871] Samba smbclient more Symlink Arbitrary File Overwrite
788| [13870] Samba Printer Queue Query Symlink Arbitrary File Overwrite
789| [13397] Samba Multiple Unspecified Overflows
790| [12642] Samba .reg File Race Condition Arbitrary File Overwrite
791| [11794] Sambar Server whois Script Hostname Remote Overflow
792| [11793] Sambar Server finger Script Hostname Remote Overflow
793| [11782] Samba QFILEPATHINFO Unicode Filename Request Handler Overflow
794| [11555] Samba ms_fnmatch() Function Wildcard Matching Remote DoS
795| [11521] Samba Password Field Handling Remote Overflow
796| [11479] Microsoft Windows NT Double Dot Samba Client DoS
797| [10886] Sambar Web Server Long HTTP GET Request Overflow
798| [10464] Samba MS-DOS Path Request Arbitrary File Retrieval
799| [9917] Samba nmbd process_logon_packet Function Remote DoS
800| [9916] Samba ASN.1 Parsing Function Malformed Request DoS
801| [8860] Samba NETBIOS Name Service Daemon DoS
802| [8859] Samba smbmnt Race Condition Arbitrary Mount Point
803| [8191] Samba Mangling Method Hash Overflow
804| [8190] Samba Web Administration Tool (SWAT) HTTP Basic Auth base64 Decoding Remote Overflow
805| [7529] Samba wsmbconf Command Execution and Privilege Escalation
806| [6585] Sambar Server showini.asp Arbitrary File Access
807| [6584] Sambar Server showperf.asp title Parameter XSS
808| [6583] Sambar Server show.asp show Parameter XSS
809| [5820] Sambar Server vchist.stm Multiple Parameter XSS
810| [5819] Sambar Server vccreate.stm Multiple Parameter XSS
811| [5818] Sambar Server vccheckin.stm Multiple Parameter XSS
812| [5817] Sambar Server update.stm Multiple Parameter XSS
813| [5816] Sambar Server template.stm path Parameter XSS
814| [5815] Sambar Server sendmail.stm Multiple Parameter XSS
815| [5814] Sambar Server rename.stm Multiple Parameter XSS
816| [5813] Sambar Server mkdir.stm path Parameter XSS
817| [5812] Sambar Server htaccess.stm path Parameter XSS
818| [5811] Sambar Server ftp.stm path Parameter XSS
819| [5810] Sambar Server info.stm Multiple Parameter XSS
820| [5809] Sambar Server create.stm path Parameter XSS
821| [5808] Sambar Server iecreate.stm path Parameter XSS
822| [5807] Sambar Server edit.stm Multiple Parameter XSS
823| [5806] Sambar Server ieedit.stm Multiple Parameter XSS
824| [5805] Sambar Server search.dll query Parameter XSS
825| [5804] Sambar Server environ.pl param1 Parameter XSS
826| [5803] Sambar Server testisa.dll check1 Parameter XSS
827| [5802] Sambar Server echo.bat Code Execution
828| [5786] Sambar Server results.stm Overflow
829| [5785] Sambar Server book.pl E-mail Field XSS
830| [5784] Sambar Server dumpenv.pl XSS
831| [5783] Sambar Server ssienv.shtml XSS
832| [5782] Sambar Server mortgage.pl price Parameter XSS
833| [5781] Sambar Server DOS Device Name Code Execution
834| [5780] Sambar Server Proxy IP Filter Bypass
835| [5468] Sambar Server Password Encryption Scheme Weakness
836| [5123] Sambar DOS Device Name DoS
837| [5122] Sambar Server Null Terminated URL Arbitrary File Source Disclosure
838| [5108] Sambar Server search.stm Multiple Parameter XSS
839| [5107] Sambar Server findata.stm Multiple Parameter XSS
840| [5106] Sambar Server whodata.stm sitename Parameter XSS
841| [5105] Sambar Server showfnc.stm pkg Parameter XSS
842| [5104] Sambar Server showfncs.stm pkg Parameter XSS
843| [5103] Sambar Server showfunc.stm func Parameter XSS
844| [5102] Sambar Server stmex.stm XSS
845| [5101] Sambar Server ipdata.stm ipaddr Parameter XSS
846| [5100] Sambar Server testcgi.exe XSS
847| [5097] Sambar Server index.stm wwwsite Parameter XSS
848| [5096] Sambar Server iecreate.stm Directory Listing
849| [5095] Sambar Server ieedit.stm Directory Listing
850| [5094] Sambar Server testcgi.exe Environment Variable Disclosure
851| [5093] Sambar Server environ.pl Environment Variable Disclosure
852| [4469] Samba trans2.c call_trans2open() Function Overflow
853| [3919] Samba mksmbpasswd.sh Uninitialized Passwords
854| [3916] Samba smbmnt Local Privilege Escalation
855| [2204] Sambar Server search.pl results.stm Overflow DoS
856| [1626] Samba Web Administration Tool (SWAT) cgi.log Permission Weakness Information Disclosure
857| [1625] Samba Web Administration Tool (SWAT) Failed Login Logging Failure Weakness
858| [1025] Samba smdb Malformed Message Handling Remote Overflow
859| [861] Samba enum_csc_policy Data Structure Termination Remote Overflow
860| [656] Samba NETBIOS Name Traversal Arbitrary Remote File Creation
861| [589] Sambar Web Server pagecount CGI Traversal Arbitrary File Overwrite
862| [487] Samba Web Administration Tool (SWAT) Error Message Username Enumeration
863| [413] Sambar Server ISAPI Search Utility search.dll Query Parameter Parsing Folder Name Disclosure
864| [319] Sambar Server mailit.pl Arbitrary Mail Relay
865| [318] Sambar Server Sysadmin Web Interface Default Account
866| [317] Sambar sendmail CGI Arbitrary Mail Relay
867| [215] Samba Web Administration Tool (SWAT) cgi.log Symlink Arbitrary File Modification
868| [194] Sambar Server hello.bat Code Execution
869| [52] Sambar Server dumpenv.pl Information Disclosure
870| [34] Sambar Server cgitest.exe Crafted GET Request Parsing Remote Overflow
871|_
872443/tcp   open     ssl/http      Apache httpd 2.0.52 ((CentOS))
873|_http-server-header: Apache/2.0.52 (CentOS)
874| vulscan: VulDB - https://vuldb.com:
875| [66200] Apache Hadoop up to 2.0.5 Security Feature information disclosure
876| [59556] Apache HTTP Server up to 2.0.53 mod_proxy information disclosure
877| [40709] Apache HTTP Server up to 2.0.53 mod_negotiation cross site scripting
878| [133444] Apache PDFbox 2.0.14 XML Parser XML External Entity
879| [133573] Oracle FLEXCUBE Private Banking 2.0.0.0/2.2.0.1/12.0.1.0/12.0.3.0/12.1.0.0 Apache ActiveMQ unknown vulnerability
880| [126488] Apache Syncope up to 2.0.10/2.1.1 BPMN Definition xxe privilege escalation
881| [126487] Apache Syncope up to 2.0.10/2.1.1 cross site scripting
882| [124877] Apache PDFbox up to 2.0.11 PDF File denial of service
883| [123197] Apache Sentry up to 2.0.0 privilege escalation
884| [115038] Apache HTTP Server up to 2.0.65/2.2.34/2.4.29 mod_authnz_ldap Crash denial of service
885| [106877] Apache Struts up to 2.0.33/2.5.10 Freemarker Tag privilege escalation
886| [102897] Apache Ignite up to 2.0 Update Notifier information disclosure
887| [82790] Apache Struts 2.0.0/2.3.24/2.3.28 Dynamic Method privilege escalation
888| [82789] Apache Struts 2.0.0/2.3.24/2.3.28 XSLTResult privilege escalation
889| [82058] Apache LDAP Studio/Directory Studio up to 2.0.0-M9 CSV Export privilege escalation
890| [78988] Apache Ambari up to 2.0.1/2.1.0 Password privilege escalation
891| [78987] Apache Ambari up to 2.0.x cross site scripting
892| [78986] Apache Ambari up to 2.0.x Proxy Endpoint api/v1/proxy privilege escalation
893| [74174] Apache WSS4J up to 2.0.0 privilege escalation
894| [66689] Apache HTTP Server up to 2.0.33 mod_dav dav_xml_get_cdata denial of service
895| [10460] Apache Struts 2.0.0/2.3.15.1 Action Mapping Mechanism Bypass privilege escalation
896| [10459] Apache Struts 2.0.0/2.3.15 Dynamic Method Invocation unknown vulnerability
897| [61255] Apache Hadoop 2.0.0 Kerberos unknown vulnerability
898| [4596] Apache Struts 2.0.14/2.2.3 struts2-rest-showcase/orders cross site scripting
899| [4595] Apache Struts 2.0.14/2.2.3 struts2-showcase/person/editPerson.action cross site scripting
900| [55162] Apache MyFaces up to 2.0.0 Authentication Code unknown vulnerability
901| [51757] Apache HTTP Server 2.0.44 cross site scripting
902| [51756] Apache HTTP Server 2.0.44 spoofing
903| [47640] Apache Struts 2.0.6/2.0.8/2.0.9/2.0.11/2.1 cross site scripting
904| [47636] Apache Struts 2.0.9 xip_client.html cross site scripting
905| [41091] Apache Software Foundation Mod Jk up to 2.0.1 mod_jk2 Stack-based memory corruption
906| [40710] Apache HTTP Server up to 2.0.61 mod_negotiation cross site scripting
907| [39540] Apache Geronimo 2.0/2.0.1/2.0.2/2.1 unknown vulnerability
908| [38952] Apache Geronimo 2.0.1/2.1 unknown vulnerability
909| [38524] Apache Geronimo 2.0 unknown vulnerability
910| [2795] Apache OpenOffice 2.0.4 WMF/EMF File Heap-based memory corruption
911| 
912| MITRE CVE - https://cve.mitre.org:
913| [CVE-2005-1344] Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.  NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program.  Therefore this may not be a vulnerability.
914| [CVE-2004-0942] Apache webserver 2.0.52 and earlier allows remote attackers to cause a denial of service (CPU consumption) via an HTTP GET request with a MIME header containing multiple lines with a large number of space characters.
915| [CVE-2004-0885] The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SSLCipherSuite" directive in directory or location context, allows remote clients to bypass intended restrictions by using any cipher suite that is allowed by the virtual host configuration.
916| [CVE-2007-3304] Apache httpd 1.3.37, 2.0.59, and 2.2.4 with the Prefork MPM module, allows local users to cause a denial of service by modifying the worker_score and process_score arrays to reference an arbitrary process ID, which is sent a SIGUSR1 signal from the master process, aka "SIGUSR1 killer."
917| [CVE-2007-3303] Apache httpd 2.0.59 and 2.2.4, with the Prefork MPM module, allows local users to cause a denial of service via certain code sequences executed in a worker process that (1) stop request processing by killing all worker processes and preventing creation of replacements or (2) hang the system by forcing the master process to fork an arbitrarily large number of worker processes.  NOTE: This might be an inherent design limitation of Apache with respect to worker processes in hosted environments.
918| [CVE-2006-3918] http_protocol.c in (1) IBM HTTP Server 6.0 before 6.0.2.13 and 6.1 before 6.1.0.1, and (2) Apache HTTP Server 1.3 before 1.3.35, 2.0 before 2.0.58, and 2.2 before 2.2.2, does not sanitize the Expect header from an HTTP request when it is reflected back in an error message, which might allow cross-site scripting (XSS) style attacks using web client components that can send arbitrary headers in requests, as demonstrated using a Flash SWF file.
919| [CVE-2006-3747] Off-by-one error in the ldap scheme handling in the Rewrite module (mod_rewrite) in Apache 1.3 from 1.3.28, 2.0.46 and other versions before 2.0.59, and 2.2, when RewriteEngine is enabled, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via crafted URLs that are not properly handled using certain rewrite rules.
920| [CVE-2005-3357] mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
921| [CVE-2005-3352] Cross-site scripting (XSS) vulnerability in the mod_imap module of Apache httpd before 1.3.35-dev and Apache httpd 2.0.x before 2.0.56-dev allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps.
922| [CVE-2005-2728] The byte-range filter in Apache 2.0 before 2.0.54 allows remote attackers to cause a denial of service (memory consumption) via an HTTP header with a large Range field.
923| [CVE-2005-2088] The Apache HTTP server before 1.3.34, and 2.0.x before 2.0.55, when acting as an HTTP proxy, allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Apache to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling."
924| [CVE-2004-0811] Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Satisfy directive," which could allow attackers to obtain access to restricted resources contrary to the specified authentication configuration.
925| [CVE-2004-0809] The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
926| [CVE-2004-0786] The IPv6 URI parsing routines in the apr-util library for Apache 2.0.50 and earlier allow remote attackers to cause a denial of service (child process crash) via a certain URI, as demonstrated using the Codenomicon HTTP Test Tool.
927| [CVE-2004-0748] mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (CPU consumption) by aborting an SSL connection in a way that causes an Apache child process to enter an infinite loop.
928| [CVE-2004-0747] Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables.
929| [CVE-2002-1592] The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to obtain sensitive information.
930| 
931| SecurityFocus - https://www.securityfocus.com/bid/:
932| [27237] Apache HTTP Server 2.2.6, 2.0.61 and 1.3.39 'mod_status' Cross-Site Scripting Vulnerability
933| [5486] Apache 2.0 CGI Path Disclosure Vulnerability
934| [5485] Apache 2.0 Path Disclosure Vulnerability
935| [5434] Apache 2.0 Encoded Backslash Directory Traversal Vulnerability
936| [5256] Apache httpd 2.0 CGI Error Path Disclosure Vulnerability
937| 
938| IBM X-Force - https://exchange.xforce.ibmcloud.com:
939| [75211] Debian GNU/Linux apache 2 cross-site scripting
940| 
941| Exploit-DB - https://www.exploit-db.com:
942| [855] Apache <= 2.0.52 HTTP GET request Denial of Service Exploit
943| [3996] Apache 2.0.58 mod_rewrite Remote Overflow Exploit (win2k3)
944| [2237] Apache < 1.3.37, 2.0.59, 2.2.3 (mod_rewrite) Remote Overflow PoC
945| 
946| OpenVAS (Nessus) - http://www.openvas.org:
947| [71485] Debian Security Advisory DSA 2506-1 (libapache-mod-security)
948| [70724] Debian Security Advisory DSA 2405-1 (apache2)
949| [69338] Debian Security Advisory DSA 2202-1 (apache2)
950| [64426] Gentoo Security Advisory GLSA 200907-04 (apache)
951| [61381] Gentoo Security Advisory GLSA 200807-06 (apache)
952| [60582] Gentoo Security Advisory GLSA 200803-19 (apache)
953| [58745] Gentoo Security Advisory GLSA 200711-06 (apache)
954| [57851] Gentoo Security Advisory GLSA 200608-01 (apache)
955| [56246] Gentoo Security Advisory GLSA 200602-03 (Apache)
956| [55392] Gentoo Security Advisory GLSA 200509-12 (Apache)
957| [55129] Gentoo Security Advisory GLSA 200508-15 (apache)
958| [54739] Gentoo Security Advisory GLSA 200411-18 (apache)
959| [54724] Gentoo Security Advisory GLSA 200411-03 (apache)
960| [54712] Gentoo Security Advisory GLSA 200410-21 (apache)
961| [54689] Gentoo Security Advisory GLSA 200409-33 (net=www/apache)
962| [54677] Gentoo Security Advisory GLSA 200409-21 (apache)
963| [54610] Gentoo Security Advisory GLSA 200407-03 (Apache)
964| [54601] Gentoo Security Advisory GLSA 200406-16 (Apache)
965| [54590] Gentoo Security Advisory GLSA 200406-05 (Apache)
966| [54582] Gentoo Security Advisory GLSA 200405-22 (Apache)
967| [54529] Gentoo Security Advisory GLSA 200403-04 (Apache)
968| [54499] Gentoo Security Advisory GLSA 200310-04 (Apache)
969| [54498] Gentoo Security Advisory GLSA 200310-03 (Apache)
970| [11092] Apache 2.0.39 Win32 directory traversal
971| 
972| SecurityTracker - https://www.securitytracker.com:
973| [1007143] Apache 2.0 Web Server May Use a Weaker Encryption Implementation Than Specified in Some Cases
974| [1006444] Apache 2.0 Web Server Line Feed Buffer Allocation Flaw Lets Remote Users Deny Service
975| 
976| OSVDB - http://www.osvdb.org:
977| [20897] PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
978|_
979445/tcp   open     netbios-ssn   Samba smbd 3.X - 4.X (workgroup: MYGROUP)
980| vulscan: VulDB - https://vuldb.com:
981| [3460] GNU Samba up to 3.x GETDC Stack-based memory corruption
982| [3459] GNU Samba up to 3.x reply_netbios_packet memory corruption
983| 
984| MITRE CVE - https://cve.mitre.org:
985| [CVE-2013-4124] Integer overflow in the read_nttrans_ea_list function in nttrans.c in smbd in Samba 3.x before 3.5.22, 3.6.x before 3.6.17, and 4.x before 4.0.8 allows remote attackers to cause a denial of service (memory consumption) via a malformed packet.
986| [CVE-2011-0719] Samba 3.x before 3.3.15, 3.4.x before 3.4.12, and 3.5.x before 3.5.7 does not perform range checks for file descriptors before use of the FD_SET macro, which allows remote attackers to cause a denial of service (stack memory corruption, and infinite loop or daemon crash) by opening a large number of files, related to (1) Winbind or (2) smbd.
987| [CVE-2013-0214] Cross-site request forgery (CSRF) vulnerability in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to hijack the authentication of arbitrary users by leveraging knowledge of a password and composing requests that perform SWAT actions.
988| [CVE-2013-0213] The Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.21, 3.6.x before 3.6.12, and 4.x before 4.0.2 allows remote attackers to conduct clickjacking attacks via a (1) FRAME or (2) IFRAME element.
989| [CVE-2012-1182] The RPC code generator in Samba 3.x before 3.4.16, 3.5.x before 3.5.14, and 3.6.x before 3.6.4 does not implement validation of an array length in a manner consistent with validation of array memory allocation, which allows remote attackers to execute arbitrary code via a crafted RPC call.
990| [CVE-2011-2694] Cross-site scripting (XSS) vulnerability in the chg_passwd function in web/swat.c in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allows remote authenticated administrators to inject arbitrary web script or HTML via the username parameter to the passwd program (aka the user field to the Change Password page).
991| [CVE-2011-2522] Multiple cross-site request forgery (CSRF) vulnerabilities in the Samba Web Administration Tool (SWAT) in Samba 3.x before 3.5.10 allow remote attackers to hijack the authentication of administrators for requests that (1) shut down daemons, (2) start daemons, (3) add shares, (4) remove shares, (5) add printers, (6) remove printers, (7) add user accounts, or (8) remove user accounts, as demonstrated by certain start, stop, and restart parameters to the status program.
992| [CVE-2004-0186] smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
993| 
994| SecurityFocus - https://www.securityfocus.com/bid/:
995| [36250] Samba 3.x Multiple Unspecified Remote Vulnerabilities
996| 
997| IBM X-Force - https://exchange.xforce.ibmcloud.com:
998| [46975] Samba smbd information disclosure
999| [37092] RHSA update for Samba smbd share connection request denial of service not installed
1000| [32301] Samba smbd file rename denial of service
1001| [27648] Samba smbd share connection request denial of service
1002| [17325] Samba ASN.1 smbd denial of service
1003| [86185] Samba read_nttrans_ea_list denial of service
1004| [82955] Samba Active Directory Domain Controller unauthorized access
1005| [81694] Samba SWAT clickjacking
1006| [81693] Samba Samba Web Administration Tool cross-site request forgery
1007| [81326] Samba objectClass based LDAP security bypass
1008| [78811] Samba unspecified code execution
1009| [75277] Samba LSA security bypass
1010| [74721] Samba RPC code execution
1011| [74438] Samba mount.cifs information disclosure
1012| [73361] BlackBerry PlayBook Samba code execution
1013| [72775] Samba connection request denial of service
1014| [70317] Samba mtab denial of service
1015| [69662] Samba check_mtab denial of service
1016| [68844] Samba user cross-site scripting
1017| [68843] Samba SWAT cross-site request forgery
1018| [66702] Samba smbfs security bypass
1019| [65724] Samba FD_SET denial of service
1020| [61773] Samba sid_parse() buffer overflow
1021| [59481] Samba SMB1 packet code execution
1022| [58565] Samba Negotiate Protocol Request denial of service
1023| [58564] Samba Session Setup AndX denial of service
1024| [58393] Samba mount.cifs symlink
1025| [56758] Samba CAP_DAC_OVERRIDE flag security bypass
1026| [56123] Samba mount.cifs.c denial of service
1027| [56111] Samba symlink directory traversal
1028| [55944] samba-client mount.cifs utility symlink
1029| [53575] Samba SMB denial of service
1030| [53574] Samba mount.cifs information disclosure
1031| [51328] Samba smbclient format string
1032| [51327] Samba ACL security bypass
1033| [50439] Samba winbind daemon denial of service
1034| [47733] Samba file system security bypass
1035| [45251] Xerox ESS/Network Controller Samba code execution
1036| [44678] Samba group_mapping.tdb security bypass
1037| [42664] Samba receive_smb_raw() buffer overflow
1038| [38965] Samba send_mailslot function buffer overflow
1039| [38502] Samba reply_netbios_packet() buffer overflow
1040| [38501] Samba nmbd buffer overflow
1041| [38123] GoSamba include_path file include
1042| [36893] SmbFTPD SMBDirList format string
1043| [36560] Samba smb.conf privilege escalation
1044| [35738] Apple Mac OS X Samba file system security bypass
1045| [35401] GSAMBAD populate_conns function symlink
1046| [34506] Samba version detected
1047| [34316] Samba lsa_io_trans_names buffer overflow
1048| [34315] Samba SID name translation privilege escalation
1049| [34314] Samba sec_io_acl buffer overflow
1050| [34312] Samba smb_io_notify_option_type_data buffer overflow
1051| [34311] Samba netdfs_io_dfs_EnumInfo_d buffer overflow
1052| [34309] Samba lsa_io_privilege_set buffer overflow
1053| [34307] Samba smb.conf shell command execution
1054| [32979] Apple Mac OS X Samba module (SMB File Server) buffer overflow
1055| [32304] Samba afsacl.so VFS plugin format string
1056| [32231] Samba nss_winbind.so.1 library gethostbyname and getipnodebyname buffer overflow
1057| [32151] Samba multiple unspecified buffer overflows
1058| [30920] Sambar FTP Server SIZE denial of service
1059| [29169] HP-UX CIFS Samba privilege escalation
1060| [25575] Samba clear text machine trust account credentials
1061| [22943] Sambar Server proxy.asp allows cross-site scripting
1062| [20710] Sambar Server search/results.stm and session/logout scripts cross-site scripting
1063| [18519] Samba MS-RPC request heap corruption
1064| [18070] Samba QFILEPATHINFO buffer overflow
1065| [17987] Samba ms_fnmatch denial of service
1066| [17556] Samba allows file access outside of the share`s defined path
1067| [17454] Samba samba-vscan denial of service
1068| [17326] Samba nmbd mailslot denial of service
1069| [17139] Samba memory leak information disclosure
1070| [17138] Samba FindNextPrintChangeNotify request denial of service
1071| [16786] Samba mangling method buffer overflow
1072| [16785] Samba SWAT invalid base64 character causes buffer overflow
1073| [16287] Sambar showlog.asp and showini.asp scripts directory traversal
1074| [16286] Sambar show.asp and showperf.asp scripts cross-site scripting
1075| [16059] Sambar Server HTTP POST code execution
1076| [16056] Sambar Server multiple script cross-site scripting
1077| [16054] Sambar Server HTTP keep-alive allows unauthorized access
1078| [15545] Samba smbprint.log symlink attack
1079| [15132] Samba mksmbpasswd.sh could allow an attacker to gain access to user`s account
1080| [15131] Samba smbmnt allows elevated privileges
1081| [15071] Sambar Server HTTP POST request buffer overflow
1082| [13305] Sambar Server multiple vulnerabilities
1083| [12749] Samba reply_nttrans function buffer overflow
1084| [12402] Sambar Server search.pl denial of service
1085| [11845] Sambar Server Pro Server WebMail interface transmits password and username in plain text
1086| [11726] Samba and Samba-TNG call_trans2open() function buffer overflow
1087| [11634] Sambar Server remote file cross-site scripting
1088| [11633] Sambar Server dot dot directory traversal
1089| [11631] Sambar Server multiple scripts cross-site scripting
1090| [11630] Sambar Server textcgi.exe and environ.pl path disclosure
1091| [11616] Samba-TNG security context management code could allow root access
1092| [11551] Samba .reg file code race condition
1093| [11550] Samba SMB/CIFS packet fragment re-assembly code buffer overflow
1094| [11128] Sambar Server search request cross-site scripting
1095| [10683] Samba encrypted password change request buffer overflow
1096| [10010] Samba enum_csc_policy memory structure buffer overflow
1097| [8876] Sambar Server Perl script source disclosure
1098| [8710] Sambar Server Pbcgi.exe denial of service
1099| [8709] Sambar Server testcgi.exe denial of service
1100| [8707] Sambar Server long HTTP header field denial of service
1101| [8705] Sambar Server MSVCRT.dll long username and password buffer overflow
1102| [7894] Sambar Server cgitest.exe example script denial of service
1103| [6973] Sambar Server Telnet proxy long password buffer overflow
1104| [6972] Sambar Server Telnet proxy continuous connections denial of service
1105| [6916] Sambar Server &quot
1106| [6909] Sambar Server insecure password protection
1107| [6731] samba NetBIOS name allows remote attackers to create symlink to SMB log file
1108| [6396] Samba tmpfile symlink attack could allow elevated privileges
1109| [5445] Samba swat logfile information retrieval
1110| [5444] Samba swat URL filename denial of service
1111| [5443] Samba swat logging symbolic link
1112| [5442] Samba swat brute force attack
1113| [5247] Sambar search.dll allows attacker to view folders on the system
1114| [4592] Sambar Server 4.3 buffer overflow
1115| [3999] Sambar Server hello.bat and echo.bat CGI scripts
1116| [3227] Samba smbmnt utility could allow mounting to arbitrary mount points
1117| [3225] Samba message service potential buffer overflow
1118| [3224] Samba nmbd daemon can be remotely crashed or caused to enter an infinite loop
1119| [3223] Sambar server allows remote viewing of environment information
1120| [1672] Sambar Server logging code buffer overflow
1121| [1671] Sambar mailit client allows script execution
1122| [1669] Sambar Server ships with default accounts
1123| [1406] Samba wsmbconf binary allows users access to the group root
1124| [1311] Samba open share
1125| [1237] Samba .. Bug
1126| [337] Samba SMB password buffer overflow
1127| [9] Samba .. bug
1128| 
1129| Exploit-DB - https://www.exploit-db.com:
1130| [20223] Sambar Server 4.3/4.4 beta 3 Search CGI Vulnerability
1131| [10095] Samba 3.0.10 - 3.3.5 Format String And Security Bypass Vulnerabilities
1132| [9950] Samba 3.0.21-3.0.24 LSA trans names Heap Overflow
1133| [7701] Samba < 3.0.20 - Remote Heap Overflow Exploit
1134| [4732] Samba 3.0.27a send_mailslot() Remote Buffer Overflow PoC
1135| [364] Samba <= 3.0.4 SWAT Authorization Buffer Overflow Exploit
1136| 
1137| OpenVAS (Nessus) - http://www.openvas.org:
1138| [90028] Samba 3.0.0 > 3.0.29 vulnerability
1139| 
1140| SecurityTracker - https://www.securitytracker.com:
1141| [1028882] Samba smbd CPU Processing Loop Lets Remote Users Deny Service
1142| [1026595] Samba smbd Memory Leak Lets Remote Users Deny Service
1143| [1022976] Samba smbd Processing Flaw Lets Remote Authenticated Users Deny Service
1144| [1022442] Samba smbd Access Control Bug Lets Remote Authenticated Users Bypass Certain Access Controls
1145| [1017587] Samba smbd Deferred File Open Processing Bug Lets Remote Users Deny Service
1146| [1016459] Samba smbd Memory Limit Error in make_connection() Lets Remote Users Deny Service
1147| [1012587] Samba smbd Integer Overflow in Allocating Security Descriptors May Let Remote Users Execute Arbitrary Code
1148| [1011223] Samba smbd Infinite Loop Lets Remote Users Consume All Available Memory
1149| [1011097] Samba FindNextPrintChangeNotify() Error Lets Remote Authenticated Users Crash smbd
1150| [1006290] Samba 'smbd' Buffer Overflow May Let Remote Users Gain Root Access
1151| [1028389] Samba Bug Lets Remote Authenticated Users Modify Files
1152| [1028365] IBM Storwize V7000 Unified Samba Bug Lets Remote Authenticated Users Modify Files
1153| [1028312] Samba Active Directory Domain Controller File Permission Flaw Lets Remote Authenticated Users Access Files
1154| [1028006] Samba Active Directory Domain Controller Access Control Flaw Lets Remote Authenticated Gain Write Access to Certain Objects
1155| [1026988] Samba Local Security Authority Bug Lets Remote Authenticated Users Gain Elevated Privileges
1156| [1026913] Samba Buffer Overflow in NDR Marshalling Code Lets Remote Users Execute Arbitrary Code
1157| [1026739] Samba Bug in chain_reply()/construct_reply() Lets Remote Users Execute Arbitrary Code
1158| [1026727] Blackberry PlayBook Samba File Sharing Lets Remote Users Execute Arbitrary Code
1159| [1025984] Samba 'mount.cifs' check_newline() Error Lets Local Users Deny Service
1160| [1025852] Samba Web Administration Tool (SWAT) Input Validation Flaws Permit Cross-Site Request Forgery and Cross-Site Scripting Attacks
1161| [1025132] Samba FD_SET Stack Corruption Flaw Lets Remote and Local Users Deny Service
1162| [1024434] Samba Buffer Overflow in sid_parse() Lets Remote Users Execute Arbitrary Code
1163| [1024107] Samba SMB1 Packet Chaining Memory Corruption Error Lets Remote Users Execute Arbitrary Code
1164| [1023700] Samba Access Control Flaw Lets Remote Authenticated Users Gain Elevated Privileges
1165| [1023547] Samba 'mount.cifs' Race Condition Lets Local Users Gain Elevated Privileges
1166| [1023546] Samba Symlink Configuration Error Lets Remote Users Access Arbitrary Files
1167| [1022975] Samba 'mount.cifs' Lets Local Users View Portions of Files on the Target System
1168| [1022441] Samba smbclient Format String Bug May Let Users Execute Arbitrary Code
1169| [1021513] Samba Grants Remote Authenticated Users Access to the Root Filesystem in Certain Cases
1170| [1021287] Samba 'trans', 'trans2', and 'nttrans' Requests Let Remote Users Obtain Memory Contents
1171| [1020770] Samba 'group_mapping.ldb' Has Unsafe Permissions That Let Local Users Gain Elevated Privileges
1172| [1020123] Samba Buffer Overflow in receive_smb_raw() Lets Remote Users Execute Arbitrary Code
1173| [1019065] Samba Buffer Overflow in nmbd send_mailslot() Lets Remote Users Execute Arbitrary Code
1174| [1018954] Samba nmbd Buffer Overflow in Processing GETDC mailslot Requests Lets Remote Users Execute Arbitrary Code
1175| [1018953] Samba nmbd Buffer Overflow in reply_netbios_packet() Lets Remote Users Execute Arbitrary Code
1176| [1018681] Samba Winbind SFU/RFC2307 GID Error Lets Local Users Gain Elevated Privileges
1177| [1018051] Samba 'smb.conf' Scripts Input Validation Flaw Lets Remote Users Inject Arbitrary Commands
1178| [1018050] Samba Heap Overflows in Parsing NDR Data Let Remote Users Execute Arbitrary Code
1179| [1018049] Samba SID/Name Translation Bug Lets Local Users Gain Root Privileges
1180| [1017589] Samba Solaris winbindd Daemon Name Resolution Query Buffer Overflows May Let Remtoe Users Execute Arbitrary Code
1181| [1017588] Samba Format String Bug in 'afsacl.so' VFS Plugin May Let Remote Users Execute Arbitrary Code
1182| [1017393] Sambar Server FTP SIZE Command Lets Remote Authenticated Users Deny Service
1183| [1015850] Samba winbindd Daemon Discloses Server Password to Local Users
1184| [1012235] Samba QFILEPATHINFO Buffer Overflow Lets Remote Authenticated Users Execute Arbitrary Code
1185| [1012133] Samba Input Validation Error in ms_fnmatch() Lets Remote Authenticated Users Deny Service
1186| [1011949] Samba pppd Callback Control Protocol Pointer Dereference May Let Remote Users Deny Service
1187| [1011469] Samba DOS Path Conversion Flaw Discloses Files to Remote Users
1188| [1011222] Samba Input Validation Error in nmbd process_logon_packet() Lets Remote Users Crash the nmbd Service
1189| [1010753] Samba Buffer Overflows in Web Administration Tool and in 'hash' Mangling Method May Let Remote Users Execute Arbitrary Code
1190| [1010353] Sambar Server 'showini.asp' and 'showlog.asp' Disclose Files to Remote Authenticated Administrators
1191| [1009503] Samba 'smbprint' Unsafe Temporary File May Let Local Users Gain Elevated Privileges
1192| [1009000] Samba 'smbmnt' Permissions May Let Local Users Gain Root Privileges
1193| [1008990] Samba May Let Remote Users Access SMB Accounts That Have Invalid Passwords
1194| [1008979] Sambar Server 'results.stm' POST Request Buffer Overflow  May Permit Remote Code Execution
1195| [1007819] Sambar Server Contains Multiple Unspecified Vulnerabilities
1196| [1007016] Sambar Server Buffer Overflow in 'search.pl' Lets Remote Users Crash the Service
1197| [1006934] Sambar Server Discloses Files on the System to Remote Users
1198| [1006637] Sambar Server WebMail Discloses User Passwords Transmitted Via the Network
1199| [1006498] Samba-TNG Buffer Overflow in call_trans2open() Function Lets Remote Users Execute Arbitrary Code With Root Privileges
1200| [1006497] Samba Buffer Overflow in call_trans2open() Function Lets Remote Users Execute Arbitrary Code With Root Privileges
1201| [1006390] Sambar Server Input Validation Flaws Disclose Files on the System to Remote Users and Permit Cross-Site Scripting Attacks
1202| [1005946] Sambar Server Input Validation Hole in Query Feature Lets Remote Users Conduct Cross-Site Scripting Attacks
1203| [1005677] Samba Buffer Overflow in User Input Routine May Let Remote Users Execute Arbitrary Code with Root Privileges
1204| [1004624] HP-UX Samba Common Internet File System (CIFS) Client Buffer Overflow May Let Local Users Obtain Elevated Privileges on the System
1205| [1004084] Sambar Server Discloses Script Source Code to Remote Users and Can Be Crashed By Remote Users via Malformed URLs
1206| [1003941] Sambar Server Buffer Overflow Holes Let Remote Users Crash the Service or Execute Arbitrary Code on the System
1207| [1003246] Sambar Web Server Sample CGI Allows Remote Users to Crash the Web Server
1208| [1002302] HP CIFS/9000 (Samba) Server Lets Authenticated Remote Users Change Another User's Password
1209| [1002187] Sambar Telnet Proxy/Server Password Buffer Overflow May Allow Remote Users to Execute Arbitrary Code on the Server
1210| [1002082] Sambar Web Server Lets Remote Users Modify Files on the Server
1211| [1002079] Sambar Server Password File Can Be Decrypted By Local Users
1212| [1002038] Sambar Server's Web Server Lets Local Users Disclose Files Outside of the Documents Directory
1213| [1002037] Sambar Server's SMTP Mail Server May Allow Remote Users to Relay Mail Through the Server
1214| [1001826] Samba Common Internet File System (CIFS) Lets Remote Users Obtain Root Level Access
1215| [1001339] Samba SMB Networking Software Allows Local Users to Destroy Data on Local Devices
1216| 
1217| OSVDB - http://www.osvdb.org:
1218| [95969] Samba smbd nttrans.c read_nttrans_ea_list Function Malformed Packet Handling Remote DoS
1219| [78651] Samba smbd Connection Request Parsing Remote DoS
1220| [65518] Samba smbd process.c chain_reply Function SMB1 Packet Chaining Memory Corruption
1221| [65436] Samba smbd sesssetup.c Session Setup AndX Security Blob Length Value Uninitialized Variable Out-of-bounds DoS
1222| [65435] Samba smbd process.c chain_reply Function Session Setup AndX Request NULL Dereference Remote DoS
1223| [58519] Samba smbd Crafted SMB Request Remote CPU Consumption DoS
1224| [57651] Samba smbd Unspecified Heap Overflow
1225| [55411] Samba smbd/posix_acls.c acl_group_override Function Remote Access Control List Modification
1226| [50230] Samba smbd *trans* Request Arbitrary Remote Memory Disclosure
1227| [33100] Samba smbd Deferred Open Code Infinite Loop DoS
1228| [12422] Samba smbd Security Descriptor Parsing Remote Overflow
1229| [9362] Samba smbd FindNextPrintChangeNotify() Request Remote DoS
1230| [6323] Samba smbd SMB/CIFS Packet Fragment Reassembly Remote Overflow
1231| [93189] HP MPE/iX with Samba/iX Unspecified Remote Issue
1232| [92247] Red Hat Storage Management Console GlusterFS extras/hook-scripts/S30samba-stop.sh Symlink Arbitrary File Overwrite
1233| [91889] Samba SMB2 Implementation CIFS Share Attribute Enforcement Weakness
1234| [91503] Samba Active Directory Domain Controller CIFS Shares World-writeable Files Creation Weakness
1235| [91255] ASUS RT-N66U Router root$ Samba Share Export Remote Information Disclosure
1236| [89627] Samba Web Administration Tool (SWAT) Manipulation CSRF
1237| [89626] Samba Web Administration Tool (SWAT) Clickjacking Weakness
1238| [89180] Samba AD DC LDAP Directory Objects Erroneous Write Access Permissions
1239| [83446] Samba smbmount Multiple Variable Username Handling Local Overflow
1240| [81648] Samba Multiple Remote Procedural Calls (RPC) Local Security Authority (LSA) Arbitrary File Manipulation
1241| [81490] Samba mount.cifs chdir() Call File Enumeration
1242| [81303] Samba RPC Code Generator Network Data Representation (NDR) Multiple Request Parsing Remote Overflow
1243| [79443] Samba process.c Any Batched (AndX) Request Packet Parsing Remote Overflow
1244| [79041] Webmin Samba Windows File Sharing Module /tmp/.webmin Local Password Disclosure
1245| [76058] Samba mtab Lock File Handling Local DoS
1246| [74872] Samba smbfs mount.cifs / umount.cifs RLIMIT_FSIZE Value Handling mtab Local Corruption DoS
1247| [74871] Samba mount.cifs Tool Share / Directory Name Newline Injection mtab Corruption Local DoS
1248| [74072] Samba Web Administration Tool (SWAT) Change Password Page user Field XSS
1249| [74071] Samba Web Administration Tool (SWAT) Multiple Function CSRF
1250| [71268] Samba FD_SET Macro Memory Corruption
1251| [69288] VLC Media Player Samba Network Share Module Incorrect Calling Convention Stack Corruption
1252| [67994] Samba sid_parse() Function SID Parsing Remote Overflow
1253| [62803] Samba CAP_DAC_OVERRIDE Capability Flag File Permission Restriction Bypass
1254| [62187] Samba sid_parse Stack Overflow
1255| [62186] Samba mount.cifs Symlink Arbitrary File Access
1256| [62155] Samba smbfs mount.cifs client/mount.cifs.c Crafted String mtab Corruption Local DoS
1257| [62145] Samba Guest Account Symlink Traversal Arbitrary File Access
1258| [60587] Windows File Sharing Samba Client Resource Exhaustion DoS
1259| [59810] Samba reply_nttrans Function Remote Overflow
1260| [59511] HP-UX CIFS/9000 Server (SAMBA) Unspecified Resource Modification Arbitrary File Overwrite
1261| [59350] Samba Web Administration Tool (SWAT) Malformed HTTP Request Saturation Remote DoS
1262| [58520] Samba SUID mount.cifs --verbose Argument Arbitrary File Portion Disclosure
1263| [57955] Samba Unconfigured Home Directory Windows File Share Directory Access Restriction Bypass
1264| [57653] Samba Unspecified Heap Overflow
1265| [57652] Samba --enable-developer Functionality Unspecified Heap Overflow
1266| [57172] Samba-TNG Unspecified Remote Privilege Escalation
1267| [55412] Samba smbclient client/client.c Filename Specifiers Multiple Format Strings
1268| [55370] Sambar Server Pbcgi.exe Remote Overflow
1269| [55369] Sambar Server testcgi.exe Remote Overflow
1270| [54378] Samba winbind Daemon Unresponsive Child Process Race Condition DoS
1271| [53074] Sambar Server /session/sendmail Arbitrary Mail Relay
1272| [51152] Samba Crafted Connection Request Remote Root File System Access
1273| [48699] CUPS cupsaddsmb Temporary File Cleartext Samba Credential Disclosure
1274| [47786] Samba group_mapping.tdb Permission Weakness Privilege Escalation
1275| [45657] Samba lib/util_sock.c receive_smb_raw() Function Crafted Packet Handling Overflow
1276| [42884] Sambar Server with IndigoPerl /cgi-bin/com1.pl Arbitrary Command Execution
1277| [42305] Samba Unspecified Remote Issue
1278| [42251] Sambar Server Unspecified Remote Command Execution
1279| [41385] SmbFTPD SMBDirList() Function Directory Name Remote Format String
1280| [40714] GoSamba main.php include_path Parameter Remote File Inclusion
1281| [40713] GoSamba inc_user.php include_path Parameter Remote File Inclusion
1282| [40712] GoSamba inc_smb_conf.php include_path Parameter Remote File Inclusion
1283| [40711] GoSamba inc_newgroup.php include_path Parameter Remote File Inclusion
1284| [40710] GoSamba inc_manager.php include_path Parameter Remote File Inclusion
1285| [40709] GoSamba inc_group.php include_path Parameter Remote File Inclusion
1286| [40708] GoSamba inc_freigabe3.php include_path Parameter Remote File Inclusion
1287| [40707] GoSamba inc_freigabe1.php include_path Parameter Remote File Inclusion
1288| [40706] GoSamba inc_freigabe.php include_path Parameter Remote File Inclusion
1289| [40705] GoSamba HTML_oben.php include_path Parameter Remote File Inclusion
1290| [39191] Samba nmdb send_mailslot() Function GETDC mailslot Request Remote Overflow
1291| [39180] Samba nmbd Crafted GETDC mailslot Request Remote Overflow
1292| [39179] Samba nmbd nmbd/nmbd_packets.c reply_netbios_packet Function Remote Overflow
1293| [39178] Samba idmap_ad.so Winbind nss_info Extension (nsswitch/idmap_ad.c) Local Privilege Escalation
1294| [37795] GSAMBAD /tmp/gsambadtmp Symlink Arbitrary File Overwrite
1295| [36971] Apple Mac OS X Samba Server Disk Quota Bypass
1296| [34852] Apple Mac OS X Apple-specific Samba Module (SMB File Server) ACL Handling Overflow
1297| [34733] Samba DFS RPC Interface DFSEnum Request Remote Overflow
1298| [34732] Samba SPOOLSS RPC Interface RFNPCNEX Request Remote Overflow
1299| [34731] Samba SRVSVC RPC Interface NetSetFileSecurity Request Remote Overflow
1300| [34700] Samba Unfiltered MS-RPC Calls Arbitrary Remote Command Execution
1301| [34699] Samba LSA RPC Interface Multiple Function Remote Overflow
1302| [34698] Samba SID/Name Translation Privileged SMB/CIFS Protocol Operation Execution
1303| [33101] Samba VFS Plugin afsacl.so Format String
1304| [33098] Samba nss_winbind.so.1 Multiple Function Overflow
1305| [32336] Sambar FTP Server Malformed SIZE Command DoS
1306| [27130] Samba smdb Share Connection Saturation DoS
1307| [24263] Samba winbindd Debug Log Server Credentials Local Disclosure
1308| [23282] Samba Unspecified Remote Memory Leak Information Disclosure
1309| [20434] Sambar Server proxy.asp Multiple Field XSS
1310| [16751] Sambar Server Referer XSS
1311| [16750] Sambar Server logout RCredirect XSS
1312| [16749] Sambar Server results.stm indexname XSS
1313| [14525] Samba Encrypted Password String Conversion Decryption Overflow DoS
1314| [14233] Sambar Telnet Proxy/Server Long Password Overflow
1315| [13872] Samba smbclient mput Symlink Arbitrary File Overwrite
1316| [13871] Samba smbclient more Symlink Arbitrary File Overwrite
1317| [13870] Samba Printer Queue Query Symlink Arbitrary File Overwrite
1318| [13397] Samba Multiple Unspecified Overflows
1319| [12642] Samba .reg File Race Condition Arbitrary File Overwrite
1320| [11794] Sambar Server whois Script Hostname Remote Overflow
1321| [11793] Sambar Server finger Script Hostname Remote Overflow
1322| [11782] Samba QFILEPATHINFO Unicode Filename Request Handler Overflow
1323| [11555] Samba ms_fnmatch() Function Wildcard Matching Remote DoS
1324| [11521] Samba Password Field Handling Remote Overflow
1325| [11479] Microsoft Windows NT Double Dot Samba Client DoS
1326| [10886] Sambar Web Server Long HTTP GET Request Overflow
1327| [10464] Samba MS-DOS Path Request Arbitrary File Retrieval
1328| [9917] Samba nmbd process_logon_packet Function Remote DoS
1329| [9916] Samba ASN.1 Parsing Function Malformed Request DoS
1330| [8860] Samba NETBIOS Name Service Daemon DoS
1331| [8859] Samba smbmnt Race Condition Arbitrary Mount Point
1332| [8191] Samba Mangling Method Hash Overflow
1333| [8190] Samba Web Administration Tool (SWAT) HTTP Basic Auth base64 Decoding Remote Overflow
1334| [7529] Samba wsmbconf Command Execution and Privilege Escalation
1335| [6585] Sambar Server showini.asp Arbitrary File Access
1336| [6584] Sambar Server showperf.asp title Parameter XSS
1337| [6583] Sambar Server show.asp show Parameter XSS
1338| [5820] Sambar Server vchist.stm Multiple Parameter XSS
1339| [5819] Sambar Server vccreate.stm Multiple Parameter XSS
1340| [5818] Sambar Server vccheckin.stm Multiple Parameter XSS
1341| [5817] Sambar Server update.stm Multiple Parameter XSS
1342| [5816] Sambar Server template.stm path Parameter XSS
1343| [5815] Sambar Server sendmail.stm Multiple Parameter XSS
1344| [5814] Sambar Server rename.stm Multiple Parameter XSS
1345| [5813] Sambar Server mkdir.stm path Parameter XSS
1346| [5812] Sambar Server htaccess.stm path Parameter XSS
1347| [5811] Sambar Server ftp.stm path Parameter XSS
1348| [5810] Sambar Server info.stm Multiple Parameter XSS
1349| [5809] Sambar Server create.stm path Parameter XSS
1350| [5808] Sambar Server iecreate.stm path Parameter XSS
1351| [5807] Sambar Server edit.stm Multiple Parameter XSS
1352| [5806] Sambar Server ieedit.stm Multiple Parameter XSS
1353| [5805] Sambar Server search.dll query Parameter XSS
1354| [5804] Sambar Server environ.pl param1 Parameter XSS
1355| [5803] Sambar Server testisa.dll check1 Parameter XSS
1356| [5802] Sambar Server echo.bat Code Execution
1357| [5786] Sambar Server results.stm Overflow
1358| [5785] Sambar Server book.pl E-mail Field XSS
1359| [5784] Sambar Server dumpenv.pl XSS
1360| [5783] Sambar Server ssienv.shtml XSS
1361| [5782] Sambar Server mortgage.pl price Parameter XSS
1362| [5781] Sambar Server DOS Device Name Code Execution
1363| [5780] Sambar Server Proxy IP Filter Bypass
1364| [5468] Sambar Server Password Encryption Scheme Weakness
1365| [5123] Sambar DOS Device Name DoS
1366| [5122] Sambar Server Null Terminated URL Arbitrary File Source Disclosure
1367| [5108] Sambar Server search.stm Multiple Parameter XSS
1368| [5107] Sambar Server findata.stm Multiple Parameter XSS
1369| [5106] Sambar Server whodata.stm sitename Parameter XSS
1370| [5105] Sambar Server showfnc.stm pkg Parameter XSS
1371| [5104] Sambar Server showfncs.stm pkg Parameter XSS
1372| [5103] Sambar Server showfunc.stm func Parameter XSS
1373| [5102] Sambar Server stmex.stm XSS
1374| [5101] Sambar Server ipdata.stm ipaddr Parameter XSS
1375| [5100] Sambar Server testcgi.exe XSS
1376| [5097] Sambar Server index.stm wwwsite Parameter XSS
1377| [5096] Sambar Server iecreate.stm Directory Listing
1378| [5095] Sambar Server ieedit.stm Directory Listing
1379| [5094] Sambar Server testcgi.exe Environment Variable Disclosure
1380| [5093] Sambar Server environ.pl Environment Variable Disclosure
1381| [4469] Samba trans2.c call_trans2open() Function Overflow
1382| [3919] Samba mksmbpasswd.sh Uninitialized Passwords
1383| [3916] Samba smbmnt Local Privilege Escalation
1384| [2204] Sambar Server search.pl results.stm Overflow DoS
1385| [1626] Samba Web Administration Tool (SWAT) cgi.log Permission Weakness Information Disclosure
1386| [1625] Samba Web Administration Tool (SWAT) Failed Login Logging Failure Weakness
1387| [1025] Samba smdb Malformed Message Handling Remote Overflow
1388| [861] Samba enum_csc_policy Data Structure Termination Remote Overflow
1389| [656] Samba NETBIOS Name Traversal Arbitrary Remote File Creation
1390| [589] Sambar Web Server pagecount CGI Traversal Arbitrary File Overwrite
1391| [487] Samba Web Administration Tool (SWAT) Error Message Username Enumeration
1392| [413] Sambar Server ISAPI Search Utility search.dll Query Parameter Parsing Folder Name Disclosure
1393| [319] Sambar Server mailit.pl Arbitrary Mail Relay
1394| [318] Sambar Server Sysadmin Web Interface Default Account
1395| [317] Sambar sendmail CGI Arbitrary Mail Relay
1396| [215] Samba Web Administration Tool (SWAT) cgi.log Symlink Arbitrary File Modification
1397| [194] Sambar Server hello.bat Code Execution
1398| [52] Sambar Server dumpenv.pl Information Disclosure
1399| [34] Sambar Server cgitest.exe Crafted GET Request Parsing Remote Overflow
1400|_
1401631/tcp   open     ipp           CUPS 1.1
1402| vulscan: VulDB - https://vuldb.com:
1403| [67701] Wireshark 1.12.0 CUPS Dissector denial of service
1404| [58336] Apple CUPS up to 1.1.4 gif_read_lzw memory corruption
1405| [58335] Apple CUPS up to 1.1.4 GIF Decoder giftoppm.c LZWReadByte memory corruption
1406| [55329] Apple cups up to 1.1.4 IPP Request ipp.c memory corruption
1407| [53773] Apple cups up to 1.1.3 auth.c cupsDoAuthentication denial of service
1408| [53741] Apple CUPS up to 1.1.3 Subsystem texttops.c _WriteProlog memory corruption
1409| [53699] Apple CUPS up to 1.1.3 cgi_initialize_string information disclosure
1410| [48481] Apple CUPS 1.1.17/1.1.22 Crash denial of service
1411| [48480] Apple cups up to 1.1.3 IPP Request ippReadIO denial of service
1412| [48479] Apple CUPS 1.1.17/1.1.22/1.3.7 Decrypt.cxx memory corruption
1413| [47911] Apple CUPS up to 1.1.3 memory corruption
1414| [47890] Apple CUPS up to 1.1.4 denial of service
1415| [47889] Apple CUPS up to 1.1.4 memory corruption
1416| [47888] Apple CUPS up to 1.1.4 NULL Pointer Dereference denial of service
1417| [47887] Apple CUPS up to 1.1.4 memory corruption
1418| [47886] Apple CUPS up to 1.1.4 Integer memory corruption
1419| [47885] Apple CUPS up to 1.1.4 memory corruption
1420| [47884] Apple CUPS up to 1.1.4 Out-of-Bounds denial of service
1421| [47880] Apple CUPS up to 1.1.4 Uninitialized Memory denial of service
1422| [47879] Apple CUPS up to 1.1.4 _cupsImageReadTIFF memory corruption
1423| [47878] Apple CUPS up to 1.1.4 readSymbolDictSeg denial of service
1424| [47877] Apple CUPS up to 1.1.4 setBitmap memory corruption
1425| [46673] Apple CUPS 1.1.17 WriteProlog memory corruption
1426| [45134] Apple CUPS up to 1.1.3 cgi-bin/admin.c cross site request forgery
1427| [45133] Apple cups up to 1.1.4 NULL Pointer Dereference denial of service
1428| [44479] Apple CUPS up to 1.1.3 WriteProlog memory corruption
1429| [44478] Apple CUPS up to 1.1.3 read_rle16 memory corruption
1430| [44445] Apple CUPS up to 1.1.3 memory corruption
1431| [41555] Apple CUPS up to 1.1.3 memory corruption
1432| [41232] Easy Software Products CUPS 1.1.17/1.1.22 Use-After-Free denial of service
1433| [41231] Easy Software Products CUPS 1.1.17/1.1.22 Memory Leak denial of service
1434| [126282] Apple macOS up to 10.14.0 CUPS privilege escalation
1435| [129053] Apple macOS up to 10.13.4 CUPS Sandbox privilege escalation
1436| [129052] Apple macOS up to 10.13.4 CUPS privilege escalation
1437| [129051] Apple macOS up to 10.13.4 CUPS privilege escalation
1438| [82393] cups-filters up to 1.0.41 foomatic-rip util.c privilege escalation
1439| [76500] cups-filters up to 1.0.70 Print Job filter/texttopdf.c memory corruption
1440| [76499] cups-filters up to 1.0.69 filter/texttopdf.c WriteProlog memory corruption
1441| [74472] Linuxfoundation cups-filters up to 1.0.64 Filters utils/cups-browsed.c remove_bad_chars privilege escalation
1442| [70133] Linux Foundation cups-filters up to 1.0.28 Access Restriction cups-browsed.conf unknown vulnerability
1443| [70132] Linux Foundation cups-filters up to 1.0.28 Filters process_browse_data denial of service
1444| [70131] Linux Foundation cups-filters up to 1.0.28 Filters generate_local_queue privilege escalation
1445| [69388] Linux Foundation cups-filters up to 1.0.50 privilege escalation
1446| [66638] Linux Foundation cups-filters up to 1.0.46 Filters Heap-based memory corruption
1447| [12823] CUPS up to 1.0.46 OPVPOutputDev.cxx memory corruption
1448| [13004] Apple CUPS 1.6.4/1.7.1 Interface cross site scripting
1449| [8180] Apple CUPS 1.5.4 Soket cupsd.conf weak authentication
1450| [8189] Apple CUPS 1.6.1 cups/http-support.c http_resolve_cb denial of service
1451| [8188] Apple CUPS 1.6.1 scheduler/job.c load_request_root denial of service
1452| [8187] Apple CUPS 1.6.1 scheduler/job.c set_time denial of service
1453| [8186] Apple CUPS 1.6.1 cups/ipp.c ippReadIO denial of service
1454| [8185] Apple CUPS 1.6.1 cups/ipp-support.c ippEnumString memory corruption
1455| [52077] Apple cups 1.3.7/1.3.9/1.3.10/1.4.1 cupsdDoSelect denial of service
1456| [50855] Apple cups 1.3.7/1.3.10 cupsdDoSelect denial of service
1457| [45241] Apple cups up to 1.3.9 _cupsImageReadPNG memory corruption
1458| [42590] Apple CUPS up to 10.4 information disclosure
1459| [41909] CUPS 1.3 Integer memory corruption
1460| [41840] Easy Software Products CUPS 1.3.6 gif_read_lzw memory corruption
1461| [41553] CUPS 1.3.5 cgicompilesearch memory corruption
1462| [3631] Easy Software Products CUPS 1.3.5 process_browse_data denial of service
1463| [40116] Easy Software Products CUPS 1.2.4/1.2.9/1.2.10/1.2.12/1.3.3 Backend asn1_get_string memory corruption
1464| [39510] cups 1.3.3 ippreadio memory corruption
1465| 
1466| MITRE CVE - https://cve.mitre.org:
1467| [CVE-2009-1196] The directory-services functionality in the scheduler in CUPS 1.1.17 and 1.1.22 allows remote attackers to cause a denial of service (cupsd daemon outage or crash) via manipulations of the timing of CUPS browse packets, related to a "pointer use-after-delete flaw."
1468| [CVE-2009-0791] Multiple integer overflows in Xpdf 2.x and 3.x and Poppler 0.x, as used in the pdftops filter in CUPS 1.1.17, 1.1.22, and 1.3.7, GPdf, and kdegraphics KPDF, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF file that triggers a heap-based buffer overflow, possibly related to (1) Decrypt.cxx, (2) FoFiTrueType.cxx, (3) gmem.c, (4) JBIG2Stream.cxx, and (5) PSOutputDev.cxx in pdftops/. NOTE: the JBIG2Stream.cxx vector may overlap CVE-2009-1179.
1469| [CVE-2009-0577] Integer overflow in the WriteProlog function in texttops in CUPS 1.1.17 on Red Hat Enterprise Linux (RHEL) 3 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.  NOTE: this issue exists because of an incorrect fix for CVE-2008-3640.
1470| [CVE-2008-5286] Integer overflow in the _cupsImageReadPNG function in CUPS 1.1.17 through 1.3.9 allows remote attackers to execute arbitrary code via a PNG image with a large height value, which bypasses a validation check and triggers a buffer overflow.
1471| [CVE-2008-0597] Use-after-free vulnerability in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (crash) via crafted IPP packets.
1472| [CVE-2008-0596] Memory leak in CUPS before 1.1.22, and possibly other versions, allows remote attackers to cause a denial of service (memory consumption and daemon crash) via a large number of requests to add and remove shared printers.
1473| [CVE-2005-4873] Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c.
1474| [CVE-2005-2874] The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request.
1475| [CVE-2004-2154] CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is specified in the directive.
1476| [CVE-2004-1270] lppasswd in CUPS 1.1.22, when run in environments that do not ensure that file descriptors 0, 1, and 2 are open when lppasswd is called, does not verify that the passwd.new file is different from STDERR, which allows local users to control output to passwd.new via certain user input that triggers an error message.
1477| [CVE-2004-1269] lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it encounters a file-size resource limit while writing to passwd.new, which causes subsequent invocations of lppasswd to fail.
1478| [CVE-2004-1268] lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS passwd file, which allows local users to corrupt the file by filling the associated file system and triggering the write errors.
1479| [CVE-2004-1267] Buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltops program for CUPS 1.1.22 allows remote attackers to execute arbitrary code via a crafted HPGL file.
1480| [CVE-2004-0923] CUPS 1.1.20 and earlier records authentication information for a device URI in the error_log file, which allows local users to obtain user names and passwords.
1481| [CVE-2004-0558] The Internet Printing Protocol (IPP) implementation in CUPS before 1.1.21 allows remote attackers to cause a denial of service (service hang) via a certain UDP packet to the IPP port.
1482| [CVE-2003-0788] Unknown vulnerability in the Internet Printing Protocol (IPP) implementation in CUPS before 1.1.19 allows remote attackers to cause a denial of service (CPU consumption from a "busy loop") via certain inputs to the IPP port (TCP 631).
1483| [CVE-2003-0195] CUPS before 1.1.19 allows remote attackers to cause a denial of service via a partial printing request to the IPP port (631), which does not time out.
1484| [CVE-2002-1384] Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
1485| [CVE-2002-1383] Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.
1486| [CVE-2002-1372] Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
1487| [CVE-2002-1371] filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
1488| [CVE-2002-1369] jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
1489| [CVE-2002-1368] Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.
1490| [CVE-2002-1367] Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
1491| [CVE-2002-1366] Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
1492| [CVE-2002-0063] Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
1493| [CVE-2001-1333] Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files.
1494| [CVE-2001-1332] Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code.
1495| [CVE-2001-0194] Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
1496| [CVE-2013-1982] Multiple integer overflows in X.org libXext 1.3.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XcupGetReservedColormapEntries, (2) XcupStoreColors, (3) XdbeGetVisualInfo, (4) XeviGetVisualInfo, (5) XShapeGetRectangles, and (6) XSyncListSystemCounters functions.
1497| [CVE-2012-5519] CUPS 1.4.4, when running in certain Linux distributions such as Debian GNU/Linux, stores the web interface administrator key in /var/run/cups/certs/0 using certain permissions, which allows local users in the lpadmin group to read or write arbitrary files as root by leveraging the web interface.
1498| [CVE-2011-4405] The cupshelpers scripts in system-config-printer in Ubuntu 11.04 and 11.10, as used by the automatic printer driver download service, uses an "insecure connection" for queries to the OpenPrinting database, which allows remote attackers to execute arbitrary code via a man-in-the-middle (MITM) attack that modifies packages or repositories.
1499| [CVE-2011-3170] The gif_read_lzw function in filter/image-gif.c in CUPS 1.4.8 and earlier does not properly handle the first code word in an LZW stream, which allows remote attackers to trigger a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted stream, a different vulnerability than CVE-2011-2896.
1500| [CVE-2011-2896] The LZW decompressor in the LWZReadByte function in giftoppm.c in the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier, the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4 and earlier, and other products, does not properly handle code words that are absent from the decompression table when encountered, which allows remote attackers to trigger an infinite loop or a heap-based buffer overflow, and possibly execute arbitrary code, via a crafted compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895.
1501| [CVE-2010-2941] ipp.c in cupsd in CUPS 1.4.4 and earlier does not properly allocate memory for attribute values with invalid string data types, which allows remote attackers to cause a denial of service (use-after-free and application crash) or possibly execute arbitrary code via a crafted IPP request.
1502| [CVE-2010-2432] The cupsDoAuthentication function in auth.c in the client in CUPS before 1.4.4, when HAVE_GSSAPI is omitted, does not properly handle a demand for authorization, which allows remote CUPS servers to cause a denial of service (infinite loop) via HTTP_UNAUTHORIZED responses.
1503| [CVE-2010-2431] The cupsFileOpen function in CUPS before 1.4.4 allows local users, with lp group membership, to overwrite arbitrary files via a symlink attack on the (1) /var/cache/cups/remote.cache or (2) /var/cache/cups/job.cache file.
1504| [CVE-2010-1748] The cgi_initialize_string function in cgi-bin/var.c in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, does not properly handle parameter values containing a % (percent) character without two subsequent hex characters, which allows context-dependent attackers to obtain sensitive information from cupsd process memory via a crafted request, as demonstrated by the (1) /admin?OP=redirect&URL=% and (2) /admin?URL=/admin/&OP=% URIs.
1505| [CVE-2010-1380] Integer overflow in the cgtexttops CUPS filter in Printing in Apple Mac OS X 10.6 before 10.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via vectors related to page sizes.
1506| [CVE-2010-0542] The _WriteProlog function in texttops.c in texttops in the Text Filter subsystem in CUPS before 1.4.4 does not check the return values of certain calloc calls, which allows remote attackers to cause a denial of service (NULL pointer dereference or heap memory corruption) or possibly execute arbitrary code via a crafted file.
1507| [CVE-2010-0540] Cross-site request forgery (CSRF) vulnerability in the web interface in CUPS before 1.4.4, as used on Apple Mac OS X 10.5.8, Mac OS X 10.6 before 10.6.4, and other platforms, allows remote attackers to hijack the authentication of administrators for requests that change settings.
1508| [CVE-2010-0393] The _cupsGetlang function, as used by lppasswd.c in lppasswd in CUPS 1.2.2, 1.3.7, 1.3.9, and 1.4.1, relies on an environment variable to determine the file that provides localized message strings, which allows local users to gain privileges via a file that contains crafted localization data with format string specifiers.
1509| [CVE-2010-0302] Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS before 1.4.4, when kqueue or epoll is used, allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count. NOTE: some of these details are obtained from third party information. NOTE: this vulnerability exists because of an incomplete fix for CVE-2009-3553.
1510| [CVE-2009-3553] Use-after-free vulnerability in the abstract file-descriptor handling interface in the cupsdDoSelect function in scheduler/select.c in the scheduler in cupsd in CUPS 1.3.7 and 1.3.10 allows remote attackers to cause a denial of service (daemon crash or hang) via a client disconnection during listing of a large number of print jobs, related to improperly maintaining a reference count.  NOTE: some of these details are obtained from third party information.
1511| [CVE-2009-2820] The web interface in CUPS before 1.4.2, as used on Apple Mac OS X before 10.6.2 and other platforms, does not properly handle (1) HTTP headers and (2) HTML templates, which allows remote attackers to conduct cross-site scripting (XSS) attacks and HTTP response splitting attacks via vectors related to (a) the product's web interface, (b) the configuration of the print system, and (c) the titles of printed jobs, as demonstrated by an XSS attack that uses the kerberos parameter to the admin program, and leverages attribute injection and HTTP Parameter Pollution (HPP) issues.
1512| [CVE-2009-2807] Heap-based buffer overflow in the USB backend in CUPS in Apple Mac OS X 10.5.8 allows local users to gain privileges via unspecified vectors.
1513| [CVE-2009-1183] The JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (infinite loop and hang) via a crafted PDF file.
1514| [CVE-2009-1182] Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
1515| [CVE-2009-1181] The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a NULL pointer dereference.
1516| [CVE-2009-1180] The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file that triggers a free of invalid data.
1517| [CVE-2009-1179] Integer overflow in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to execute arbitrary code via a crafted PDF file.
1518| [CVE-2009-0949] The ippReadIO function in cups/ipp.c in cupsd in CUPS before 1.3.10 does not properly initialize memory for IPP request packets, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a scheduler request with two consecutive IPP_TAG_UNSUPPORTED tags.
1519| [CVE-2009-0800] Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file.
1520| [CVE-2009-0799] The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers an out-of-bounds read.
1521| [CVE-2009-0195] Heap-based buffer overflow in Xpdf 3.02pl2 and earlier, CUPS 1.3.9, and probably other products, allows remote attackers to execute arbitrary code via a PDF file with crafted JBIG2 symbol dictionary segments.
1522| [CVE-2009-0166] The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allows remote attackers to cause a denial of service (crash) via a crafted PDF file that triggers a free of uninitialized memory.
1523| [CVE-2009-0164] The web interface for CUPS before 1.3.10 does not validate the HTTP Host header in a client request, which makes it easier for remote attackers to conduct DNS rebinding attacks.
1524| [CVE-2009-0163] Integer overflow in the TIFF image decoding routines in CUPS 1.3.9 and earlier allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via a crafted TIFF image, which is not properly handled by the (1) _cupsImageReadTIFF function in the imagetops filter and (2) imagetoraster filter, leading to a heap-based buffer overflow.
1525| [CVE-2009-0147] Multiple integer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2Stream::readSymbolDictSeg, (2) JBIG2Stream::readSymbolDictSeg, and (3) JBIG2Stream::readGenericBitmap.
1526| [CVE-2009-0146] Multiple buffer overflows in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, and other products allow remote attackers to cause a denial of service (crash) via a crafted PDF file, related to (1) JBIG2SymbolDict::setBitmap and (2) JBIG2Stream::readSymbolDictSeg.
1527| [CVE-2008-5377] pstopdf in CUPS 1.3.8 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/pstopdf.log temporary file, a different vulnerability than CVE-2001-1333.
1528| [CVE-2008-5184] The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the guest username when a user is not logged on to the web server, which makes it easier for remote attackers to bypass intended policy and conduct CSRF attacks via the (1) add and (2) cancel RSS subscription functions.
1529| [CVE-2008-5183] cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference.  NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184.
1530| [CVE-2008-3641] The Hewlett-Packard Graphics Language (HPGL) filter in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via crafted pen width and pen color opcodes that overwrite arbitrary memory.
1531| [CVE-2008-3640] Integer overflow in the WriteProlog function in texttops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via a crafted PostScript file that triggers a heap-based buffer overflow.
1532| [CVE-2008-3639] Heap-based buffer overflow in the read_rle16 function in imagetops in CUPS before 1.3.9 allows remote attackers to execute arbitrary code via an SGI image with malformed Run Length Encoded (RLE) data containing a small image and a large row count.
1533| [CVE-2008-1722] Multiple integer overflows in (1) filter/image-png.c and (2) filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of service (crash) and trigger memory corruption, as demonstrated via a crafted PNG image.
1534| [CVE-2008-1373] Buffer overflow in the gif_read_lzw function in CUPS 1.3.6 allows remote attackers to have an unknown impact via a GIF file with a large code_size value, a similar issue to CVE-2006-4484.
1535| [CVE-2008-1033] The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information (credentials) by reading the log data, related to "authentication environment variables."
1536| [CVE-2008-0882] Double free vulnerability in the process_browse_data function in CUPS 1.3.5 allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code via crafted UDP Browse packets to the cupsd port (631/udp), related to an unspecified manipulation of a remote printer.  NOTE: some of these details are obtained from third party information.
1537| [CVE-2008-0053] Multiple buffer overflows in the HP-GL/2-to-PostScript filter in CUPS before 1.3.6 might allow remote attackers to execute arbitrary code via a crafted HP-GL/2 file.
1538| [CVE-2008-0047] Heap-based buffer overflow in the cgiCompileSearch function in CUPS 1.3.5, and other versions including the version bundled with Apple Mac OS X 10.5.2, when printer sharing is enabled, allows remote attackers to execute arbitrary code via crafted search expressions.
1539| [CVE-2007-6358] pdftops.pl before 1.20 in alternate pdftops filter allows local users to overwrite arbitrary files via a symlink attack on the pdfin.[PID].tmp temporary file, which is created when pdftops reads a PDF file from stdin, such as when pdftops is invoked by CUPS.
1540| [CVE-2007-5849] Integer underflow in the asn1_get_string function in the SNMP back end (backend/snmp.c) for CUPS 1.2 through 1.3.4 allows remote attackers to execute arbitrary code via a crafted SNMP response that triggers a stack-based buffer overflow.
1541| [CVE-2007-5848] Buffer overflow in CUPS in Apple Mac OS X 10.4.11 allows local admin users to execute arbitrary code via a crafted URI to the CUPS service.
1542| [CVE-2007-4351] Off-by-one error in the ippReadIO function in cups/ipp.c in CUPS 1.3.3 allows remote attackers to cause a denial of service (crash) via a crafted (1) textWithLanguage or (2) nameWithLanguage Internet Printing Protocol (IPP) tag, leading to a stack-based buffer overflow.
1543| [CVE-2007-1834] Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allow remote attackers to cause a denial of service (loss of voice services) via a flood of ICMP echo requests, aka bug ID CSCsf12698.
1544| [CVE-2007-1826] Unspecified vulnerability in the IPSec Manager Service for Cisco Unified CallManager (CUCM) 5.0 before 5.0(4a)SU1 and Cisco Unified Presence Server (CUPS) 1.0 before 1.0(3) allows remote attackers to cause a denial of service (loss of cluster services) via a "specific UDP packet" to UDP port 8500, aka bug ID CSCsg60949.
1545| [CVE-2005-2526] CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a denial of service (CPU consumption) by sending a partial IPP request and closing the connection.
1546| [CVE-2005-2525] CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file descriptors when handling multiple simultaneous print jobs, which allows remote attackers to cause a denial of service (printing halt).
1547| [CVE-2004-0382] Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 and Mac OS X 10.2.8 with unknown impact, possibly related to a configuration file setting.
1548| [CVE-2002-1267] Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
1549| [CVE-2000-0513] CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
1550| [CVE-2000-0512] CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
1551| [CVE-2000-0511] CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.
1552| [CVE-2000-0510] CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.
1553| 
1554| SecurityFocus - https://www.securityfocus.com/bid/:
1555| [88563] CUPS CVE-2001-0194 Remote Security Vulnerability
1556| [88030] CUPS CVE-2001-1333 Local Security Vulnerability
1557| [86939] Cups CVE-2005-4873 Remote Security Vulnerability
1558| [85201] cups-filters CVE-2015-8560 Arbitrary Command Execution Vulnerability
1559| [84720] CUPS CVE-2008-5184 Security Bypass Vulnerability
1560| [82922] CUPS CVE-2001-1332 Remote Security Vulnerability
1561| [78524] cups-filters CVE-2015-8327 Arbitrary Command Execution Vulnerability
1562| [75557] cups-filters CVE-2015-3279 Remote Heap Buffer Overflow Vulnerability
1563| [75436] cups-filters 'texttopdf' Remote Heap Buffer Overflow Vulnerability
1564| [75106] CUPS CVE-2015-1159 Cross Site Scripting Vulnerability
1565| [75098] CUPS CVE-2015-1158 Remote Privilege Escalation Vulnerability
1566| [73300] CUPS CVE-2014-8166 Arbitrary Code Execution Vulnerability
1567| [73008] cups-filters 'utils/cups-browsed.c' Arbitrary Command Execution Vulnerability
1568| [72594] CUPS cupsRasterReadPixels Buffer Overflow Vulnerability
1569| [69866] Wireshark CUPS Dissector CVE-2014-6425 Denial of Service Vulnerability
1570| [68847] CUPS Web Interface CVE-2014-5031 Incomplete Fix Local Privilege Escalation Vulnerability
1571| [68846] CUPS Web Interface CVE-2014-5030 Incomplete Fix Local Privilege Escalation Vulnerability
1572| [68842] CUPS Web Interface CVE-2014-5029 Incomplete Fix Local Privilege Escalation Vulnerability
1573| [68788] CUPS Web Interface CVE-2014-3537 Local Privilege Escalation Vulnerability
1574| [68124] cups-filters CVE-2014-4338 Security Bypass Vulnerability
1575| [68122] cups-filters CVE-2014-4337 Denial of Service Vulnerability
1576| [68121] cups-filters CVE-2014-4336 Incomplete Fix Arbitrary Command Execution Vulnerability
1577| [66788] CUPS Web Interface Cross Site Scripting Vulnerability
1578| [66624] cups-filters CVE-2014-2707 Arbitrary Command Execution Vulnerability
1579| [66601] cups-filters 'urftopdf.cpp' Multiple Heap Based Buffer Overflow Vulnerabilities
1580| [66163] cups-filters 'pdftoopvp' Filter Remote Heap Buffer Overflow Vulnerability
1581| [66161] cups-filters 'urftopdf.cpp' Multiple Heap Based Buffer Overflow Vulnerabilities
1582| [66158] cups-filters 'OPVPWrapper::loadDriver()' Function Local Arbitrary Command Execution Vulnerability
1583| [64985] cups 'systemv/lppasswd.c' Local Privilege Escalation Vulnerability
1584| [57158] CUPS 'Listen localhost:631' Option Unauthorized Access Vulnerability
1585| [56494] CUPS CVE-2012-5519 Local Privilege Escalation Vulnerability
1586| [55911] cups-pk-helper 'cupsGetFile()' and 'cupsPutFile()' Local Security Vulnerabilities
1587| [55583] OKI Multiple CUPS Printer Drivers Multiple Insecure Temporary File Creation Vulnerabilities
1588| [49323] CUPS 'gif_read_lzw()' CVE-2011-3170 GIF File Heap Buffer Overflow Vulnerability
1589| [45710] Ubuntu CUPS Package AppArmor Security Bypass Weakness
1590| [44530] CUPS Server 'cups/ipp.c' Remote Memory Corruption Vulnerability
1591| [41131] CUPS 'cupsFileOpen' function Symlink Attack Local Privilege Escalation Vulnerability
1592| [41126] CUPS 'cupsDoAuthentication()' Infinite Loop Denial of Service Vulnerability
1593| [40943] CUPS 'texttops' Filter NULL-pointer Dereference Vulnerability
1594| [40897] CUPS Web Interface Information Disclosure Vulnerability
1595| [40889] CUPS Web Interface Unspecified Cross Site Request Forgery Vulnerability
1596| [38524] CUPS 'lppasswd' Tool Localized Message String Security Weakness
1597| [38510] CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability
1598| [37048] CUPS File Descriptors Handling Remote Denial Of Service Vulnerability
1599| [36958] CUPS 'kerberos' Parameter Cross Site Scripting Vulnerability
1600| [36350] CUPS USB backend Local Heap Based Buffer Overflow Vulnerability
1601| [35195] CUPS PDF File Multiple Heap Buffer Overflow Vulnerabilities
1602| [35194] CUPS Scheduler Directory Services Remote Denial Of Service Vulnerability
1603| [35169] CUPS 'cups/ipp.c' NULL Pointer Dereference Denial Of Service Vulnerability
1604| [34791] CUPS and Xpdf JBIG2 Symbol Dictionary Processing Heap Buffer Overflow Vulnerability
1605| [34665] CUPS Insufficient 'Host' Header Validation Weakness
1606| [34571] CUPS '_cupsImageReadTIFF()' Integer Overflow Vulnerability
1607| [33418] CUPS '/tmp/pdf.log' Insecure Temporary File Creation Vulnerability
1608| [32745] CUPS 'pstopdf' Insecure Temporary File Creation Vulnerability
1609| [32518] CUPS PNG Filter '_cupsImageReadPNG()' Integer Overflow Vulnerability
1610| [32419] CUPS 'cupsd' RSS Subscriptions NULL Pointer Dereference Local Denial Of Service Vulnerability
1611| [31690] CUPS Multiple Heap Based Buffer Overflow Vulnerabilities
1612| [31688] CUPS 'HP-GL/2' Filter Remote Code Execution Vulnerability
1613| [29484] Apple Mac OS X CUPS Debug Logging Information Disclosure Vulnerability
1614| [28781] CUPS PNG Filter Multiple Integer Overflow Vulnerabilities
1615| [28544] CUPS 'gif_read_lzw()' GIF File Buffer Overflow Vulnerability
1616| [28334] CUPS Multiple Unspecified Input Validation Vulnerabilities
1617| [28307] CUPS CGI Interface Remote Buffer Overflow Vulnerability
1618| [27988] CUPS Multiple Remote Denial of Service Vulnerabilities
1619| [27906] CUPS 'process_browse_data()' Remote Double Free Denial of Service Vulnerability
1620| [26919] pdftops.pl Alternate pdftops Filter for CUPS Insecure Temporary File Creation Vulnerability
1621| [26524] CUPS SSL Negotiation Unspecified Remote Denial of Service Vulnerability
1622| [26268] CUPS IPP Tag Handling Remote Buffer Overflow Vulnerability
1623| [23127] CUPS Partial SSL Connection Remote Denial of Service Vulnerability
1624| [14527] Easy Software Products CUPS Denial of Service Vulnerability
1625| [14265] Easy Software Products CUPS Access Control List Bypass Vulnerability
1626| [12200] Easy Software Products CUPS HTTP GET Denial Of Service Vulnerability
1627| [12007] Easy Software Products LPPassWd CUPS Password File Error Message Injection Vulnerability
1628| [12004] Easy Software Products LPPassWd CUPS Password File Truncation Vulnerability
1629| [11968] CUPS HPGL File Processor Buffer Overflow Vulnerability
1630| [11324] CUPS Error_Log Local Password Disclosure Vulnerability
1631| [11183] CUPS UDP Packet Remote Denial Of Service Vulnerability
1632| [10062] CUPS Unspecified Configuration Vulnerability
1633| [8952] Cups Internet Printing Protocol Job Loop Denial Of Service Vulnerability
1634| [7637] CUPS Cupsd Request Method Denial Of Service Vulnerability
1635| [7200] APC apcupsd Multiple Buffer Overflow Vulnerabilities
1636| [6828] APC apcupsd Client Syslog Format String Vulnerability
1637| [6475] Xpdf/CUPS pdftops Integer Overflow Vulnerability
1638| [6440] CUPS File Descriptor Leakage Denial Of Service Vulnerability
1639| [6439] CUPS Image Filter Zero Width GIF Memory Corruption Vulnerability
1640| [6438] CUPS strncat() Function Call Buffer Overflow Vulnerability
1641| [6437] CUPS Negative Length HTTP Header Vulnerability
1642| [6436] CUPS Remote Printer Addition Vulnerability
1643| [6435] CUPS Insecure Temporary File Creation Vulnerability
1644| [6434] CUPS lp Image Handler Integer Overflow Vulnerabilities
1645| [6433] CUPS HTTP Interface Integer Overflow Vulnerability
1646| [2070] APC apcupsd Local Denial of Service Vulnerability
1647| [1373] CUPS (Common UNIX Printing System) Denial of Service Vulnerability
1648| 
1649| IBM X-Force - https://exchange.xforce.ibmcloud.com:
1650| [80012] CUPS SystemGroup privilege escalation
1651| [79242] cups-pk-helper file transmission routines privilege escalation
1652| [78763] Multiple CUPS drivers for OKI printers symlink
1653| [69380] CUPS gif_read_lzw function buffer overflow
1654| [68862] HP Linux Imaging and Printing System hpcupsfax.cpp symlink
1655| [67063] Ubuntu CUPS AppArmor security bypass
1656| [62882] CUPS cupsd code execution
1657| [59736] CUPS cupsDoAuthentication() demand for authorization denial of service
1658| [59735] CUPS cupsFileOpen() symlink
1659| [59597] CUPS _WriteProlog() function code execution
1660| [59466] Apple Mac OS X Printing cgtexttops CUPS filter code execution
1661| [59456] Apple Mac OS X CUPS cupsd information disclosure
1662| [59455] Apple Mac OS X CUPS Web interface cross-site request forgery
1663| [56669] CUPS lppasswd tool code execution
1664| [56668] CUPS file descriptors-handling interface denial of service
1665| [54326] CUPS cupsdDoSelect() denial of service
1666| [54189] Apple Mac OS X CUPS response splitting
1667| [53168] Apple Mac OS X CUPS USB buffer overflow
1668| [50944] CUPS Scheduler Directory Services denial of service
1669| [50941] CUPS pdftops filter buffer overflow
1670| [50926] Apple CUPS IPP tag denial of service
1671| [49942] CUPS HTTP Host header security bypass
1672| [49941] CUPS _cupsImageReadTIFF() function buffer overflow
1673| [48977] CUPS texttops WriteProlog() buffer overflow
1674| [48210] CUPS pdf.log symlink
1675| [47249] CUPS pstopdf symlink
1676| [46933] CUPS _cupsImageReadPNG() integer overflow
1677| [46773] CUPS Web interface weak security
1678| [46684] CUPS RSS subscription denial of service
1679| [45790] CUPS WriteProlog() buffer overflow
1680| [45789] CUPS read_rle16() buffer overflow
1681| [45779] CUPS HPGL filter code execution
1682| [42713] Apple Mac OS X CUPS information disclosure
1683| [41832] CUPS image-png.c and image-zoom.c buffer overflow
1684| [41758] CUPS pdftops filter buffer overflow
1685| [41587] CUPS gif_read_lzw() buffer overflow
1686| [41497] phpcups PHP module for CUPS multiple function parameters buffer overflows
1687| [41316] Apple Mac OS X CUPS buffer overflow
1688| [41272] Apple Mac OS X CUPS input validation unspecified
1689| [40845] CUPS IPP browse use-after-free denial of service
1690| [40842] CUPS IPP browse memory leak denial of service
1691| [40718] CUPS process_browse_data() code execution
1692| [39101] CUPS SNMP asn1_get_string() buffer overflow
1693| [39096] Apple Mac OS X CUPS buffer overflow
1694| [38190] CUPS ippReadIO function buffer overflow
1695| [35344] Cisco Unified Presence Server (CUPS) and Cisco Unified CallManager (CUCM) SNMP information disclosure
1696| [35341] Cisco Unified Presence Server (CUPS) and Cisco Unified CallManager (CUCM) system service denial of service
1697| [32123] RHSA-2005:878 updates for cups not installed
1698| [22679] RHSA-2005:053 updates for cups not installed
1699| [22603] RHSA-2005:571 updates for cups not installed
1700| [21874] Apple Mac OS X CUPS IPP request denial of service
1701| [21871] Apple Mac OS X CUPS printing service denial of service
1702| [21522] CUPS queue name bypass authentication
1703| [18804] CUPS logic error denial of service
1704| [18609] CUPS lppasswd modify passwd file
1705| [18608] CUPS lppasswd denial of service
1706| [18606] CUPS lppasswd truncate passwd file
1707| [18604] CUPS ParseCommand HPGL buffer overflow
1708| [17593] CUPS disclose passwords in log files
1709| [17389] CUPS UDP packet denial of service
1710| [15769] Apple Mac OS X CUPS undisclosed configuration security issue
1711| [13584] CUPS Internet Printing Protocol denial of service
1712| [12080] CUPS IPP implementation partial request denial of service
1713| [11491] Apcupsd vsprintf() multiple buffer overflows
1714| [11334] Apcupsd log_event() format string attack
1715| [10937] CUPS and Xpdf pdftops filter integer overflow
1716| [10912] CUPS file descriptor leak denial of service
1717| [10911] CUPS filters/image-gif.c improperly checks zero width GIF images
1718| [10910] CUPS strncat() options buffer overflow
1719| [10909] CUPS negative Content-Length memcpy() buffer overflows
1720| [10908] CUPS UDP packets could be used to add printers
1721| [10907] CUPS /etc/cups/certs/ race condition could be used to create and overwrite files
1722| [10906] CUPS has multiple integer overflows
1723| [10824] Apple Mac OS X Common Unix Printing System (CUPS) denial of service
1724| [9998] CUPS temporary file symlink attack
1725| [9997] CUPS password buffer overflow
1726| [8192] CUPS ippRead() attribute name buffer overflow
1727| [6043] CUPS httpGets function denial of service
1728| [5654] APC apcupsd denial of service
1729| [5550] Cups allows Internet users to attach to local printers
1730| [5178] Debian CUPS shadow password authentication
1731| [4847] CUPS request files denial of service
1732| [4846] CUPS CGI form POST denial of service
1733| [4736] CUPS malformed IPP request denial of service
1734| 
1735| Exploit-DB - https://www.exploit-db.com:
1736| [24977] CUPS 1.1.x HPGL File Processor Buffer Overflow Vulnerability
1737| [24599] CUPS 1.1.x UDP Packet Remote Denial of Service Vulnerability
1738| [22619] CUPS 1.1.x Cupsd Request Method Denial of Service Vulnerability
1739| [22106] CUPS 1.1.x Negative Length HTTP Header Vulnerability
1740| [1196] CUPS Server <= 1.1 (Get Request) Denial of Service Exploit
1741| [7550] CUPS < 1.3.8-4 (pstopdf filter) Privilege Escalation Exploit
1742| [7150] CUPS 1.3.7 CSRF (add rss subscription) Remote Crash Exploit
1743| 
1744| OpenVAS (Nessus) - http://www.openvas.org:
1745| [64112] Debian Security Advisory DSA 1810-1 (cups, cupsys)
1746| [16141] CUPS < 1.1.23 Multiple Vulnerabilities
1747| [90017] Cups < 1.3.8 vulnerability
1748| [66443] Fedora Core 10 FEDORA-2009-12652 (cups)
1749| [66435] Fedora Core 10 FEDORA-2009-11062 (cups)
1750| [66430] Fedora Core 12 FEDORA-2009-11314 (cups)
1751| [66426] Fedora Core 11 FEDORA-2009-10891 (cups)
1752| [66269] Debian Security Advisory DSA 1933-1 (cups)
1753| [63877] Fedora Core 10 FEDORA-2009-3769 (cups)
1754| [63843] Debian Security Advisory DSA 1773-1 (cups)
1755| [62839] Debian Security Advisory DSA 1677-1 (cupsys)
1756| [61778] Debian Security Advisory DSA 1656-1 (cupsys)
1757| [61377] Debian Security Advisory DSA 1625-1 (cupsys)
1758| [60619] Debian Security Advisory DSA 1530-1 (cupsys)
1759| [60069] Debian Security Advisory DSA 1437-1 (cupsys)
1760| [59234] Debian Security Advisory DSA 1407-1 (cupsys)
1761| [53391] Debian Security Advisory DSA 110-1 (cupsys)
1762| 
1763| SecurityTracker - https://www.securitytracker.com:
1764| [1025980] CUPS Buffer Overflow in gif_read_lzw() Lets Remote Users Execute Arbitrary Code
1765| [1024662] CUPS IPP Request Processing Bug Lets Remote Users Execute Arbitrary Code
1766| [1024124] CUPS Use After Free in cupsdDoSelect() Lets Remote Users Deny Service
1767| [1024123] CUPS Administrative Interface Lets Remote Users Obtain Potentially Sensitive Memory Contents
1768| [1024122] CUPS Web Interface Permits Cross-Site Request Forgery Attacks
1769| [1024121] CUPS Null Pointer Dereference in 'texttops' Filter Lets Remote Users Execute Arbitrary Code
1770| [1023678] CUPS lppasswd Format String Bug Lets Local Users Gain Elevated Privileges
1771| [1023194] CUPS Use After Free in cupsdDoSelect() Lets Remote Users Deny Service
1772| [1023193] CUPS Input Validation Flaw in 'kerberos' Parameter Permits Cross-Site Scripting and Response Splitting Attacks
1773| [1022898] CUPS Heap Overflow in USB Backend Lets Local Users Gain Elevated Privileges
1774| [1022327] CUPS Scheduler Directory Services Use-After-Free Bug Lets Remote Users Deny Service
1775| [1022326] CUPS Integer Overflow in 'pdftops' Lets Remote Users Execute Arbitrary Code
1776| [1022321] CUPS IPP_TAG_UNSUPPORTED Structure Initialization Bug Lets Remote Users Deny Service
1777| [1022070] CUPS Integer Overflow in Processing TIFF Images Lets Remote Users Execute Arbitrary Code
1778| [1021637] CUPS on Mandriva Lets Local Users Gain Elevated Privileges
1779| [1021396] CUPS RSS Subscription Null Pointer Dereference Lets Local Users Deny Service
1780| [1021298] CUPS Integer Overflow in _cupsImageReadPNG() Lets Remote Users Execute Arbitrary Code
1781| [1021034] CUPS Heap Overflow in 'texttops' Lets Remote Users Execute Arbitrary Code
1782| [1021033] CUPS Heap Overflow in 'imagetops' Processing of SGI Image Files Lets Remote Users Execute Arbitrary Code
1783| [1021031] CUPS Bug in HPGL Filter Lets Remote Users Execute Arbitrary Code
1784| [1020145] CUPS Scheduler Discloses Information to Local Users
1785| [1019854] CUPS Integer Overflows in Processing PNG Images May Let Remote Users Execute Arbitrary Code
1786| [1019739] CUPS Buffer Overflow in gif_read_lzw() Lets Remote Users Execute Arbitrary Code
1787| [1019672] CUPS Bugs Let Remote Users Execute Arbitrary Code or Deny Service
1788| [1019646] CUPS Heap Overflow Lets Remote Users Execute Arbitrary Code
1789| [1019497] CUPS Bugs in Adding/Deleting Shared Printers Lets Remote Users Deny Service
1790| [1019473] CUPS Double Free Bug in process_browse_data() May Let Remote Users Execute Arbitrary Code
1791| [1018879] CUPS Buffer Overflow in ippReadIO() Lets Remote Users Execute Arbitrary Code
1792| [1017750] Mac OS X CUPS SSL Negotiation Lets Remote Users Deny Service
1793| [1014698] CUPS on Mac OS X Lets Remote Users Deny Service By Submitting Multipe Print Jobs or Partial IPP Requests
1794| [1014482] CUPS Case Sensitive Location Directive May Let Remote Users Bypass Access Controls
1795| [1012811] CUPS Logic Error in Processing '/..' Requests Lets Remote Users Deny Service
1796| [1012602] CUPS lppasswd Lets Local Users Truncate Files and Deny Service
1797| [1012566] CUPS HPGL Buffer Overflow in ParseCommand() Lets Remote Users Execute Arbitrary Code
1798| [1011529] CUPS Log Files May Disclose User Passwords to Local Users
1799| [1011283] CUPS Browsing Can Be Disabled By Remote Users
1800| [1009679] Apple Mac OS X CUPS Configuration Flaw Has Unspecified Impact
1801| [1008774] apcupsd Unsafe File Permissions Let Local Users Kill Arbitrary Processes
1802| [1008078] CUPS IPP Busy Loop May Let Remote Users Deny Service
1803| [1006836] CUPS Internet Printing Protocol HTTP Header Processing Flaw Lets Remote Users Deny Service
1804| [1006108] Apcupsd Format String Flaw May Let Remote Users Gain Root Access
1805| [1005853] Common UNIX Printing System (CUPS) 'pdftops' Integer Overflow May Let Remote Users Cause Arbitrary Code to Be Executed By a Target User
1806| [1005835] Common UNIX Printing System (CUPS) Has Multiple Bugs That Let Remote and Local Users Gain Root Privileges on the System
1807| [1003551] Common UNIX Printing System (CUPS) Buffer Overflow May Allow a Remote User to Execute Arbitrary Code or Crash the Process
1808| 
1809| OSVDB - http://www.osvdb.org:
1810| [92076] CUPS cups/http-support.c http_resolve_cb Function Memory Exhaustion Remote DoS
1811| [92075] CUPS scheduler/job.c load_request_root Function Memory Exhaustion DoS
1812| [92074] CUPS scheduler/job.c set_time Function NULL Pointer Dereference DoS
1813| [92073] CUPS cups/ipp.c ippReadIO Function NULL Pointer Dereference DoS
1814| [92072] CUPS cups/ipp-support.c ippEnumString Function Off-by-one Overflow DoS
1815| [92052] CUPS cupsd.conf Listen Directive Admin Interface Restriction IPv6 Connection Bypass
1816| [90648] Cisco Unified Presence Server (CUPS) Crafted SIP Packets CPU Consumption Remote DoS
1817| [87783] cups-pk-helper cupsGetFile / cupsPutFile Function Arbitrary File Overwrite
1818| [87635] CUPS on Linux /var/run/cups/certs/0 Permission Weakness Arbitrary File Manipulation
1819| [77214] system-config-printer cupshelper OpenPrinting Database Query MitM Package Installation Spoofing
1820| [76797] HP Linux Imaging and Printing (HPLIP) prnt/hpijs/hpcupsfax.cpp send_data_to_stdout() Function Symlink Local Arbitrary File Overwrite
1821| [74673] CUPS filter/image-gif.c gif_read_lzw Function Crafted LZW Stream Remote Overflow
1822| [68951] CUPS IPP Request Handling Use-After-Free Arbitrary Code Execution
1823| [65699] CUPS auth.c cupsDoAuthentication Function HTTP_UNAUTHORIZED Response Remote DoS
1824| [65698] CUPS cupsFileOpen Function Multiple Temporary File Symlink Arbitrary File Overwrite
1825| [65692] CUPS texttops.c _WriteProlog Function Memory Corruption
1826| [65569] CUPS Web Interface Form Variable Handling cupsd Process Memory Disclosure
1827| [65566] Apple Mac OS X Printing cgtexttops CUPS Filter Page Size Overflow
1828| [65555] Apple Mac OS X CUPS Web Interface Settings Manipulation CSRF
1829| [62715] CUPS lppasswd.c _cupsGetlang Function Format String Local Privilege Escalation
1830| [60204] CUPS scheduler/select.c cupsdDoSelect() Function Use-after-free DoS
1831| [59854] CUPS Web Interface admin/ kerberos Parameter XSS
1832| [58777] CUPS SSL Negotiation Unspecified Remote DoS
1833| [57951] Apple Mac OS X CUPS USB Backend Unspecified Local Overflow
1834| [56176] CUPS pdftops Filter PDF File Handling Multiple Unspecified Overflows
1835| [56174] CUPS PNG Image Size Validation Unspecified Overflow
1836| [56173] CUPS Scheduler Unspecified DNS Rebinding
1837| [55032] CUPS Scheduler Directory-services Functionality Browse Packet Timing Remote DoS
1838| [55002] CUPS cupsd cups/ipp.c ippReadIO Function IPP Packet Handling Remote DoS
1839| [54495] CUPS JBIG2 Decoder PDF File Handling Multiple Function Overflows
1840| [54490] CUPS Crafted PDF File JBIG2 Symbol Dictionary Segments Handling Overflow
1841| [54488] CUPS JBIG2 Decoder PDF File Handling Unitialized Memory Free DoS
1842| [54485] CUPS JBIG2 Decoder PDF File Handling Out-of-bounds Read DoS
1843| [54482] CUPS JBIG2 Decoder PDF File Handling NULL Dereference DoS
1844| [54479] CUPS JBIG2 Decoder PDF File Handling Invalid Free Arbitrary Code Execution
1845| [54476] CUPS JBIG2 Decoder PDF File Handling Unspecified Integer Overflow
1846| [54471] CUPS JBIG2 Decoder PDF File Handling Multiple Unspecified Input Validation Flaws Arbitrary Code Execution
1847| [54468] CUPS JBIG2 MMR Decoder Crafted PDF Handling Arbitrary Code Execution
1848| [54466] CUPS JBIG2 MMR Decoder Crafted PDF File Handling Infinite Loop DoS
1849| [54462] CUPS TIFF Image Decoding Routines Multiple Filter File Handling Overflows
1850| [54461] CUPS Web Interface HTTP Host Header Validation Weakness
1851| [52937] CUPS on Mandriva Linux /tmp/pdf.log Temporary File Symlink Arbitrary File Overwrite
1852| [50637] CUPS pstopdf /tmp/pstopdf.log Temporary File Symlink Arbitrary File Overwrite
1853| [50494] CUPS _cupsImageReadPNG Function PNG File Handling Overflow
1854| [50352] CUPS cgi-bin/admin.c Multiple RSS Subscription Function Policy Bypass CSRF
1855| [50351] CUPS cupsd RSS Subscription Saturation NULL Dereference DoS
1856| [49132] CUPS texttops WriteProlog Function Crafted PostScript File Handling Overflow
1857| [49131] CUPS imagetops read_rle16 Function Malformed SGI Image Handling Remote Overflow
1858| [49130] CUPS Hewlett-Packard Graphics Language (HPGL) Filter Multiple Opcode Handling Remote Code Execution
1859| [48699] CUPS cupsaddsmb Temporary File Cleartext Samba Credential Disclosure
1860| [44398] CUPS PNG File Handling Multiple Overflows
1861| [44330] CUPS on Red Hat Linux 64-bit pdftops Crafted PDF File Handling Overflow
1862| [44160] CUPS filter/image-gif.c gif_read_image() Function GIF Image Handling Overflow
1863| [43889] phpcups PHP module for CUPS Multiple Overflows
1864| [43382] CUPS Multiple HP-GL/2-to-PostScript Unspecified Input Validation Issues
1865| [43376] CUPS CGI Backend IPP Request Search Expression Handling (cgiCompileSearch) Remote Overflow
1866| [42159] CUPS Crafted IPP Packets Remote DoS
1867| [42158] CUPS Add / Remove Shared Printer Request Saturation DoS
1868| [42030] CUPS process_browse_data() Function Double-free Arbitrary Code Execution
1869| [42029] Alternate pdftops Filter for CUPS pdfin.[PID].tmp Symlink Arbitrary File Overwrite
1870| [42028] CUPS cups/ipp.c ippReadIO Function IPP Tag Handling Overflow
1871| [40725] Apple Mac OS X CUPS Service Crafted URI Local Overflow
1872| [40719] CUPS SNMP Back End (backend/snmp.c) asn1_get_string Function Crafted SNMP Response Remote Overflow
1873| [36124] Cisco CUCM / CUPS Unspecified SNMP Information Disclosure
1874| [36123] Cisco CUCM / CUPS Unspecified Cluster Services DoS
1875| [34594] Cisco CUCM / CUPS ICMP Echo Request Saturation DoS
1876| [34072] CUPS Incomplete SSL Negotiation Remote DoS
1877| [18797] CUPS on Mac OS X Print Job Saturation DoS
1878| [18796] CUPS on Mac OS X Partial IPP Request Connection Termination DoS
1879| [17912] CUPS Case Mismatch Printer Queue Password Bypass
1880| [15014] Apple Mac OS X CUPS Unspecified Configuration File Issue
1881| [12834] CUPS Malformed Traversal HTTP Request Remote DoS
1882| [12454] CUPS lppasswd passwd.new Arbitrary Append
1883| [12453] CUPS lppasswd passwd.new File Limit DoS
1884| [12439] CUPS ParseCommand() Function HPGL File Overflow
1885| [11048] CUPS Debugging Local Authentication Credential Disclosure
1886| [10749] APC apcupsd vsprintf Function Unspecified Multiple Overflows
1887| [10748] APC apcupsd Slave Server Request Format String
1888| [10746] CUPS Image Handler Remote Overflow
1889| [10745] CUPS HTTP Interface Remote Overflow
1890| [10744] CUPS File/Socket Return Value File Descriptor Consumption DoS
1891| [10743] CUPS image-gif.c Zero-Length GIF Image Header Arbitrary Code Execution
1892| [10742] CUPS jobs.c Options Strings Remote Overflow
1893| [10741] CUPS HTTP Request Multiple Header Negative Argument Overflow
1894| [10740] CUPS UDP Packet Arbitrary Printer Addition Privilege Escalation
1895| [10739] CUPS lp Privilege Arbitrary File Creation/Overwrite
1896| [10738] CUPS Insecure Temporary File Handling
1897| [10737] CUPS lppasswd Remote Overflow
1898| [10499] CUPS Printing Log Password Disclosure
1899| [9995] CUPS Internet Printing Protocol (IPP) Implementation Empty UDP Datagram Remote DoS
1900| [7304] CUPS CGI Form POST DoS
1901| [7303] CUPS Request File Deletion DoS
1902| [7302] CUPS Invalid Username Authentication Remote DoS
1903| [7058] Apple Mac OS X CUPS Web Admin Utility DoS
1904| [6064] CUPS httpGets() Function Overflow DoS
1905| [5380] CUPS ippRead Function Multiple Variable Overflow
1906| [4780] CUPS Partial IPP Request DoS
1907| [2761] CUPS Unspecified DoS
1908| [1683] APC apcupsd Local DoS
1909| [1413] CUPS Malformed IPP Request DoS
1910|_
1911999/tcp   filtered garcon
19121114/tcp  filtered mini-sql
19131839/tcp  filtered netopia-vo1
19143306/tcp  open     mysql?
19153580/tcp  filtered nati-svrloc
19163703/tcp  filtered adobeserver-3
19175222/tcp  filtered xmpp-client
19185432/tcp  filtered postgresql
19195811/tcp  filtered unknown
19208192/tcp  filtered sophos
19218443/tcp  filtered https-alt
19229001/tcp  filtered tor-orport
192316992/tcp filtered amt-soap-http
1924Service Info: OS: Unix
1925
1926Service detection performed. Please report any incorrect results at https://nmap.org/submit/ .
1927Nmap done: 1 IP address (1 host up) scanned in 1750.01 seconds
1928macs-MBP:vulscan khalidamin$ nmap -sV --script=vulscan/vulscan.nse 10.11.1.8