Sun

Cobalt Raq 2

12 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
Exploit
  • EPSS 0.91%
  • Veröffentlicht 12.08.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:25

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

  • EPSS 6.48%
  • Veröffentlicht 25.06.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:15

Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attackers to execute arbitrary script as other Cobalt users via Javascript in a URL to (1) service.cgi or (2) alert.cgi.

  • EPSS 5.59%
  • Veröffentlicht 25.06.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:15

Directory traversal vulnerability in Cobalt RAQ 4 allows remote attackers to read password-protected files, and possibly files outside the web root, via a .. (dot dot) in an HTTP request.

Exploit
  • EPSS 7.7%
  • Veröffentlicht 25.06.2002 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:57:15

service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long service argument.

  • EPSS 3.35%
  • Veröffentlicht 24.05.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:44

Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.

  • EPSS 1.4%
  • Veröffentlicht 22.05.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:43

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

Exploit
  • EPSS 1.17%
  • Veröffentlicht 21.04.2000 04:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:28

Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

  • EPSS 7.3%
  • Veröffentlicht 31.03.2000 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:17

The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

  • EPSS 0.44%
  • Veröffentlicht 30.01.2000 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:51:02

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).

  • EPSS 1.42%
  • Veröffentlicht 19.11.1999 05:00:00
  • Zuletzt bearbeitet 16.06.2026 21:49:08

Denial of service in Linux syslogd via a large number of connections.