Vulnerabilities > SGI

DATE CVE VULNERABILITY TITLE RISK
2015-08-25 CVE-2012-2150 Information Exposure vulnerability in SGI Xfsprogs 3.2.3
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
network
low complexity
sgi CWE-200
5.0
2012-11-29 CVE-2012-5530 Permissions, Privileges, and Access Controls vulnerability in SGI Performance Co-Pilot
The (1) pcmd and (2) pmlogger init scripts in Performance Co-Pilot (PCP) before 3.6.10 allow local users to overwrite arbitrary files via a symlink attack on a /var/tmp/##### temporary file.
local
low complexity
sgi CWE-264
2.1
2012-01-04 CVE-2011-3337 Permissions, Privileges, and Access Controls vulnerability in Eeye products
eEye Audit ID 2499 in eEye Digital Security Audits 2406 through 2423 for eEye Retina Network Security Scanner on HP-UX, IRIX, and Solaris allows local users to gain privileges via a Trojan horse gauntlet program in an arbitrary directory under /usr/local/.
6.9
2010-05-20 CVE-2010-1039 USE of Externally-Controlled Format String vulnerability in multiple products
Format string vulnerability in the _msgout function in rpc.pcnfsd in IBM AIX 6.1, 5.3, and earlier; IBM VIOS 2.1, 1.5, and earlier; NFS/ONCplus B.11.31_09 and earlier on HP HP-UX B.11.11, B.11.23, and B.11.31; and SGI IRIX 6.5 allows remote attackers to execute arbitrary code via an RPC request containing format string specifiers in an invalid directory name.
network
low complexity
hp ibm sgi CWE-134
critical
10.0
2007-12-04 CVE-2007-6232 Cross-Site Scripting vulnerability in FTP Admin 0.1.0
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
4.3
2007-09-18 CVE-2007-4938 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
7.6
2005-12-31 CVE-2005-3626 Resource Management Errors vulnerability in multiple products
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
5.0
2005-12-31 CVE-2005-3625 Resource Management Errors vulnerability in multiple products
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
10.0
2005-12-31 CVE-2005-3624 Numeric Errors vulnerability in multiple products
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
5.0
2005-10-12 CVE-2005-2925 Local Privilege Escalation vulnerability in SGI Irix 6.5.22
runpriv in SGI IRIX allows local users to bypass intended restrictions and execute arbitrary commands via shell metacharacters in a command line for a privileged binary in /usr/sysadm/privbin.
local
low complexity
sgi
7.2