VYPR

Sarg

by Sarg

CVEs (4)

  • CVE-2008-1167Mar 5, 2008
    risk 0.01cvss epss 0.07

    Stack-based buffer overflow in the useragent function in useragent.c in Squid Analysis Report Generator (Sarg) 2.2.3.1 allows remote attackers to execute arbitrary code via a long Squid proxy server User-Agent header. NOTE: some of these details are obtained from third party…

  • CVE-2019-18932Jan 21, 2020
    risk 0.00cvss epss 0.00

    log.c in Squid Analysis Report Generator (sarg) through 2.3.11 allows local privilege escalation. By default, it uses a fixed temporary directory /tmp/sarg. As the root user, sarg creates this directory or reuses an existing one in an insecure manner. An attacker can pre-create…

  • CVE-2008-7250Dec 30, 2009
    risk 0.00cvss epss 0.01

    Cross-site scripting (XSS) vulnerability in Squid Analysis Report Generator (Sarg) 2.2.4 allows remote attackers to inject arbitrary web script or HTML via a JavaScript onload event in the User-Agent header, which is not properly handled when displaying the Squid proxy log.…

  • CVE-2008-1922May 13, 2008
    risk 0.00cvss epss 0.04

    Multiple stack-based buffer overflows in Sarg might allow attackers to execute arbitrary code via unknown vectors, probably a crafted Squid log file.