7617 matches found
python: untrusted python modules search path
Untrusted search path vulnerability in the PySysSetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv0 argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse...
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / current : pidgin (SSA:2010-361-01)
New pidgin packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a denial of service security issue. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Slackware Security Advisory...
PT-2010-5200 · Microsoft · Windows Server 2003 +4
Name of the Vulnerable Software and Affected Versions: Windows Media Encoder 9 versions on Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP1 and SP2, and Windows Server 2008 Gold and SP2 Description: The issue allows local users to gain privileges via a Trojan horse DLL...
PT-2010-5202 · Microsoft · Windows Movie Maker
Name of the Vulnerable Software and Affected Versions: Microsoft Windows Movie Maker version 2.6 Description: The issue is related to an untrusted search path vulnerability, which allows local users to gain privileges. This can be achieved by placing a Trojan horse DLL in the current working...
DEBIAN-CVE-2010-4167
Untrusted search path vulnerability in configure.c in ImageMagick before 6.6.5-5, when MAGICKCOREINSTALLEDSUPPORT is defined, allows local users to gain privileges via a Trojan horse configuration file in the current working directory...
DEBIAN-CVE-2010-4159
Untrusted search path vulnerability in metadata/loader.c in Mono 2.8 and earlier allows local users to gain privileges via a Trojan horse shared library in the current working directory...
DEBIAN-CVE-2010-4000
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
UBUNTU-CVE-2010-4001
DISPUTED GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to th...
DEBIAN-CVE-2010-3999
gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
UBUNTU-CVE-2010-3996
festivalserver in Centre for Speech Technology Research CSTR Festival, probably 2.0.95-beta and earlier, places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
PT-2010-5231 · Gromacs Development Team · Gromacs
Name of the Vulnerable Software and Affected Versions: Gromacs versions 4.5.1 and earlier Description: The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to GMXRC.bash placing a zero-length directory name in the LD LIBRA...
[slackware-security] mozilla-thunderbird
New mozilla-thunderbird packages are available for Slackware 13.1 and -current to fix security issues. Here are the details from the Slackware 13.1 ChangeLog: patches/packages/mozilla-thunderbird-3.0.9-i686-1.txz: Upgraded. This upgrade fixes some more security bugs. For more information, see:...
CVE-2010-3365
Mistelix 0.31 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
DEBIAN-CVE-2010-3364
The vips-7.22 script in VIPS 7.22.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
DEBIAN-CVE-2010-3385
TuxGuitar 1.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
DEBIAN-CVE-2010-3381
The 1 tangerine and 2 tangerine-properties scripts in Tangerine 0.3.2.2 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3362
lastfm 1.5.4 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3365
Mistelix 0.31 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3360
Hipo 0.6.1 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...
CVE-2010-3350
bareFTP 0.3.4 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...