kpopup 0.9.x - Privileged Command Execution

kpopup 0.9.x - Privileged Command Execution // source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3...

ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front

ZH2003-28SA security advisory: file inclusion vulnerability in PayPal Store Front Published: 08 October 2003 Name: PayPal Store Front Affected Versions: 3.0 and other versions? Vendor: http://www.muziqpakistan.net/taz/ Issue: file inclusion vulnerability Author: Astharot at Zone-H.org Description...

OpenSSH < 3.7.1 Multiple Vulnerabilities

According to its banner, the remote SSH server is running a version of OpenSSH older than 3.7.1. Such versions are vulnerable to a flaw in the buffer management functions that might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note...

CVE-2003-0644

Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands...

DSA-364-3 man-db - buffer overflows, arbitrary command execution

Bulletin has no description...

DSA-364-2 man-db - buffer overflows, arbitrary command execution

Bulletin has no description...

DSA-364 man-db - buffer overflows, arbitrary command execution

Bulletin has no description...

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...

[CLA-2003:711] Conectiva Security Announcement - mnogosearch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : mnogosearch SUMMARY : Remote buffer overflow...

Adobe Acrobat Reader (UNIX) 5.0 6 Xpdf 0.9x Hyperlinks - Arbitrary Command Execution

Adobe Acrobat Reader UNIX 5.0 6 Xpdf 0.9x Hyperlinks - Arbitrary Command Execution source: https://www.securityfocus.com/bid/7912/info A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled with...

Adobe Acrobat Reader (UNIX) 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/7912/info A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled within the viewer. Allegedly, by placing a specially formatted hyperlink within a PDF...

Moderate: Red Hat Security Advisory: : : : Updated hanterm packages provide security fixes

Updated hanterm packages fix two security issues. Hangul Terminal is a terminal emulator for the X Window System, based on Xterm. Hangul Terminal provides an escape sequence for reporting the current window title, which essentially takes the current title and places it directly on the command lin...

CVE-2003-0354

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job...

AIX 4.3.35.x - Getlvcb Command Line Argument Buffer Overflow (1)

AIX 4.3.35.x - Getlvcb Command Line Argument Buffer Overflow 1 source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Da...

RedHat 9.0 / Slackware 8.1 - &#039;/bin/mail&#039; Carbon Copy Field Buffer Overrun

source: https://www.securityfocus.com/bid/7760/info A vulnerability has been discovered in the Linux /bin/mail utility. The problem occurs when processing excessive data within the carbon copy field. Due to insufficient bounds checking while parsing this information it may be possible to trigger ...

Samba 2.2.x - call_trans2open Remote Buffer Overflow (3)

Samba 2.2.x - calltrans2open Remote Buffer Overflow 3 // source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server,...

Samba 2.2.x - &#039;call_trans2open&#039; Remote Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt...

unhappycgi.txt

Advisory URL: http://securitytracker.com/alerts/2003/May/1006707.html Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 Title: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands Description: Revin Aldi reported an input validation vulnerability in the...

HappyMall Multiple Script Arbitrary Command Execution

There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...

CVE-2003-0171

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program...