CVE-2005-0194

Squid 2.5, when processing the configuration file, parses empty Access Control Lists ACLs, including proxyauth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warning...

DSA-659-1 libpam-radius-auth - information leak, integer underflow

Bulletin has no description...

zhcon privilege escalation

Configuration file is accesses with escalated privileges...

DSA-644-1 chbg - buffer overflow

Bulletin has no description...

CVE-2004-1076

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file...

QwikiWiki - Directory Traversal

REQUEST: http://SERVER/qwiki/index.php?page=../config.php%00 milw0rm.com 2005-01-04...

[EXPL] iWebNegar Configuration Nullification (DoS)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

CVE-2004-2610

mntdmount.c in mntd before 0.4.2 might allow local users to gain privileges via shell metacharacters in a remount option in the configuration file. NOTE: It is not clear whether this is a vulnerability because there is not necessarily any common usage in which privilege boundaries are crossed...

CVE-2004-1541

SecureCRT 4.0, 4.1, and possibly other versions, allows remote attackers to execute arbitrary commands via a telnet:// URL that uses the /F option to specify a configuration file on a samba share...

CVE-2004-2708

Gyach Enhanced Gyach-E before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file...

Moderate: Red Hat Security Advisory: squirrelmail security update

An updated SquirrelMail package that fixes a cross-site scripting vulnerability is now available. SquirrelMail is a webmail package written in PHP. A cross-site scripting bug has been found in SquirrelMail. This issue could allow an attacker to send a mail with a carefully crafted header, which...

CVE-2004-0563

The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password...

CVE-2004-0563

The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password...

PHP 4.3.9 + phpBB 2.x - Unserialize() Remote Information Leak

PHP 4.3.9 + phpBB 2.x - Unserialize Remote Information Leak // Compiled version: https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/697.rar phpbbmemorydump.rar // Source serv.cpp is at the bottom of the page - str0ke // Notes from author: // compile with borland c+...

CVE-2004-1076

Multiple buffer overflows in the RtConfigLoad function in rt-config.c for Atari800 before 1.3.4 allow local users to execute arbitrary code via large values in the configuration file...

atari800 - Local Privilege Escalation

atari800 - Local Privilege Escalation / Exploit for atari800 by pi3 pi3ki31ny pi3@pi3:$ ./p ...::: -= exploit for Atari800 by pi3 pi3ki31ny =- :::... Ussage: + ./p options -? -v choose a bug: 1 - first bug in all versions Atari800 2 - second bug in older Atari800 - modiy argv0 3 - third bug in...

CVE-2004-1031

CVE-2004-1031 affects Fcron (notably 2.0.1 and 2.9.4) and potentially earlier versions. The issue allows a local user to bypass access restrictions and load an arbitrary fcron configuration file by starting a setuid process and pointing the fcronsighup configuration file at a /proc entry owned by...

CVE-2004-0563

The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password...

CVE-2004-0563

Summary of confirmed details for CVE-2004-0563: The issue affects the freenet6 client on Debian Linux prior to version 0.9.6 and prior to 1.0, where the tspc.conf file is world-readable, enabling local users to potentially read sensitive information such as usernames and passwords. The root cause...

Debian DSA-576-1 : squid - several vulnerabilities

Several security vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-1999-0710 It is possible to bypass access lists and scan arbitrary hosts and ports in...