DSA-555-1 freenet6 - file permissions

Bulletin has no description...

Debian DSA-041-1 : joe - local exploit

Christer Oberg of Wkit Security AB found a problem in joe Joe's Own Editor. joe will look for a configuration file in three locations: The current directory, the users homedirectory $HOME and in /etc/joe. Since the configuration file can define commands joe will run for example to check spelling...

Debian DSA-303-1 : mysql - privilege escalation

CAN-2003-0073: The mysql package contains a bug whereby dynamically allocated memory is freed more than once, which could be deliberately triggered by an attacker to cause a crash, resulting in a denial of service condition. In order to exploit this vulnerability, a valid username and password...

Debian DSA-509-1 : gatos - privilege escalation

Steve Kemp discovered a vulnerability in xatitv, one of the programs in the gatos package, which is used to display video with certain ATI video cards. xatitv is installed setuid root in order to gain direct access to the video hardware. It normally drops root privileges after successfully...

Debian DSA-304-1 : lv - privilege escalation

Leonard Stiles discovered that lv, a multilingual file viewer, would read options from a configuration file in the current directory. Because such a file could be placed there by a malicious user, and lv configuration options can be used to execute commands, this represented a security...

Debian DSA-080-1 : htdig - unauthorized gathering of data

Nergal reported a vulnerability in the htsearch program which is distributed as part of the ht://Dig package, an indexing and searching system for small domains or intranets. Using former versions it was able to pass the parameter -c to the cgi program in order to use a different configuration...

[ANNOUNCE] Apache HTTP Server 2.0.51 Released

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The Apache Software Foundation and the The Apache HTTP Server Project are pleased to announce the release of version 2.0.51 of the Apache HTTP Server "Apache". This Announcement notes the significant changes in 2.0.51 as compared to 2.0.50. This versi...

ZoneAlarm Pro Configuration File/Directory Permission Weakness DoS

This host is running a version of ZoneAlarm Pro that contains a flaw which may allow a local denial of service. To exploit this flaw, an attacker would need to tamper with the files located in %windir%/Internet Logs. An attacker may modify them and prevent ZoneAlarm from starting up properly. C...

Serverview weak permissions

Weak permissions for configuration file allow to change SNMP MIBs structure...

CVE-2004-0160

Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file...

CVE-2004-0160

Removed by vendor...

GLSA-200405-03 : ClamAV VirusEvent parameter vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-03 ClamAV VirusEvent parameter vulnerability The VirusEvent parameter in the clamav.conf configuration file allows to specify a system command to run whenever a virus is found. This system command can make use of the '%f'...

GLSA-200405-07 : Exim verify=header_syntax buffer overflow

The remote host is affected by the vulnerability described in GLSA-200405-07 Exim verify=headersyntax buffer overflow When the option 'verify = headersyntax' is used in an ACL in the configuration file, Exim is vulnerable to a buffer overflow attack that can be triggered remotely by sending...

&RQ DoS bug

===RUS При длинном запросе на авторизацию старого образца &RQ любой версии выдает много ошибок, в некоторых случаях требуется переустановка клиента. После разговора с Rejetto, он прислал файл конфигурации, который закрывает эту брешь. icq 7000000 [email protected] с уважением, RdM-YanDeX ===ENG...

Sendmail < 8.12.1 Custom Configuration File Privilege Escalation

Binary data 2030.prm...

Apache Httpd < 2.0.51 : Environment variable expansion flaw

A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...

Mandrake Linux Security Advisory : apache (MDKSA-2003:103)

A buffer overflow in modalias and modrewrite was discovered in Apache versions 1.3.19 and earlier as well as Apache 2.0.47 and earlier. This happens when a regular expression with more than 9 captures is confined. An attacker would have to create a carefully crafted configuration file .htaccess o...

HP-UX Xfs buffer overflow

Buffer overflow on oversized line in configuration file sgid bin...

CVE-2004-0697

CVE-2004-0697 affects 4D WebSTAR 5.3.2 and earlier. The vulnerability permits remote attackers to read the php.ini configuration file, potentially exposing sensitive information. The NVD entry lists a base CVSS v2 score of 5.0 (Medium) with network access and low complexity, but no exploitation d...

RHEL 2.1 : lv (RHSA-2003:167)

Updated lv packages that fix the possibility of local privilege escalation are now available. Lv is a powerful file viewer similar to less. It can decode and encode multilingual streams through many coding systems, such as ISO-8859, ISO-2022, EUC, SJIS Big5, HZ, and Unicode. A bug has been found ...