CVE-2001-0782

KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file...

ht://Dig htsearch Multiple Vulnerabilities

The remote CGI htsearch allows the user to supply his own configuration file using the '-c' switch, as in : /cgi-bin/htsearch?-c/some/config/file This file is not displayed by htsearch. However, if an attacker manages to upload a configuration file to the remote server, it may make htsearch read...

CVE-2001-0713

Sendmail before 8.12.1 does not properly drop privileges when the -C option is used to load custom configuration files, which allows local users to gain privileges via malformed arguments in the configuration file whose names contain characters with the high bit set, such as 1 macro names that ar...

CVE-2001-0753

Cisco CBOS 2.3.8 and earlier stores the passwords for 1 exec and 2 enable in cleartext in the NVRAM and a configuration file, which could allow unauthorized users to obtain the passwords and gain privileges...

Проблемы в ht://Dig (input validation)

Отсутствие проверки ввода пользователя позволяет задать конфигурационный файл...

Re: Bug found in ht://Dig htsearch CGI

Name: ht://Dig htsearch CGI Versions affected: 3.1.0b2 and more recent, including 3.1.5 and 3.2.0b3 Vulnerability: Potential remote exposure. Denial of Service. Details: The htsearch CGI runs as both the CGI and as a command-line program. The command-line program accepts the -c filename to read i...

CVE-2001-1032

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to...

CVE-1999-1549

Lynx 2.x is affected by CVE-1999-1549 due to not distinguishing internal vs external HTML. This can permit a local attacker to read a hidden, secure form value from a temporary file and craft a LYNXOPTIONS URL that causes Lynx to modify the user’s configuration file and execute commands. The PT S...

CVE-2000-1191

CVE-2000-1191 affects htsearch in htDig up to 3.2 beta, 3.1.6, 3.1.5 and earlier. The vulnerability arises when a non-existent configuration file is requested via the config parameter, causing an error message that reveals the server’s full path. This exposes potential information about the serve...

CVE-1999-1344

AutoFTP.pl script in AutoFTP 0.2 stores usernames and passwords in plaintext in the autoftp.conf configuration file...

CVE-1999-1229

Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file...

CVE-1999-1344

CVE-1999-1344 affects Auto_FTP 0.2, where Auto_FTP.pl stores usernames and passwords in plaintext in the auto_ftp.conf file. The underlying issue is plaintext credential storage, enabling disclosure of credentials over the network (NVD metric: CVSSv2 v2.0 base score 7.5, HIGH). Exploitation detai...

CVE-1999-1220

CVE-1999-1220 affects Majordomo 1.94.3 and earlier. The vulnerability lies in the advertise/noadvertise directives in a configuration file, where shell metacharacters in the Reply-To header can allow a remote attacker to execute arbitrary commands. According to the provided description, exploitat...

CVE-1999-1125

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file...

CVE-2000-1191

htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows remote attackers to determine the physical path of the server by requesting a non-existent configuration file using the config parameter, which generates an error message that includes the full path...

CVE-1999-1323

Norton AntiVirus for Internet Email Gateways NAVIEG 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange NAVMSE 1.5 and earlier, store the administrator password in cleartext in 1 the navieg.ini file for NAVIEG, and 2 the ModifyPassword registry key in NAVMSE...

CVE-1999-1296

Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRBCONF environmental variable...

Wvdial insecure conf?

I've compiled and installed wvdial a dialer for dial up connection and the program wvdialconf generate a file called wvdial.conf. In this file : AT strings, username, pass and another setting like /etc/ppp/options. But now the problem, with ls -l -rw-r--r-- 1 root root 335 Aug 1 18:21 wvdial.conf...

CVE-2001-1258

Horde Internet Messaging Program IMP before 2.2.6 allows local users to read IMP configuration files and steal the Horde database password by placing the prefs.lang file containing PHP code on the server...

Exploit for xinetd-2.1.8.9pre11-1

Hi bugtraq. I read the zen-parse's advisory about the 'potential' overflow, as he said, in xinetd-2.1.8.9pre11-1 and I tried to work around it. First of all we have to remember that the bof occurs only if, in the configuration file of the daemon, there is an entry like this: logonsuccess = HOST P...