LPRng 3.6.x - Failure To Drop Supplementary Groups

/ source: https://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementary groups. As a result, the daemon and any child...

Due to insecure creation of configuration files via KApplication-class, local users can create arbitrary files when running setuid root KDE programs

Overview KApplication-class, a class used to create KDE applications, creates configuration files without checking for proper ownership or prior existence. Description KApplication-class, a class used to create KDE applications, creates configuration files. These files are created in a local...

CVE-2001-0358

Buffer overflows in Sierra Half-Life build 1573 and earlier allow remote attackers to execute arbitrary code via 1 a long map command, 2 a long exec command, or 3 long input in a configuration file...

CVE-2001-0289

Joe text editor 2.8 searches the current working directory CWD for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory...

iScouter PHP Web Portal System, MySQL Password in clear text

Hi all, I have found that i can easily retrieve MySQL password of the last iScouter PHP Web Portal System. Exploit : www.your-iScouter-web-portal.com/config.inc You can find those lines in clear text: $CFGDBSERVERTYPE = "mySQL"; $CFGDBHOST = "www.your-iScouter-web-portal.com"; $CFGDBUSERNAME =...

ProFTPD STAT Command Remote DoS

The remote FTP server is affected by a denial of service vulnerability that is triggered when it receives a specially crafted STAT command. A remote attacker can exploit this to cause the consumption of all available memory. C Tenable Network Security, Inc. Script audit and contributions from...

CVE-2000-0348

A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges...

[SECURITY] [DSA-041-1] joe local attack via joerc

Package : joe Problem type : local exploit Debian-specific: no Christer Öberg of Wkit Security AB found a problem in joe Joes Own Editor. joe will look for a configuration file in three locations: the current directory, the users homedirectory $HOME and in /etc/joe. Since the configuration file c...

Joe's Own Editor File Handling Error

WKIT SECURITY AB www.wkit.com TITLE: Joe's Own Editor File Handling Error ADVISORY ID: WSIR-01/02-02 REFERENCE: http://www.wkit.com/advisories CVE: GENERIC-MAP-NOMATCH CREDIT: Christer Цberg, Wkit Security AB CONTACT: [email protected] CLASS: File Handling Error OBJECT: joe1 exec VENDOR: Josef ...

CVE-2000-1148

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server...

CVE-2000-0565

SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. dot dot attack...

ezmlm-cgi/ezmlm-idx-0.40 security advisory

Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....

Дырка в ezmlm-cgi

Пользователь может задать собственный конфигурационный файл и выполнить любые команды...

CVE-2000-1004

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters...

Decrypting passwords for SmartServer 3

Product: Smart Server 3 by NetCPlus Version: 3.75 others? OS: Windows NT/2000/9x Description: SmartServer3 SS3 is a small business email server from NetCPlus. It installs by default in C:Program Filessmartserver3 . In this folder it stores a configuration file called 'dialsrv.ini' . This file is...

Decrypting passwords for BrowseGate

Product: BrowseGate by NetCPlus Version: 2.80.2 others? OS: Windows NT/2000/9x Description: BrowseGate is a proxy firewall from NetCPlus. BrowseGate is sometimes installed on servers along with other network applications including SmartServer3 with which it is made to integrate. BrowseGate instal...

NetcPlus SmartServer3 3.75 - Weak Encryption

NetcPlus SmartServer3 3.75 - Weak Encryption / source: https://www.securityfocus.com/bid/1962/info SmartServer3 is an email server designed for small networks. A design error exists in SmartServer3 which enables an authenticated user to view other users login information and possibly gain access ...

NetcPlus BrowseGate 2.80.2 - Weak Encryption

/ source: https://www.securityfocus.com/bid/1964/info BrowseGate is a proxy server which supports most standard protocols. A design error exists in BrowseGate which enables an authenticated user to view other users encrypted passwords. BrowseGate by default intalls in the...

NetcPlus SmartServer3 3.75 - Weak Encryption

/ source: https://www.securityfocus.com/bid/1962/info SmartServer3 is an email server designed for small networks. A design error exists in SmartServer3 which enables an authenticated user to view other users login information and possibly gain access to passwords. SmartServer3 by default intsall...

CVE-2000-0602

Secure Locate slocate in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATEPATH environmental variable...