Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.

October 7, 2000 Security Advisory shop.cgi.ad-1.00-10 : Hassan Consulting's Shopping Cart shop.cgi Directory Traversal Vulnerability Affected Product: Hassan Consulting's Shopping Cart shop.cgi/shop.pl Version 1.18 possibly others aswell Affected Platforms: Unix Windows Overview: Hassan...

Дыркав Aplio Pro

Обратный путь в директориях позволяет обратиться к конфигурационному файлу содержащему пароли в открытом виде...

clientagent662.txt

Client Agent 6.62 for Unix Vulnerability Tested on a Debian 2.2.14 Introduction -------------- Client Agent has a hole allowing to execute an arbitrary code by root without its knowing. In the meantime, some conditions are necessary to exploit this vulnerability. Description ------------ Client...

Дырка в vqserver

используя обратный путь в директориях .. можно получить любой файл с сервера, включая файл конфигурации, содержащий пароль администратора...

Client Agent 6.62 for Unix Vulnerability

Client Agent 6.62 for Unix Vulnerability Hi all, Excuse-me for my poor english : I discover a vulnerability in Client Agent 6.62 for Unix. It's tested on a Debian 2.2.14 Perhaps it doesn't important. Introduction -------------- Client Agent has a hole allowing to execute an arbitrary code by root...

Netscape Administration Server /admin-serv/config/admpw Admin Password Disclosure

The file /admin-serv/config/admpw is readable. This file contains the encrypted password for the Netscape administration server. Although it is encrypted, an attacker may attempt to crack it by brute force. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid10468;...

CVE-2000-0018

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file...

Дырка в libedit

libedit ищет конфигурационный файл в текущей директории, что может быть использовано для подмены файла с целью обмана пользователя...

FreeBSD-SA-00:24.libedit

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-00:24 Security Advisory FreeBSD, Inc. Topic: libedit reads config file from current directory Category: core Module: libedit Announced: 2000-07-05 Affects: All versions of...

CVE-2000-0602

Secure Locate slocate in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATEPATH environmental variable...

Дырка в snmpd под HPUX

Конфигурационный файл открыт на запись...

CVE-2000-0565

SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. dot dot attack...

Дырка в apsfilter

Некорректная работа с файлами конфигурации позволяет пользователю выполнять команды как root...

Shiva Access Manager 5.0.0 Plaintext LDAP root password.

In testing Intel's Shiva Access Manager RADIUS/Tacacs+ product, i recently came across an important security hole in the LDAP connectivity on the Solaris platform version of this product. When you configure the S.A.M. to store all of it's information in an LDAP directory, it asks that you give it...

CVE-2000-0537

BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable...

CVE-1999-0754

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable...

KDE::KApplication feature?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------ TESO Security Advisory 2000/05/29 KDE KApplication configfile vulnerability Summary =================== A bug within the KDE configuration-file management has been discovered. Due to insecure creation of configuration files via...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (2)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

cgimail.txt

Advisory: CGIMailer v3.01 for Windows 95/98/2000/NT4.0 Chopsui-cideMmM The Mad Midget Mafia - http://midgets.box.sk/ ======================================================================= Summary: ========== Date released: 15/03/2000 dd/mm/yyyy. Risk: reading of private files. Vulnerability foun...