KDE::KApplication feature?

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------ TESO Security Advisory 2000/05/29 KDE KApplication configfile vulnerability Summary =================== A bug within the KDE configuration-file management has been discovered. Due to insecure creation of configuration files via...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (2)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

KDE 1.1.2 KApplication configfile - Local Privilege Escalation (1)

source: https://www.securityfocus.com/bid/1291/info The KDE configuration-file management has a bug which could result in root compromise. Due to insecure creation of configuration rc files via KApplication-class, local users can modify ownership of arbitrary files when running setuid root...

cgimail.txt

Advisory: CGIMailer v3.01 for Windows 95/98/2000/NT4.0 Chopsui-cideMmM The Mad Midget Mafia - http://midgets.box.sk/ ======================================================================= Summary: ========== Date released: 15/03/2000 dd/mm/yyyy. Risk: reading of private files. Vulnerability foun...

The ht://Dig Group ht://Dig 3.1.1/3.1.2/3.1.3/3.1.4/3.2 .0b1 - Arbitrary File Inclusion

source: https://www.securityfocus.com/bid/1026/info ht://dig is a web content search engine for Unix platforms. The software is set up to allow for file inclusion from configuration files. Any string surrounded by the opening singlw quote character is taken as a path to a file for inclusion, for...

CVE-2000-0163

CVE-2000-0163 affects FreeBSD components asmon and ascpu; local users can escalate to root via a configuration file. The connected documents confirm the vulnerable elements but do not provide version-specific details, exploit vectors, or explicit remediation steps. The impact is local privilege e...

CVE-2000-1220

The line printer daemon lpd in the lpr package in multiple Linux operating systems allows local users to gain root privileges by causing sendmail to execute with arbitrary command line arguments, as demonstrated using the -C option to specify a configuration file...

CVE-2000-0037

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file...

CVE-2000-0018

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file...

CVE-1999-1549

Lynx 2.x does not properly distinguish between internal and external HTML, which may allow a local attacker to read a "secure" hidden form value from a temporary file and craft a LYNXOPTIONS: URL that causes Lynx to modify the user's configuration file and execute commands...

CVE-1999-1344

AutoFTP.pl script in AutoFTP 0.2 stores usernames and passwords in plaintext in the autoftp.conf configuration file...

realserver.passwd.txt

Date: Wed, 14 Apr 1999 10:45:50 +0200 From: Francisco M. Marzoa Alonso To: [email protected] Subject: Real Media Server stores passwords in plain text My real media server information: fmmarzoa@alexander:/usr/local/rserver/Bin rmserver -version Creating Server Space... Starting RealServer 6.0...

pegasus.mail.passwd.txt

Date: Sat, 15 May 1999 12:42:12 +0000 From: galldor To: [email protected] Subject: Pegasus Mail weak encryption --------------------------------------------------------------------- Pegasus Mail Weak Encryption Versions Effected: ALL but I wrote about the V2 encryption on 3.0+ Bug Found by:...

CVE-1999-0754

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable...

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information

source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive information pertaining to an SQL database. The AdSamples directory is a part of the Ad...

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information

Microsoft Site Server Commerce Edition 3.0 alpha - AdSamples Sensitive Information source: https://www.securityfocus.com/bid/256/info A vulnerability in Microsoft Site Server's Ad Server Sample directory allows the retrieval of a site's configuration file SITE.CSC which contains sensitive...

CVE-1999-1323

Norton AntiVirus for Internet Email Gateways NAVIEG 1.0.1.7 and earlier, and Norton AntiVirus for MS Exchange NAVMSE 1.5 and earlier, store the administrator password in cleartext in 1 the navieg.ini file for NAVIEG, and 2 the ModifyPassword registry key in NAVMSE...

CVE-1999-1229

Quake 2 server 3.13 on Linux does not properly check file permissions for the config.cfg configuration file, which allows local users to read arbitrary files via a symlink from config.cfg to the target file...

CVE-1999-1125

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file...

CVE-1999-1296

Buffer overflow in Kerberos IV compatibility libraries as used in Kerberos V allows local users to gain root privileges via a long line in a kerberos configuration file, which can be specified via the KRBCONF environmental variable...