229 matches found
xscreensaver local arbitrary file disclosure | symlink attack
xscreensaver local arbitrary file disclosure | symlink attack The "xscreensaver" program distributed normally with Xorg can be abused to disclose local files owned by other users also of the root account. Xscreensaver has the setuid bit on by default Example: Opensolaris The xscreensaver program...
CVE-2008-5397
Tor before 0.2.0.32 does not properly process the 1 User and 2 Group configuration options, which might allow local users to gain privileges by leveraging unintended supplementary group memberships of the Tor process...
CVE-2008-4360
moduserdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a...
Low: Red Hat Security Advisory: dovecot security and bug fix update
An updated dovecot package that fixes several security issues and various bugs is now available for Red Hat Enterprise Linux 5. This update has been rated as having low security impact by the Red Hat Security Response Team. Dovecot is an IMAP server for Linux and UNIX-like systems, primarily...
GLSA-200708-13 : BIND: Weak random number generation
The remote host is affected by the vulnerability described in GLSA-200708-13 BIND: Weak random number generation Amit Klein from Trusteer reported that the random number generator of ISC BIND leads, half the time, to predictable 1 chance to 8 query IDs in the resolver routine or in zone transfer...
GLSA-200606-09 : SpamAssassin: Execution of arbitrary code
The remote host is affected by the vulnerability described in GLSA-200606-09 SpamAssassin: Execution of arbitrary code When spamd is run with both the '--vpopmail' -v and '--paranoid' -P options, it is vulnerable to an unspecified issue. Impact : With certain configuration options, a local or eve...
SpamAssassin: Execution of arbitrary code
Background SpamAssassin is an extensible email filter used to identify junk email. spamd is the daemonized version of SpamAssassin. Description When spamd is run with both the "--vpopmail" -v and "--paranoid" -P options, it is vulnerable to an unspecified issue. Impact With certain configuration...
Iris network Sniffer used with skill-the loophole warning-the black bar safety net
| The following part of the translation from iris comes with the Help file 1. 【Iris】 A good performance of the Sniffer. Sniffer English is Sniff, which is mounted in a computer and listening devices, monitored by computer data. 2. 【Iris installation position】 As a Sniffer, it can only be captured...
viewcvs -- information leakage
The hidecvsroot and forbidden configuration options are not properly honored by viewcvs when exporting to a tar file which can lead to information leakage...