4767 matches found
CVE-2006-4842
The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...
EUVD-2006-4829
The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...
CVE-2006-4842
CVE-2006-4842 is documented as a local privilege-escalation in Netscape Portable Runtime (libnspr) where LIBNSPR prior to 4.6.3 allows the user to influence the log file via the NSPR_LOG_FILE environment variable. Evidence in connected docs shows Solaris-specific context: unpatched Solaris system...
cpexploit.txt
All cPanel versions which were released before August 23rd are vulnerable to a local root exploit. Exact version numbers are unclear. Doing a "ls -l /usr/local/cpanel/version" is a good way to determine the last time cPanel was updated. This exploit made the news when it was used to circulate an ...
CVE-2006-4803
The Fan-Out Linux and UNIX receiver scripts in Novell Identity Manager IDM 3.0.1 allows local users to execute arbitrary commands via unspecified vectors involving certain environment variables and "code injection."...
psraptor.txt
!/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local users the ability to see environment variables and the...
Solaris 8 / 9 (/usr/ucb/ps) Local Information Leak Exploit
No description provided by source. !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi [email protected] A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged...
Solaris 89 - usrucbps Local Information Leak
Solaris 89 - usrucbps Local Information Leak !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local users the...
Solaris 8 / 9 (/usr/ucb/ps) Local Information Leak Exploit
Exploit for solaris platform in category local exploits ========================================================== Solaris 8 / 9 /usr/ucb/ps Local Information Leak Exploit ========================================================== !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $...
Solaris 8/9 - '/usr/ucb/ps' Local Information Leak
!/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the "/usr/ucb/ps" see ps1B command may allow unprivileged local users the ability to see environment variables and the...
Apple Mac OSX 10.4.6 (x86) - 'launchd' Local Format String
!/usr/bin/perl http://www.digitalmunition.com/FailureToLaunch.pl Code by Kevin Finisterre kflistsatdigitalmunitiondotcom This is a practical application of Non Executable Stack Lovin - http://www.digitalmunition.com/NonExecutableLovin.txt This code currently jumps into 0x1811111 via dyldstubclose...
SAP sapdba for Informix database administration utility privilege escalation
Improper environment cariables validation allows to run any command with informix rights...
FreeBSD : openvpn -- LD_PRELOAD code execution on client through malicious or compromised server (be4ccb7b-c48b-11da-ae12-0002b3b60e4c)
Hendrik Weimer reports : OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...
[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1045-1 [email protected] http://www.debian.org/security/ Martin Schulze April 27th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 1045-1] New OpenVPN packages fix arbitrary code execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 1045-1 [email protected] http://www.debian.org/security/ Martin Schulze April 27th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 946-2 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...
[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation
-------------------------------------------------------------------------- Debian Security Advisory DSA 946-2 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...
DSA-946-2 sudo - missing input sanitising
Bulletin has no description...
OpenVPN VPN client code execution
Server can transmit environment variables to the clients, including e.g. LDPRELOAD...
openvpn -- LD_PRELOAD code execution on client through malicious or compromised server
Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...