DSA-2006-1 sudo - several vulnerabilities

Bulletin has no description...

Mandriva Update for sudo MDVSA-2010:049 (sudo)

Check for the Version of sudo OpenVAS Vulnerability Test Mandriva Update for sudo MDVSA-2010:049 sudo Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the ter...

Portable Executable (PE) 16-bit File (CVE-2010-0232; CVE-2011-2003)

An elevation of privilege vulnerability exists in the Windows Kernel due to the way the kernel handles certain exceptions. The Windows Kernel is the core of the operating system. It provides system level services such as device management and memory management, allocates processor time to...

Mandriva Linux Security Advisory : sudo (MDVSA-2010:049)

A vulnerability has been found and corrected in sudo : sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain...

DEBIAN-CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

CVE-2010-0426

CVE-2010-0426 affects sudo 1.6.x < 1.6.9p21 and 1.7.x

CVE-2010-0426

sudo 1.6.x before 1.6.9p21 and 1.7.x before 1.7.2p4, when a pseudo-command is enabled, permits a match between the name of the pseudo-command and the name of an executable file in an arbitrary directory, which allows local users to gain privileges via a crafted executable file, as demonstrated by...

America Online ICQ ActiveX Control DownloadAgent Function Code Execution (CVE-2006-5650)

The AOL ICQ product is a messaging application widely used by home users and in small to medium size companies. The messenger application ships with various extra features in addition to its regular function of text message exchanges. One such feature introduced in the ICQ clients is the ability ...

CVE-2010-0366

Multiple unrestricted file upload vulnerabilities in 1 register.php and 2 addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a...

CVE-2010-0366

Multiple unrestricted file upload vulnerabilities in 1 register.php and 2 addvideo.php in BitScripts Bits Video Script 2.04 and 2.05 Gold Beta allow remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in a...

Panda Global Protection / Panda Internet Security weak security permissions

Weak permissions for executable files...

Critical PowerDNS Recursor Security Vulnerabilities: please upgrade ASAP to 3.1.7.2

Dear PowerDNS Users, Two major vulnerabilities have recently been discovered in the PowerDNS Recursor all versions up to and including 3.1.7.1. Over the past two weeks, these vulnerabilities have been addressed, resulting in PowerDNS Recursor 3.1.7.2. Given the nature and magnitude of these...

AwingSoft Winds3D Player 3.5 SceneURL Download and Execute

$Id: awingsoftwinds3dsceneurl.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use...

Firefox Image File Dragging Malformed Extension (CVE-2005-0230)

The Mozilla web browser and its derivatives, Firefox, Netscape, and K-Meleon are applications designed for tasks related to browsing the web, such as displaying HTML encoded pages and downloading files. The Mozilla web browser allows the user to quickly save images displayed on web pages by...

Microsoft Windows Media Player Arbitrary File Download (MS03-017; CVE-2003-0228)

Microsoft Windows Media Player is an application that is used to play various media files, such as those compressed with AVI, MP3, MPG formats and so on. Windows Media Player runs on the Microsoft Windows operating system. Windows Media Player has the ability to change its user interface and...

Microsoft IIS Filename Extension Parsing Security Bypass (CVE-2009-4444)

A security bypass vulnerability has been discovered in Microsoft Internet Information Services IIS. The vulnerability is due to an error in the IIS service that incorrectly parses filenames that contain a semicolon character when determining the MIME type based on the filename extension. An...

CVE-2009-4412

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of...

CVE-2009-4412

Unrestricted file upload vulnerability in Serendipity before 1.5 allows remote authenticated users to execute arbitrary code by uploading a file with an executable extension followed by a safe extension, then accessing it via a direct request to the file in an unspecified directory. NOTE: some of...