GnoRPM local /tmp vulnerability

While fixing other problems with the gnorpm package a locally exploitable security hole was found where a normal user could trick root running GnoRPM into writing to arbitary files due to a bug in the gnorpm tmp file handling. A new release of GnoRPM 0.95.1 is now available. This fixes significan...

Дырка в cvsweb

Атакующий, имеющий права на запись файлов может выполнить приложения...

ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed

ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed Apache::ASP http://www.nodeworks.com/asp/ had a security hole in its ./site/eg/source.asp distribution examples file, allowing a malicious hacker to potentially write to files in the directory local to the source.asp example script. The next versio...

Уязвимость файловой системы в AIX

При некоторых условиях пользователь может записать файл, даже не имея на это разрешений...

CVE-1999-0803

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack...

CVE-1999-0322

The open function in FreeBSD allows local attackers to write to arbitrary files...

Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write

The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...

CVE-1999-0135

admintool in Solaris allows a local user to write to arbitrary files and gain root access...

rlogin Service Detection

The rlogin service is running on the remote host. This service is vulnerable since data is passed between the rlogin client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If th...

rsh Service Detection

The rsh service is running on the remote host. This service is vulnerable since data is passed between the rsh client and server in cleartext. A man-in-the-middle attacker can exploit this to sniff logins and passwords. Also, it may allow poorly authenticated logins without passwords. If the host...

PT-1999-1615 · Ethereal · Ethereal

Name of the Vulnerable Software and Affected Versions: Ethereal affected versions not specified Description: The issue allows local users to overwrite arbitrary files via a symlink attack on the packet capture file. Recommendations: At the moment, there is no information about a newer version tha...

CVE-1999-0803

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack...

SGI IRIX 3456 OpenLinux 1.01.1 - routed traceon

SGI IRIX 3456 OpenLinux 1.01.1 - routed traceon // source: https://www.securityfocus.com/bid/2658/info routed is a daemon used to dynamically update network routing tables. Certain operating systems including IRIX 3.x up to 6.4 inclusive, Caldera OpenLinux 1.0 and 1.1 contain a routed version whi...

PT-1996-1026 · Kodak +1 · Kodak Color Management System +1

Name of the Vulnerable Software and Affected Versions: Kodak Color Management System KCMS on Solaris affected versions not specified Description: The issue allows a local user to write to arbitrary files and gain root access. Recommendations: At the moment, there is no information about a newer...