security flaw

The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the 1 dexinit, 2 snbeninit, 3 snbruinit, 4 spellinit, and 5 syninit functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service application crash and possibly have other...

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

security flaw

PHP 4.0 with cURL functions allows remote attackers to bypass the openbasedir setting and read arbitrary files via a file: URL argument to the curlinit function...

HP-UX Security patch : PHCO_12344

The remote host is missing HP-UX Security Patch number PHCO12344 . Security Bulletin for mediainit1 in HP-UX 9.X and 10.X %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc'; include'compat.inc'; ifdescription scriptid16694;...

CVE-2004-1115

The init scripts in Search for Extraterrestrial Intelligence SETI project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs...

CVE-2004-1116

CVE-2004-1116 affects Great Internet Mersenne Prime Search (GIMPS) 23.9 and earlier, where init scripts run user-owned binaries with root privileges. This enables local privilege escalation if a user can modify the programs, as described in NVD, CVE listings, and Gentoo GLSA 200411-26. The OpenVA...

CVE-2004-1115

The init scripts in Search for Extraterrestrial Intelligence SETI project 3.08-r3 and earlier execute user-owned programs with root privileges, which allows local users to gain privileges by modifying the programs...

Tomcat: Insecure installation

Background Tomcat is the Apache Jakarta Project's official implementation of Java Servlets and Java Server Pages. Description The Gentoo ebuild for Tomcat sets the ownership of the Tomcat init scripts as tomcat:tomcat, but those scripts are executed with root privileges when the system is started...

security flaw

The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during execution of the zendhashinit function and overwriting a...

security flaw

The memorylimit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3, under certain conditions such as when registerglobals is enabled, allows remote attackers to execute arbitrary code by triggering a memorylimit abort during execution of the zendhashinit function and overwriting a...

PT-2004-1690 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions 4.3.7 and prior PHP versions 5.0.0RC3 and prior Description: The issue allows remote attackers to execute arbitrary code under certain conditions, such as when register globals is enabled. This is achieved by triggering a memory...

Console Root On OSX up to 10.2.8

On all versions of OSX up to and including 10.2.7 and possibly 10.2.8, init can be crashed using a USB keyboard by holding down CTRL-C immediately after boot, and keeping it held down. Init crashes two or three minutes into the boot process and drops you into a root shell. At this point, you can ...

DEBIAN-CVE-2003-0773

saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANENETINIT RPC call, which allows remote attackers to use that call even if they are restricted in saned.conf...

Уязвимость init-скрипта в linux

Скрипт стартует с umask 022, в результате все создаваемые файлы открыты на запись...

2.4.x/Slackware Init script vulnerability

I posted this to the linux kernel mailing last Friday, July 13th 2001: Submitted by : Josh [email protected], lockdown [email protected] on July 16th, 2001 Vulnerability : /lib/modules/2.4.5/modules.dep Tested On : Slackware 8.0. 2.4.5 Local : Yes Remote : No Temporary Fix : umask 022 at...

PT-2013-6355 · Openssh +4 · Openssh +4

Name of the Vulnerable Software and Affected Versions: OpenSSH versions 6.2 through 6.3 Description: The issue allows remote authenticated users to bypass intended ForceCommand and login-shell restrictions via packet data that provides a crafted callback address. This is due to the mm newkeys fro...