7481 matches found
Progress Database 9.1 - Environment Variable Privilege Escalation
Progress Database 9.1 - Environment Variable Privilege Escalation // source: https://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress...
Viewpoint Server
------------------------------- Application: Viewpoint Server Vendor: DS Ltd Language: Shell OS: Unixes Discovered: Ben Maynard bmaynardatvoodooxdotnet ------------------------------- Application Description: Viewpoint server is a web application that allow users to view catalogs at their local...
CVE-2002-0512
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LDLIBRARYPATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries...
CVE-2003-0028
Integer overflow in the xdrmemgetbytes function, and possibly other functions, of XDR external data representation libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different...
CVE-2003-0028
Integer overflow in the xdrmemgetbytes function, and possibly other functions, of XDR external data representation libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different...
DEBIAN-CVE-2003-0028
Integer overflow in the xdrmemgetbytes function, and possibly other functions, of XDR external data representation libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different...
Cryptographic libraries and applications do not adequately defend against timing attacks
Overview Cryptographic libraries and applications do not provide adequate defense against a side-channel timing attack against RSA private keys. Such an attack has been shown to be practical using currently available hardware on systems and networks with sufficiently low variance in latency...
CVE-2003-0028
Integer overflow in the xdrmemgetbytes function, and possibly other functions, of XDR external data representation libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different...
CVE-2003-0028
Integer overflow in the xdrmemgetbytes function, and possibly other functions, of XDR external data representation libraries derived from SunRPC, including libnsl, libc, glibc, and dietlibc, allows remote attackers to execute arbitrary code via certain integer values in length fields, a different...
CVE-2003-0028
Technical details about CVE-2003-0028 are not present in the provided documents. The connected sources reference the CVE in Debian/OpenVAS advisories but do not specify affected products, root cause, versions, impact, or fixes.
EEYE: XDR Integer Overflow
XDR Integer Overflow Release Date: March 19, 2003 Severity: High Remote Code Execution/Denial of Service Systems Affected: Sun Microsystems Network Services Library libnsl BSD-derived libraries with XDR/RPC routines libc GNU C library with sunrpc glibc Description: XDR is a standard for the...
Vulnerability in OpenSSL
Dan Boneh and I have been researching timing attacks against software crypto libraries. Timing attacks are usually used to attack weak computing devices such as smartcards. We've successfully developed and mounted timing attacks against software crypto libraries running on general purpose PC's. W...
DEBIAN-CVE-2002-1146
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary "read buffer...
Multiple bugs in XFree86
User's directory in search path for shared libraries for suid applications, shared memory acces via MIT-SHM...
Domain Name System (DNS) resolver libraries vulnerable to read buffer overflow
Overview DNS stub resolvers from multiple vendors contain a buffer overflow vulnerability. The impact of this vulnerability appears to be limited to denial of service. Description A read buffer overflow vulnerability exists in BIND 4 and BIND 8.2.x stub resolver libraries. Other resolver librarie...
TRU64 formal disclosure from Snosoft.
====================================================================== Strategic Reconnaissance Team Security AdvisorySRT2002-09 Topic: Compaq Tru64 Unix Mulitple Buffer Overflows Vendor: HP/Compaq Release Date: 09/04/2002 Author: [email protected] Primary Research by: [email protected]...
HP Tru64 UNIX contains buffer overflow in libc libraries (SSRT2257)
Overview The HP Tru64 Unix operating system contains multiple buffer overflow vulnerabilities. Description A vulnerability exists in the way in which the libc libraries handle environment variables in the HP Tru64 UNIX operating system. As a result, local attackers may be able to execute arbitrar...
Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries
CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries Original release date: June 28, 2002 Last revised: -- Source: CERT/CC A complete revision history can be found at the end of this file. Systems Affected Applications using vulnerable implementations of the Domain Name...
CVE-2001-0976
Vulnerability in HP Process Resource Manager PRM C.01.08.2 and earlier, as used by HP-UX Workload Manager WLM, allows local users to gain root privileges via modified libraries or environment variables...
CVE-2001-0976
HP Process Resource Manager (PRM) C.01.08.2 and earlier, used by HP-UX Workload Manager (WLM), is vulnerable to local privilege escalation via manipulated libraries or environment variables. Root privileges can be gained by a local user due to the underlying insecure handling of library paths and...