ghostscript: CWD included in the default library search path

Untrusted search path vulnerability in Ghostscript 8.62 allows local users to execute arbitrary PostScript code via a Trojan horse Postscript library file in Encoding/ under the current working directory, a different vulnerability than CVE-2010-2055...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability (Linux)

The host is installed with VMWare Workstation local privilege escalation vulnerability. OpenVAS Vulnerability Test $Id: gbvmwareworkstationlocprevesclvulnlin.nasl 7044 2017-09-01 11:50:59Z teissa $ VMware Workstation 'vmrun' Library Path Privilege Escalation Vulnerability Linux Authors: Antu Sana...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

Server: use of insecure LD_LIBRARY_PATH settings

The 1 backup and restore scripts, 2 main initialization script, and 3 ldap-agent script in 389 Directory Server 1.2.x aka Red Hat Directory Server 8.2.x place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

OpenJDK Launcher incorrect processing of empty library path entries (6983554)

Unspecified vulnerability in the Java Runtime Environment JRE in Oracle Java SE and Java for Business 6 Update 23 and earlier for Solaris and Linux; 5.0 Update 27 and earlier for Solaris and Linux; and 1.4.229 and earlier for Solaris and Linux allows local standalone applications to affect...

rgmanager: insecure library loading vulnerability

The 1 SAPDatabase and 2 SAPInstance scripts in OCF Resource Agents aka resource-agents or cluster-agents 1.0.3 in Linux-HA place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting

soffice in OpenOffice.org OOo 3.x before 3.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

OpenOffice.org: soffice insecure LD_LIBRARY_PATH setting

soffice in OpenOffice.org OOo 3.x before 3.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

Mozilla unsafe library loading flaw

A certain application-launch script in Mozilla Firefox before 3.5.14 and 3.6.x before 3.6.11, Thunderbird before 3.0.9 and 3.1.x before 3.1.5, and SeaMonkey before 2.0.9 on Linux places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan hor...

UBUNTU-CVE-2010-4005

The 1 tomboy and 2 tomboy-panel scripts in GNOME Tomboy 1.5.2 and earlier place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: vector 1 exists because of an incorrect fix for...

UBUNTU-CVE-2010-4001

DISPUTED GMXRC.bash in Gromacs 4.5.1 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory. NOTE: CVE disputes this issue because the GMXLDLIB value is always added to th...

DEBIAN-CVE-2010-3999

gnc-test-env in GnuCash 2.3.15 and earlier places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

PT-2010-5231 · Gromacs Development Team · Gromacs

Name of the Vulnerable Software and Affected Versions: Gromacs versions 4.5.1 and earlier Description: The issue allows local users to gain privileges via a Trojan horse shared library in the current working directory. This is due to GMXRC.bash placing a zero-length directory name in the LD LIBRA...

DEBIAN-CVE-2010-3393

magics-config in Magics++ 2.10.0 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

DEBIAN-CVE-2010-3384

The 1 torcs, 2 nfsperf, 3 accc, 4 texmapper, 5 trackgen, and 6 nfs2ac scripts in TORCS 1.3.1 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

DEBIAN-CVE-2010-3363

roarify in roaraudio 0.3 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

DEBIAN-CVE-2010-3394

The 1 texmacs and 2 tmmupadhelp scripts in TeXmacs 1.0.7.4 place a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...

DEBIAN-CVE-2010-3385

TuxGuitar 1.2 places a zero-length directory name in the LDLIBRARYPATH, which allows local users to gain privileges via a Trojan horse shared library in the current working directory...