1822 matches found
GLSA-200503-09 : xv: Filename handling vulnerability
The remote host is affected by the vulnerability described in GLSA-200503-09 xv: Filename handling vulnerability Tavis Ormandy of the Gentoo Linux Security Audit Team identified a flaw in the handling of image filenames by xv. Impact : Successful exploitation would require a victim to process a...
[Full-Disclosure] [ GLSA 200503-05 ] xli, xloadimage: Multiple vulnerabilities
Gentoo Linux Security Advisory GLSA 200503-05 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
DEBIAN-CVE-2004-0976
Multiple scripts in the perl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files...
Mandrake Linux Security Advisory : zhcon (MDKSA-2005:012)
Erik Sjolund discovered that zhcon accesses a user-controlled configuration file with elevated privileges which could make it possible to read arbitrary files. The updated packages have been patched to prevent these problems. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive te...
CVE-2004-1337
The POSIX Capability Linux Security Module LSM for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges...
CVE-2004-1337
The POSIX Capability Linux Security Module LSM for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges...
CVE-2004-0563
The tspc.conf configuration file in freenet6 before 0.9.6 and before 1.0 on Debian Linux has world readable permissions, which could allow local users to gain sensitive information, such as a username and password...
CVE-2004-1337
The POSIX Capability Linux Security Module LSM for Linux kernel 2.6 does not properly handle the credentials of a process that is launched before the module is loaded, which allows local users to gain privileges...
[ZH2004-19SA] Possible execution of remote shell commands in Opera with kfmclien
Author: Giovanni Delvecchio e-mail: [email protected] Original Advisory: http://www.zone-h.org/advisories/read/id=6503 Tested version: Opera 7.54 linux version with Kde 3.2.3 Problem: ======= Opera for linux uses "kfmclient exec" as "Default Application" to handle saved files. This could be...
RHEL 2.1 : kernel (RHSA-2004:505)
Updated kernel packages are now available as part of ongoing support and maintenance of Red Hat Enterprise Linux version 2.1. This is the sixth regular update. The Linux kernel handles the basic functions of the operating system. This is the sixth regular kernel update to Red Hat Enterprise Linux...
CVE-2004-0565
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit...
[Full-Disclosure] [ GLSA 200412-02 ] PDFlib: Multiple overflows in the included TIFF library
Gentoo Linux Security Advisory GLSA 200412-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
RX171104 Cscope v15.5 and minors - symlink vulnerability - advisory, exploit and patch.
| REXOTECdotCOM | |=-----= ADV RX171104 - Cscope :: Race condition on temporary file -----=| | | |=--- - INFORMATION ----------------------------------------------------------------------| VulnDiscovery: 2003/05/21 Release Date : 2004/11/17 Author : Gangstuck / Psirac [email protected]...
Mandrake Linux Security Advisory : gaim (MDKSA-2004:117)
A vulnerability in the MSN protocol handler in the gaim instant messenger application was discovered. When receiving unexpected sequences of MSNSLP messages, it is possible that an attacker could trigger an internal buffer overflow which could lead to a crash or even code execution as the user...
Mandrake Linux Security Advisory : gaim (MDKSA-2004:110)
More vulnerabilities have been discovered in the gaim instant messenger client. The vulnerabilities pertinent to version 0.75, which is the version shipped with Mandrakelinux 10.0, are: installing smiley themes could allow remote attackers to execute arbitrary commands via shell metacharacters in...
GLSA-200410-13 : BNC: Input validation flaw
The remote host is affected by the vulnerability described in GLSA-200410-13 BNC: Input validation flaw A flaw exists in the input parsing of BNC where part of the sbufgetmsg function handles the backspace character incorrectly. Impact : A remote user could issue commands using fake authenticatio...
Mandrake Linux Security Advisory : printer-drivers (MDKSA-2004:094)
The foomatic-rip filter, which is part of foomatic-filters package, contains a vulnerability that allows anyone with access to CUPS, local or remote, to execute arbitrary commands on the server. The updated packages provide a fixed foomatic-rip filter that prevents this kind of abuse. %NASLMINLEV...
linux/x86 portbind port 5074 + fork() 130 bytes
No description provided by source. / [email protected] 0x9abril0x7d2 syssocketcall 102 0x66 %eax, esta es nuestra rutina principal. En todas las subrutinas vamos a necesitar a: %eax = 0x66. Luego del archivo include/linux/net.h obtenemos la siguiente lista, echenle un vistazo. Entonces en...
Mandrake Linux Security Advisory : krb5 (MDKSA-2003:021)
A vulnerability was discovered in the Kerberos FTP client. When the client retrieves a file that has a filename beginning with a pipe character, the FTP client will pass that filename to the command shell in a system call. This could allow a malicious remote FTP server to write to files outside o...
Mandrake Linux Security Advisory : netpbm (MDKSA-2003:036)
Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While these programs are not installed suid root, they are often used to prepare data for processing. These errors may permit remote attackers to cause a denial of service or execute arbitrary code in any programs or scrip...