CVE-2008-2613

CVE-2008-2613 affects Oracle Database 10.2.0.4 and 11.1.0.6, via the Database Scheduler: local, unprivileged user can exploit an untrusted library path (libclntsh.so or libnnz10.so) to gain privileges. Affected patches are part of the July 2008 CPU; remediation is to apply the CPU fixes (10.2.0.4...

CVE-2008-2578

CVE-2008-2578 concerns Oracle WebLogic Server (BEA Product Suite) with an unspecified vulnerability in WebLogic Server components for BEA WebLogic Suite 9.2 MP1 and 10.0. The connected sources describe it as an unspecified information disclosure vulnerability with local attack vectors and no expl...

CVE-2008-2587

Unspecified vulnerability in the Advanced Replication component in Oracle Database 9.0.1.5 FIPS+, 9.2.0.8, 9.2.0.8DV, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors...

CVE-2008-2578

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 10.0 and 9.2 MP1 has unknown impact and local attack vectors...

CVE-2008-2576

Unspecified vulnerability in the WebLogic Server component in Oracle BEA Product Suite 9.2, 9.1, 9.0, and 8.1 SP6 has unknown impact and local attack vectors...

Download Accelerator Plus - DAP 8.x (m3u) Local BOF Exploit 0day

Exploit for unknown platform in category local exploits ================================================================ Download Accelerator Plus - DAP 8.x m3u Local BOF Exploit 0day ================================================================ !/usr/bin/python Download Accelerator Plus - DAP...

Gnome Screensaver本地信息泄漏漏洞

BUGTRAQ ID: 30096 CVE ID：CVE-2007-6389 CNCVE ID：CNCVE-20076389 Gnome Screensaver是一款屏幕保护管理程序。 Gnome Screensaver存在信息泄漏问题，本地攻击者可以利用漏洞获得剪贴板中的敏感信息。 屏幕保护管理程序包含一个功能，允许在返回解锁会话时返回消息给登录用户，物理能访问系统的攻击者可以通过Ctrl+V并使用点鼠标中键在解锁会话时获得剪贴板内容信息，导致敏感信息泄漏。 Linux kernel 2.6.26 -rc6 Linux kernel 2.6.25 .5 Linux kernel...

Deterministic Network Extender dne2000.sys驱动本地权限提升漏洞

BUGTRAQ ID: 29772 Deterministic Network Enhancer（DNE）是用于扩展Windows联网栈的软件包。 DNE的驱动程序实现上存在漏洞，本地攻击者可以通过对DNE驱动（dne2000.sys）发送特制的IOCTL请求导致以内核级权限执行任意指令。 Citrix Deterministic Network Extender 2.21.7.233 - 3.21.7.17464 Citrix ------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure

Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure source: https://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain...

Apple Mac OS X AppleScript ARDAgent Shell Local Privilege Escalation Vulnerability

Description Mac OS X is prone to a local privilege-escalation vulnerability affecting ARDAgent Apple Remote Desktop. Successful exploits allow local attackers to execute arbitrary code with superuser privileges, completely compromising the affected computer. This issue is confirmed to affect Mac ...

Folder Lock 5.9.5 - Weak Password Encryption Local Information Disclosure

source: https://www.securityfocus.com/bid/30766/info Folder Lock is prone to an information-disclosure vulnerability because it stores credentials in an insecure manner. A local attacker can exploit this issue to obtain passwords used by the application, which may aid in further attacks. Folder...

IBM OS/400 'BrSmRcvAndCheck()'缓冲区溢出漏洞

BUGTRAQ ID: 29660 IBM OS/400是一款AS/400机器上的操作系统。 IBM OS/400 'BrSmRcvAndCheck'存在缓冲区溢出，本地攻击者可以利用漏洞对服务进行拒绝服务攻击。 问题是由于memcpy时对长度缺少检查，攻击者可以利用此问题是IPL bootstrap进程停止。 IBM OS/400 V6R1M0 IBM OS/400 V5R4M5 IBM OS/400 V5R4M0 可参考如下安全公告获得补丁信息：...

opensuse-updater符号链接本地信息泄漏漏洞

BUGTRAQ ID: 29608 CVE ID：CVE-2008-2389 CNCVE ID:CNCVE-20082389 opensuse-updater是一款类似apt-get的软件包更新实现。 opensuse-updater处理符号链接存在问题，本地攻击者可以利用漏洞获得敏感信息。 目前没有详细漏洞细节提供。 S.u.S.E. opensuse-updater 0 S.u.S.E. openSUSE 10.2 SUSE-SR:2008:012已经修正此漏洞：...

Linux Kernel fcntl_setlk()函数本地竞争条件漏洞

BUGTRAQ ID: 29076 CVECAN ID: CVE-2008-1669 Linux Kernel是开放源码操作系统Linux所使用的内核。 Linux kernel没有对fcntl功能应用某些保护机制，本地攻击者可以在SMP系统上利用fcntlsetlk与close调用之间的竞争条件获得对文件描述符表的不正确序列访问，这可能导致拒绝服务的情况。 Linux kernel 2.6.25.2 Linux ----- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载：...

CVE-2008-1675

The bdxioctlpriv function in the tehuti driver tehuti.c in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory...

Design/Logic Flaw

The bdxioctlpriv function in the tehuti driver tehuti.c in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory...

CVE-2008-1675

The bdxioctlpriv function in the tehuti driver tehuti.c in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory...

CVE-2008-1675

The bdxioctlpriv function in the tehuti driver tehuti.c in Linux kernel 2.6.x before 2.6.25.1 does not properly check certain information related to register size, which has unspecified impact and local attack vectors, probably related to reading or writing kernel memory...

Design/Logic Flaw

Unspecified vulnerability in the Oracle Net Services component in Oracle Database 9.2.0.8, 10.1.0.5, and 10.2.0.3 has unknown impact and local attack vectors, aka DB09...

CVE-2008-1831

Multiple unspecified vulnerabilities in the Siebel SimBuilder component in Oracle Siebel Enterprise 7.8.2 and 7.8.5 have unknown impact and remote or local attack vectors, aka 1 SEBL01, 2 SEBL02, 3 SEBL03, 4 SEBL04, 5 SEBL05, and 6 SEBL06...