CVE-2005-3146

StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files...

CVE-2005-2425

CVE-2005-2425 describes a stack-based buffer overflow in Ares FileShare 1.1 . An attacker can trigger the overflow via a (1) long history parameter in the configuration file (ares.conf) or (2) a long search string, potentially allowing remote code execution or elevation of privileges for local us...

CVE-2005-2449

Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp...

security flaw

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete...

Qpopper: Multiple Vulnerabilities

Background Qpopper is a widely used server for the POP3 protocol. Description Jens Steube discovered that Qpopper doesn't drop privileges to process local files from normal users CAN-2005-1151. The upstream developers discovered that Qpopper can be forced to create group or world writeable files...

Microsoft Object Management DoS Vulnerability

Overview Microsoft Object Management code has a buffer overflow vulnerability that can cause a system to reboot. Description A buffer overflow vulnerability in Microsoft Object Management code exists that could be attacked by sending specially crafted requests locally on an affected operating...

Linux Kernel 2.4.x2.6.x - BlueTooth Signed Buffer Index Privilege Escalation (1)

Linux Kernel 2.4.x2.6.x - BlueTooth Signed Buffer Index Privilege Escalation 1 / EDB Note: Update can be found here https://www.exploit-db.com/exploits/926/ source: https://www.securityfocus.com/bid/12911/info A local signed-buffer-index vulnerability affects the Linux kernel because it fails to...

[SECURITY] [DSA 692-1] New kppp packages fix privileged file descriptor leak

-------------------------------------------------------------------------- Debian Security Advisory DSA 692-1 [email protected] http://www.debian.org/security/ Martin Schulze March 8th, 2005 http://www.debian.org/security/faq -...

GLSA-200503-01 : Qt: Untrusted library search path

The remote host is affected by the vulnerability described in GLSA-200503-01 Qt: Untrusted library search path Tavis Ormandy of the Gentoo Linux Security Audit Team has discovered that Qt searches for shared libraries in an untrusted, world-writable directory. Impact : A local attacker could crea...

Mandrake Linux Security Advisory : uim (MDKSA-2005:046)

Takumi ASAKI discovered that uim always trusts environment variables which can allow a local attacker to obtain elevated privileges when libuim is linked against an suid/sgid application. This problem is only exploitable in 'immodule for Qt' enabled Qt applications. The updated packages are patch...

[SECURITY] [DSA 684-1] New typespeed packages fix arbitrary group games code execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 684-1 [email protected] http://www.debian.org/security/ Martin Schulze February 16th, 2005 http://www.debian.org/security/faq -...

HP-UX PHCO_29382 : HP-UX uucp(1) and uusub(1), Local Increase in Privilege (HPSBUX00262 SSRT3461 rev.2)

s700800 11.11 uucp1 cumulative patch : uusub1 and uucp1 have potential buffer overflows. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and patch checks in this plugin were extracted from HP patch PHCO29382. The text itself is copyright C Hewlett-Packard Development...

Debian DSA-684-1 : typespeed - format string

Ulf Harnhammar from the Debian Security Audit Project discovered a problem in typespeed, a touch-typist trainer disguised as game. This could lead to a local attacker executing arbitrary code as group games. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...

[SECURITY] [DSA 679-1] New toolchain-source package fixes insecure temporary files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 679-1 [email protected] http://www.debian.org/security/ Martin Schulze February 14th, 2005 http://www.debian.org/security/faq -...

Debian DSA-679-1 : toolchain-source - insecure temporary files

Sean Finney discovered several insecure temporary file uses in toolchain-source, the GNU binutils and GCC source code and scripts. These bugs can lead a local attacker with minimal knowledge to trick the admin into overwriting arbitrary files via a symlink attack. The problems exist inside the...

GLSA-200501-35 : Evolution: Integer overflow in camel-lock-helper

The remote host is affected by the vulnerability described in GLSA-200501-35 Evolution: Integer overflow in camel-lock-helper Max Vozeler discovered an integer overflow in the camel-lock-helper application, which is installed as setgid mail by default. Impact : A local attacker could exploit this...

[SECURITY] [DSA 673-1] New evolution packages fix arbitrary code execution as root

-------------------------------------------------------------------------- Debian Security Advisory DSA 673-1 [email protected] http://www.debian.org/security/ Martin Schulze February 10th, 2005 http://www.debian.org/security/faq -...

security flaw

Multiple buffer overflows in enscript 1.6.3 allow remote attackers or local users to cause a denial of service application crash...

DSA-660-1 kdebase - missing return value check

Bulletin has no description...

Mandrake Linux Security Advisory : playmidi (MDKSA-2005:010)

Erik Sjolund discovered a buffer overflow in playmidi that could be exploited by a local attacker if installed setuid root. Note that by default Mandrakelinux does not ship playmidi installed setuid root. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks...