4824 matches found
AlsaPlayer 0.99.71 - Local Buffer Overflow
AlsaPlayer 0.99.71 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/5767/info Alsaplayer is a PCM player that utilizes the ALSA libraries and drivers. It is availabe for Linux and Unix platforms. A vulnerability has been discovered in Alsaplayer. By specifying an overly long...
HP Tru64 UNIX "mailcv" contains buffer overflow (SSRT2193)
Overview The HP Tru64 UNIX implementation of "mailcv" contains a locally exploitable buffer overflow. Description "mailcv" converts dxmail style folders to UNIX style folders. A locally exploitable buffer overflow in "mailcv" may permit a local attacker to gain elevated privileges and execute...
HP Tru64 UNIX "dxsysinfo" contains buffer overflow (SSRT2275)
Overview The HP Tru64 UNIX implementation of "dxsysinfo" contains a locally exploitable buffer overflow. Description "dxsysinfo" is used to monitor system resources. A locally exploitable buffer overflow in "dxsysinfo" may permit a local attacker to gain elevated privileges and execute arbitrary...
Trillian Instant Messaging 0.x - Credential Encryption
Trillian Instant Messaging 0.x - Credential Encryption // source: https://www.securityfocus.com/bid/5677/info The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services. The credentials are encrypted by using XOR with a stat...
HP Tru64 UNIX "binmail" contains buffer overflow (SSRT0796U)
Overview The HP Tru64 UNIX implementation of "binmail" contains a locally exploitable buffer overflow. Description "binmail" is used to send and display mail messages. A locally exploitable buffer overflow in "binmail" may permit a local attacker to gain elevated privileges and execute arbitrary...
AFD 1.2.x - Working Directory Local Buffer Overflow / Local Privilege Escalation
/ source: https://www.securityfocus.com/bid/5626/info AFD Automatic File Distributor is prone to a number of locally exploitable stack and heap based buffer overflow conditions. These issues are all related to insufficient bounds checking of externally supplied values for the working directory,...
HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (1)
HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow 1 source: https://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered...
CVE-2001-1177
CVE-2001-1177 affects the Samsung ML-85G GDI printer driver prior to version 0.2.0. The vulnerability arises from a symlink attack on temporary files, allowing a local attacker to overwrite arbitrary files. The impact is described as a local/privilege-bypass style risk with complete confidentiali...
CVE-2002-0070
Buffer overflow in Windows Shell used as the Windows Desktop allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled...
CVE-2002-0552
Multiple buffer overflows in Melange Chat server 2.02 allow remote or local attackers to cause a denial of service crash and possibly execute arbitrary code via 1 a long argument in the /yell command, 2 long lines in the /etc/melange.conf configuration file, 3 long file names, or possibly other...
QNX RTOS 4.256.1 - phgrafx Local Privilege Escalation
QNX RTOS 4.256.1 - phgrafx Local Privilege Escalation source: https://www.securityfocus.com/bid/4915/info The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other...
QNX RTOS 4.25 - CRTTrap File Disclosure
QNX RTOS 4.25 - CRTTrap File Disclosure source: https://www.securityfocus.com/bid/4901/info The QNX RTOS crttrap binary includes a command-line option for specifying a configuration file. crttrap is installed setuid by default. crttrap Local attackers may specify an arbitrary system file in place...
QNX RTOS 4.25 - monitor Arbitrary File Modification
source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...
CVE-2002-0204
Buffer overflow in GNU Chess gnuchess 5.02 and earlier, if modified or used in a networked capacity contrary to its own design as a single-user application, may allow local or remote attackers to execute arbitrary code via a long command...
Computer Associates MLink "mllock" command vulnerable to buffer overflow via long string of characters
Overview A locally exploitable buffer overflow exists in mllock. Description CA-MLINK is a managed data transport service. For more information about CA-MLINK, please see the product brochure. Based on a public report, it appears there is a locally exploitable buffer overflow in the mllock comman...
CVE-2001-1243
Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service crash via 1 creating an ASP program that uses Scripting.FileSystemObject to open a file with an MS-DOS device name, or 2 remotely injecting the device name into ASP...
CVE-2002-0272
The CVE-2002-0272 issue affects mpg321 before 0.2.9, with a buffer overflow in the network streaming code. A long URL can be crafted via (1) a command line option, (2) an HTTP request, or (3) an FTP request to trigger arbitrary code execution. The vulnerability is exploitable locally or remotely ...
CVE-2002-0279
CVE-2002-0279 affects HP-UX 11.11 on HP 9000 servers, where the kernel incorrectly supplies arguments to setrlimit. This could let a local attacker cause a kernel panic (DoS) and potentially gain privileges. HP’s security bulletin #0183 recommends applying patch PHKL_26233 (and reboot) for affect...
IRIX /dev/ipfilter Denial of Service vulnerability
-----BEGIN PGP SIGNED MESSAGE----- SGI Security Advisory Title: /dev/ipfilter Denial of Service vulnerability Number: 20020408-01-I Date: April 30, 2002 Reference: CAN-2002-0172 - ----------------------- - --- Issue Specifics --- - ----------------------- SGI has determined that the default...
CVE-2002-0041
CVE-2002-0041 affects SGI Mail for IRIX 6.5 through 6.5.15f (and possibly earlier) and is triggered when the -R option is used, allowing local and remote attackers to cause a core dump. The available sources identify the affected software as Mail for SGI IRIX and describe the vulnerability as a f...