CVE-2001-0963

Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... modified dot dot in the CD CWD command...

CVE-2001-0378

CVE-2001-0378 affects OpenBSD readline prior to 4.1 (OpenBSD 2.8 and earlier). The vulnerability stems from creating readline history files with insecure permissions, allowing a local attacker to recover potentially sensitive information via history files. The NVD metrics list a base score of 2.1...

CVE-2001-0379

Technical details about CVE-2001-0379 are not publicly available in the provided documents. Monitor for updates.

CVE-1999-1125

Oracle Webserver 2.1 and earlier runs setuid root, but the configuration file is owned by the oracle account, which allows any local or remote attacker who obtains access to the oracle account to gain privileges or modify arbitrary files by modifying the configuration file...

CVE-1999-1133

HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via 1 vuefile, 2 vuepad, 3 dtfile, or 4 dtpad, which do not authenticate users...

CVE-1999-1549

Lynx 2.x is affected by CVE-1999-1549 due to not distinguishing internal vs external HTML. This can permit a local attacker to read a hidden, secure form value from a temporary file and craft a LYNXOPTIONS URL that causes Lynx to modify the user’s configuration file and execute commands. The PT S...

CVE-1999-1497

Ipswitch IMail 5.0 and 6.0 store e‑mail account passwords in registry keys using weak encryption, allowing local attackers to read passwords. Affected component: registry storage of credentials; Root cause: weak cryptography. Impact: local confidentiality and integrity compromise. CVSS base score...

CVE-1999-1499

The CVE-1999-1499 entry describes a local privilege issue in ISC BIND 4.9 and 8.1. It is triggered by a symlink attack on either named_dump.db (when root kills the process with SIGINT) or named.stats (when SIGIOT is used), allowing local users to destroy files via the symlink mechanism. The linke...

FreeBSD-SA-01:59.rmuser

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:59 Security Advisory FreeBSD, Inc. Topic: rmuser contains a race condition exposing /etc/master.passwd Category: core Module: rmuser Announced: 2001-09-04 Credits:...

CVE-2001-0579

lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command...

CVE-2001-0607

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than CVE-2000-0083...

CVE-2001-0556

The Nirvana Editor NEdit 5.1.1 and earlier allows a local attacker to overwrite other users' files via a symlink attack on 1 backup files or 2 temporary files used when nedit prints a file or portions of a file...

CVE-2001-0526

Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable...

Solaris 2.6/7/8 (SPARC) - xlock Heap Overflow

// source: https://www.securityfocus.com/bid/3160/info Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships with Solaris as part of OpenWindows...

CVE-2001-0595

Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMSPROFILES environment variable, e.g. as demonstrated using the kcmsconfigure program...

CVE-2001-0607

CVE-2001-0607 affects HP-UX 10.01–11.00 where the asecure program can be exploited by local attackers due to unsafe permissions on the asecure file, enabling denial of service and privilege escalation. The underlying issue is improper file permissions on the asecure component, allowing a local at...

CVE-2001-0610

CVE-2001-0610 affects KDE’s KFM (KDE File Manager) when used with KDE 1.x. A local attacker can exploit a symlink attack in KFM’s per-user cache directory under /tmp, where the directory is created without proper ownership checks or existence verification. This insecure handling enables potential...

CVE-2001-0587

The CVE-2001-0587 issue affects MMDF 2.43.3b on SCO OpenServer 5.0.6, where a buffer overflow in the first argument to the mail command allows a local attacker to gain additional privileges. Affected software: MMDF mail delivery program on SCO OpenServer 5.0.6. Root cause: buffer overflow in inpu...

CVE-2001-0568

CVE-2001-0568 affects Digital Creations Zope 2.3.1 b1 and earlier. A local attacker with through-the-web scripting capabilities can modify ZClasses class attributes, enabling possible unauthorized changes within the Zope instance. The vulnerability is documented in multiple advisories (Zope hotfi...

CVE-2001-0577

CVE-2001-0577 concerns a local-privilege escalation in SCO OpenServer 5.0–5.0.6, where a buffer overflow in the first command-line argument can allow a local attacker to gain additional privileges. The affected software is SCO OpenServer 5.0 through 5.0.6; the underlying cause is a buffer overflo...