4561 matches found
CVE-2007-6211
Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...
CVE-2007-6211
Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...
CVE-2007-6211
Send ICMP Nasty Garbage sing on Debian GNU/Linux allows local users to append to arbitrary files and gain privileges via the -L output log file option. NOTE: this issue is only a vulnerability in limited environments, since sing is not installed setuid, and the administrator would need to overrid...
DEBIAN-CVE-2007-5686
initscripts in rPath Linux 1 sets insecure permissions for the /var/log/btmp file, which allows local users to obtain sensitive information regarding authentication attempts. NOTE: because sshd detects the insecure permissions and does not log certain events, this also prevents sshd from logging...
Directory traversal
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting code into an Apache log file...
CVE-2007-4641
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting code into an Apache log file...
CVE-2007-4641
Directory traversal vulnerability in index.php in Pakupaku CMS 0.4 and earlier allows remote attackers to include and execute arbitrary local files via a .. dot dot in the page parameter, as demonstrated by injecting code into an Apache log file...
IPSwitch WS_FTP crossite scripting
Crossite scripting with log file entries in Web interface...
[Full-disclosure] Ipswitch FTP XSS leads to FTP server compromise
VDA Labs Advisory: -------------------------- Ipswitch FTP XSS leads to FTP server compromise. The Vendor has been notified, and given the PoC. Synopsis: ------------ There is XSS vulnerability when the WSFTP server logs client FTP commands. All user commands are logged. When the FTP command is...
CVE-2007-4271
Directory traversal vulnerability in IBM DB2 UDB 8 before Fixpak 15 and 9.1 before Fixpak 3 allows local users to create arbitrary files via a .. dot dot in an unspecified environment variable, which is appended to "/tmp/" and used as a log file. NOTE: this issue might be related to symlink...
CVE-2007-4271
CVE-2007-4271 affects IBM DB2 Universal Database 8 (before Fixpak 15) and 9.1 (before Fixpak 3). Local attackers can cause directory traversal by an environment variable appended to /tmp/ for log file creation, enabling arbitrary file creation and potential privilege escalation via setuid-root bi...
Altiris Deployment Solution Aclient Process (aclient.exe) Log File Viewer Local Privilege Escalation
The version of the Altiris Client Agent aclient installed on the remote host reportedly contains a flaw whereby local users can use the Log File Viewer to open or execute files on the affected host with SYSTEM privileges. C Tenable Network Security, Inc. include"compat.inc"; if description...
Design/Logic Flaw
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 6.8.378 allows local users to gain local System privileges via the Log File Viewer...
CVE-2007-4380
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 6.8.378 allows local users to gain local System privileges via the Log File Viewer...
CVE-2007-4380
Aclient in Symantec Altiris Deployment Solution 6 before 6.8 SP2 6.8.378 allows local users to gain local System privileges via the Log File Viewer...
CVE-2007-4380
CVE-2007-4380 affects Symantec Altiris Deployment Solution 6.x prior to 6.8 SP2 (build 6.8.378) where the Aclient Log File Viewer enables local users to gain SYSTEM privileges. The vulnerability is described as a local privilege escalation via the Log File Viewer in the Altiris client (aclient). ...
CVE-2007-4321
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol versi...
Design/Logic Flaw
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol versi...
CVE-2007-4323
DenyHosts 2.6 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol version...
CVE-2007-4321
fail2ban 0.8 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a client protocol versi...