4561 matches found
CVE-2006-0050
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file...
Design/Logic Flaw
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file...
CVE-2006-0050
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file...
DEBIAN-CVE-2006-0050
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file...
CVE-2006-0050
snmptrapfmt in Debian 3.0 allows local users to overwrite arbitrary files via a symlink attack on a temporary log file...
Code injection
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...
CVE-2006-1183
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...
CVE-2006-1183
Summary (CVE-2006-1183) : The Ubuntu 5.10 installer leaves passwords in the installer log (questions.dat) and creates world-readable logs, enabling local privilege escalation. Affected component: the Ubuntu 5.10 installer’s logging mechanism. Root cause: passwords are not cleared from logs and lo...
CVE-2006-1183
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...
CVE-2006-1183
The Ubuntu 5.10 installer does not properly clear passwords from the installer log file questions.dat, and leaves the log file with world-readable permissions, which allows local users to gain privileges...
USN-262-1: Ubuntu 5.10 installer password disclosure
Karl Øie discovered that the Ubuntu 5.10 installer failed to clean passwords in the installer log files. Since these files were world-readable, any local user could see the password of the first user account, which has full sudo privileges by default. The updated packages remove the passwords and...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Referer and 2 User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly usin...
CVE-2006-0846
Multiple cross-site scripting XSS vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Referer and 2 User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly usin...
CVE-2006-0846
Multiple cross-site scripting XSS vulnerabilities in Leif M. Wright's Blog 3.5 allow remote attackers to inject arbitrary web script or HTML via the 1 Referer and 2 User-Agent HTTP headers, which are stored in a log file and not sanitized when the administrator views the "Log" page, possibly usin...
CVE-2006-0829
Cross-site scripting vulnerability in E-Blah Platinum 9.7 allows remote attackers to inject arbitrary web script or HTML via the referer HTTPREFERER, which is not sanitized when the log file is viewed by the administrator using "Click Log"...
CVE-2006-0829
E-Blah Platinum 9.7 is affected by CVE-2006-0829: a Referer (HTTP_REFERER) XSS vulnerability in the log viewer (“Click Log”). The underlying issue is inadequate sanitization of the Referer leading to execution of arbitrary script when an administrator loads the Log. Reports indicate remote exploi...
Cross site scripting
Cross-site scripting XSS vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log...
CVE-2006-0683
Cross-site scripting XSS vulnerability in Virtual Hosting Control System VHCS 2.4.7.1 with v.1 patch and earlier allows remote attackers to inject arbitrary web script or HTML via the username, which is recorded in a log file but not properly handled when the administrator uses the admin log...
CVE-2006-0683
The vulnerability CVE-2006-0683 affects Virtual Hosting Control System (VHCS) 2.4.7.1 with patch v.1 and earlier, allowing remote attackers to inject arbitrary script/HTML via the username stored in a log file; the log is read by the administrator’s log utility, which does not properly handle the...
Buffer overflow
Buffer overflow in elogd.c in elog before 2.5.7 r1558-4 allows attackers to execute code via unspecified variables, when writing to the log file...