Oracle Internet Directory LDAP Daemon does not check write permissions properly

Overview The Oracle LDAP Daemon oidldapd version 2.1.1.1, which ships with Oracle version 8i for Linux version 8.1.7, does not check write permissions properly. This can allow a local user to delete or write to any file on the system. Description The Oracle LDAP Daemon oidldapd version 2.1.1.1 do...

Релеинг через poprelayd (message relaying)

Можно обмануть защиту от релеинга через Pop-before-smtp подменив запись в лог-файле...

Проблема с лог-файлом в Samba (directory traversal)

При использовании лог-файлов с именами соответствующими NETBIOS-именам компьютером, если имся компьютера содержит ../ - будет перезаписан файл в директории более высокого уровня. NETBIOS-имя может содержать до 15 символов...

[SECURITY] [DSA-065-1] samba remote file append/creation problem

Package : samba Problem type : remote file append/creation Debian-specific: no Michal Zalewski discovered that samba does not properly validate NetBIOS names from remote machines. By itself that is not a problem, except if Samba is configure to write log-files to a file that includes the NetBIOS...

CVE-2001-0415

REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts...

Дырка в perfmon под SunOS

Некорректная работа с лог-файлом позволяет переписать любой системный файл...

Junsoft JSparm 4.0 - Logging Output File

source: https://www.securityfocus.com/bid/2515/info JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation interface. A problem with the package...

Проблемы в Redi (cleartext password)

Пароль в текстовом виде попадает в открытый log-файл...

Проблемы в ssh1 (remote password brute forcing)

Сообщения о неудачных попытках входа не попадают в лог-файл...

CVE-2001-0079

Support Tools Manager STM A.22.00 for HP-UX allows local users to overwrite arbitrary files via a symlink attack on the toolstat.txt log file...

Проблемы в mysql на Red Hat

некорректные разрешения на log-файл приводят к возможности их просмотра пользователем, в частности видна информация о паролях в открытом тексте...

mysqld log file

Tested on Red Hat 7.0: narrow@tornado /$ cat /var/log/mysqld.log | grep "Password=PASSWORD" 001225 21:08:18 7 Query UPDATE user SET Password=PASSWORD'rewt' WHERE user='root' narrow@tornado /$ Here we have the password for user 'root'. -- Narrow - [email protected] - http://www.zone.ee/unix/ - Esto...

Vulnerabilities in Informix Webdriver

Webdriver is the web interface of Informix database,I found it is vulnerable.In the common condition,webdriver is submitted with a parameter,but if you type http://victim/cgi-bin/webdriver directly, It will return a webpage which you can modify or delete database on it. Otherwise, webdriver will...

Дырка в Informix Webdriver

доступ к веб-интерфейсу управления базами данных без авторизации. Кроме того, уязвимость символьных линков при создании лог-файла...

Дырка в oidldapd in из Oracle 8.1.7

Классическое переполнение буфера позволяет локальному пользователю получить привилегии root. Кроме того лог-файл создается без проверки символьных линков в открытой на запись директории...

vulnerability #2 in Oracle Internet Directory 2.1.1.1 in Oracle 8.1.7

This Feature seems to be new with oidldapd in OID 2.1.1.1/8.1.7 i couldnt reproduce with oidldapd in OID 2.0.6.3 and seems to be very dangerous. Look at this. In my system occurs the next: my ORACLEHOME=/work/oracle8ir3 oracle@dimoniet bin$ cd /work/oracle8ir3/ldaplog oracle@dimoniet log$ ls -alc...

Дырка в STM из HP-UX

Сождается лог-файл без проверки символьных линков...

HP-UX 10.20 - registrar Local Arbitrary File Read

HP-UX 10.20 - registrar Local Arbitrary File Read source: https://www.securityfocus.com/bid/1919/info The registrar service that ships with version 10.20 possibly others of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. T...

Samba 2.0.7 - SWAT Logfile Permissions

Samba 2.0.7 - SWAT Logfile Permissions source: https://www.securityfocus.com/bid/1874/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is...

Samba 2.0.7 - SWAT Logfile Permissions

source: https://www.securityfocus.com/bid/1874/info The Samba software suite is a collection of programs that implements the SMB protocol for unix systems, allowing you to serve files and printers to Windows, NT, OS/2 and DOS clients. This protocol is sometimes also referred to as the LanManager ...