Lucene search
K

851 matches found

CVE
CVE
added 2005/12/16 11:0 a.m.48 views

CVE-2005-4278

CVE-2005-4278 is an Untrusted search path vulnerability affecting Perl prior to 5.8.7-r1 on Gentoo Linux. Local users in the portage group can gain privileges by placing a malicious shared object in the Portage temporary build directory, which is in RUNPATH. Connected advisories (GLSA 200510-14, ...

7.2CVSS6.3AI score0.00397EPSS
Exploits0References6Affected Software1
NVD
NVD
added 2005/12/08 1:3 a.m.23 views

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors...

7.2CVSS6.1AI score0.00371EPSS
Exploits0References7
CVE
CVE
added 2005/12/08 1:0 a.m.48 views

CVE-2005-4068

The CVE-2005-4068 entry concerns an unspecified absolute path vulnerability in the AIX utility umountall, affecting IBM AIX 5.1–5.3 with local-access implications (exact impact and vectors not disclosed in the provided documents). Connected sources identify vendor patches related to bos.rte.files...

7.2CVSS6.1AI score0.00371EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2005/12/08 1:0 a.m.21 views

CVE-2005-4068

Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors...

6.1AI score0.00371EPSS
Exploits0References7
CVE
CVE
added 2005/11/18 11:0 a.m.47 views

CVE-2005-2938

CVE-2005-2938 affects Apple iTunes for Windows (iTunesHelper.exe) prior to iTunes 6. The vulnerability is an unquoted Windows search path in iTunesHelper.exe, which could allow a local user to gain privileges by placing a malicious C:\program.exe. Affected versions include iTunes 4.7.1.30 and iTu...

7.2CVSS6.5AI score0.00386EPSS
Exploits0References3Affected Software1
CVE
CVE
added 2005/10/20 4:0 a.m.51 views

CVE-2005-3270

The CVE-2005-3270 entry concerns Symantec Norton AntiVirus 9.0.3 and a DiskMountNotify component. The vulnerability is an untrusted search path that allows local users to gain privileges by modifying the PATH to reference a malicious (1) ps or (2) grep file. This is a local privilege escalation i...

7.2CVSS6.9AI score0.00358EPSS
Exploits0References5Affected Software1
Tenable Nessus
Tenable Nessus
added 2005/06/10 12:0 a.m.28 views

Siteframe siteframe.php LOCAL_PATH Parameter Remote File Inclusion

The remote host is running Siteframe, an open source content management system using PHP and MySQL. The installed version of Siteframe does not properly sanitize the 'LOCALPATH' parameter of the 'siteframe.php' script before using it to include files. By leveraging this flaw, an attacker is able ...

7.5CVSS6AI score0.04046EPSS
Exploits1References3
CVE
CVE
added 2005/04/19 4:0 a.m.62 views

CVE-2005-1185

CVE-2005-1185 describes an unquoted Windows search path vulnerability in MusicMatch Jukebox versions up to 10.00.2047. Local users can gain privileges by placing a malicious C:\program.exe that is executed by MMFWLaunch.exe when it runs launch.exe. Affected software/function: MusicMatch Jukebox (...

4.6CVSS6.8AI score0.0034EPSS
Exploits0References4Affected Software1
exploitpack
exploitpack
added 2005/03/10 12:0 a.m.10 views

PY Software Active Webcam 4.35.5 - WebServer Multiple Vulnerabilities

PY Software Active Webcam 4.35.5 - WebServer Multiple Vulnerabilities source: https://www.securityfocus.com/bid/12778/info Active Webcam webserver is reported prone to multiple vulnerabilities. The following individual issues are reported: The first issue, a denial of service is reported to...

0.2AI score
Exploits0
securityvulns
securityvulns
added 2004/12/22 12:0 a.m.54 views

[Full-Disclosure] iDEFENSE Security Advisory 12.20.04: IBM AIX invscout Local Command Execution Vulnerability

IBM AIX invscout Local Command Execution Vulnerability iDEFENSE Security Advisory 12.20.04 www.idefense.com/application/poi/display?id=171&type=vulnerabilities December 20, 2004 I. BACKGROUND The invscout program is a setuid root application, installed by default under newer versions of IBM AIX,...

7.2CVSS1.4AI score0.00952EPSS
Exploits1
FreeBSD
FreeBSD
added 2004/10/03 12:0 a.m.30 views

zip -- long path buffer overflow

A HexView security advisory reports: When zip performs recursive folder compression, it does not check for the length of resulting path. If the path is too long, a buffer overflow occurs leading to stack corruption and segmentation fault. It is possible to exploit this vulnerability by embedding ...

10CVSS3.2AI score0.09246EPSS
Exploits0References1
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.25 views

CVE-1999-1217

The PATH in Windows NT includes the current working directory ., which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories...

6.6AI score0.0149EPSS
Exploits0References3
Exploit DB
Exploit DB
added 2003/08/11 12:0 a.m.24 views

PHPOutsourcing Zorum 3.4 - Full Path Disclosure

source: https://www.securityfocus.com/bid/8396/info A vulnerability has been reported in Zorum message board software that allows a remote attacker to send a malformed HTTP request resulting in a disclosure of the installation path. This issue may allow an attacker to gain knowledge of the file...

7.4AI score
Exploits0
NVD
NVD
added 2002/11/12 5:0 a.m.24 views

CVE-2002-1239

QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program...

7.2CVSS6.7AI score0.00903EPSS
Exploits1References5
securityvulns
securityvulns
added 2002/11/09 12:0 a.m.61 views

iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 11.08.02b: http://www.idefense.com/advisory/11.08.02b.txt Non-Explicit Path Vulnerability in QNX Neutrino RTOS November 8, 2002 I. BACKGROUND QNX Software Systems Ltd.'s Neutrino RTOS QNX is a real-time operating system...

7.2CVSS0.1AI score0.00903EPSS
Exploits1
Apache Httpd
Apache Httpd
added 2002/08/07 12:0 a.m.29 views

Apache Httpd < 2.0.40 : Path vulnerability

Certain URIs would bypass security and allow users to invoke or access any file depending on the system configuration. Affects Windows, OS2, Netware and Cygwin platforms only...

7.5CVSS2.7AI score0.69698EPSS
Exploits0Affected Software1
securityvulns
securityvulns
added 2001/12/01 12:0 a.m.57 views

ASI Oracle Security Alert: CHOWN Path Environment Variable Vulnerability

CHOWN Path Environment Variable Vulnerability For additional details, the official advisories from Oracle Corporation can be downloaded from: http://otn.oracle.com/deploy/security/pdf/dbsmpalert.pdf Summary: The vulnerability only affects Oracle 8.0.5 and 8.1.5. The dbsnmp file executes the CHOWN...

0.2AI score
Exploits0
CVE
CVE
added 2001/09/12 4:0 a.m.45 views

CVE-1999-1232

The CVE-1999-1232 entry concerns SGI IRIX 6.2, specifically the day5datacopier component. The vulnerability arises from an untrusted search path: a local user can influence PATH to point to a malicious cp program, enabling arbitrary command execution. Impact is local confidentiality, integrity, a...

7.2CVSS7.9AI score0.00393EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2001/05/24 4:0 a.m.27 views

CVE-2001-0389

IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine the real path of the server by directly calling the macro.d2w macro with a NOEXISTINGHTMLBLOCK argument...

6.5AI score0.01448EPSS
Exploits1References2
exploitpack
exploitpack
added 2001/04/23 12:0 a.m.18 views

RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping

RobTex Viking Server 1.0.7 - Relative Path Webroot Escaping source: https://www.securityfocus.com/bid/2643/info The Viking Server is a freely available software package maintained and distributed by Robtex. The Viking Server provides multiple protocol service on Windows 95, 98, and NT systems. A...

0.3AI score
Exploits0
Rows per page
Query Builder