CVE-2001-0507

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability...

CVE-1999-1013

CVE-1999-1013 affects AIX 4.1.5 and 4.2.1 via the named-xfer component. A flaw allows members of the system group to overwrite system files and gain root access by abusing the -f parameter together with a malformed zone file. Root cause is improper validation of file operations and zone-file pars...

Проблема символьных линков в OpenSSH (symbolic link)

Можно удалить любой системный файл...

Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read

Drummond Miles A1Stats 1.0 - a1disp2.cgi Traversal Arbitrary File Read source: https://www.securityfocus.com/bid/2705/info A1Stats is a CGI product by Drummon Miles used to report on a website's visitor traffic. Versions of this product fail to properly validate user-supplied input submitted as...

Дырка в HP-UX asecure (symlink bug)

Проблема символьных линков при создании лог-файла позволяет испортить любой системный файл...

Дырка в perfmon под SunOS

Некорректная работа с лог-файлом позволяет переписать любой системный файл...

Junsoft JSparm 4.0 - Logging Output File

source: https://www.securityfocus.com/bid/2515/info JSparm is the Junsoft Performance Analysis Report Maker package. This software package provides an enhanced perfmon performance monitoring package and interface, as well as a performance report generation interface. A problem with the package...

sendtemp.pl - Read Access to Files

!/usr/bin/perl -w sendtemp.pl: A part of the Amaya Web development server contains a file disclosure vulnerability, which allows remote, read access to files on the servers file system, as whichever user the httpd is running as. The Vulnerability is really quite simple.. When the templ argument i...

W3.ORG sendtemp.pl

Follows are details of a vunerability I recently discovered in W3.ORGS sendtemp.pl. Name: sendtemp.pl W3C. Remote: Yes Local: Yes Type: sendtemp.pl: A part of the Amaya Web development server contains a file disclosure vulnerability, which allows remote, read access to files on the servers file...

Serious security flaw in SuSE rctab

Hi @ll, it seems that the problem described below has not been discussed on Bugtraq. Problem description ------------------- Due to a various race conditions in the init level editing script /sbin/rctab it is possible for any local user to overwrite any system's file with arbitrary data. This may...

SuSE 6.x/7.0 - MkDir Error Handling rctab Race Condition (2)

source: https://www.securityfocus.com/bid/2207/info rctab is the Run Control Tab script included with the SuSE distribution of the Linux Operating System. SuSE is a freely available, Open Source Operating system maintained by SuSE Incorporated. A race condition in the rctab script could allow an...

tar-symlink.txt

Title : GNU tar Tape ARchive symlinkvulnerability Author : Marco van Berkum Organisation : OBIT b.v. URL : http://www.obit.nl Email : [email protected] Date : 06-01-2001 The usefull program tar Tape ARchive is used by all UNIX, Linux and BSD versions around and is used to ARCHIVE files to disk o...

Solaris 2.7/2.8 Catman - Local Insecure tmp Symlink

!/usr/local/bin/perl -w The problem is catman creates files in /tmp insecurly. They are based on the PID of the catman process, catman will happily clobber any files that are symlinked to that file. The idea of this script is to create a block of symlinks to the target file with the current PID a...

Уязвимость glint

Уязвимость символьных линков позволяет испортить любой системный файл...

Дырка в Extent RBS

Обратный путь в директории к параметру программы Newuser позволяет получить доступ к любому системному файлу...

Очередная дырка в Sambar

Search.dll позволяет обратиться к любому файлу в системе используя полный путь...

Дырка в photoalbum

Обратный путь в директориях позволяет получить любой системный файл через explorer.php...

Дырка в QNX Voyager

Обратный путь в директориях позволяет доступ к любым системным файлам...

Poll It CGI data_dir Parameter Arbitrary File Access

'PollItSSIv2.0.cgi' is installed. This CGI has a well known security flaw that lets an attacker retrieve any file from the remote system, e.g. /etc/passwd. %NASLMINLEVEL 70300 This script was written by Thomas Reinke See the Nessus Scripts License for details Changes by Tenable: - attempt to read...

Linux Kernel 2.2.122.2.142.3.99 (RedHat 6.x) - Socket Denial of Service

Linux Kernel 2.2.122.2.142.3.99 RedHat 6.x - Socket Denial of Service / source: https://www.securityfocus.com/bid/1072/info A denial of service exists in Linux kernels, as related to Unix domain sockets ignoring limits as set in /proc/sys/net/core/wmemmax. By creating successive Unix domain...