188 matches found
CVE-2007-2996
Unspecified vulnerability in perl.rte 5.8.0.10 through 5.8.0.95 on IBM AIX 5.2, and 5.8.2.10 through 5.8.2.50 on AIX 5.3, allows local users to gain privileges via unspecified vectors related to the installation and "waiting for a legitimate user to execute a binary that ships with Perl."...
GLSA-200601-15 : Paros: Default administrator password
The remote host is affected by the vulnerability described in GLSA-200601-15 Paros: Default administrator password Andrew Christensen discovered that in older versions of Paros the database component HSQLDB is installed with an empty password for the database administrator 'sa'. Impact : Since th...
solaris/SPARC execve /bin/sh 52 bytes
solaris/SPARC execve /bin/sh 52 bytes. Shellcode exploit for solarissparc platform //Solaris/Sparc - LSD char shellcode= "\x20\xbf\xff\xff" / bn,a / "\x20\xbf\xff\xff" / bn,a / "\x7f\xff\xff\xff" / call / "\x90\x03\xe0\x20" / add %o7,32,%o0 / "\x92\x02\x20\x10" / add %o0,16,%o1 / "\xc0\x22\x20\x0...
Linux 2.4.x execve() file read race vulnerability
Hi people, again it is time to discover a funny bug inside the Linux execve system call. Details: --------- While looking at the execve code I've found the following piece of code from fs/binfmtelf.c: static int loadelfbinarystruct linuxbinprm bprm, struct ptregs regs struct file interpreter =...
cvs security problem
I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...
cvs-1.10.8.txt
I found two security problems in cvs-1.10.8. 1 A committer can execute any binary in server using CVS/Checkin.prog or CVS/Update.prog. A committer can execute arbitrary binary on a cvs server using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when t...
CVS Kit CVS Server 1.10.8 - 'Checkin.prog' Binary Execution
source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and it is sent back to the server and executed with committin...
CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution
CVS Kit CVS Server 1.10.8 - Checkin.prog Binary Execution source: https://www.securityfocus.com/bid/1524/info A CVS committer can execute arbitrary binaries by using Checkin.prog. Usually CVS/Checkin.prog in a working directory is copied from CVSROOT/modules when the directory is "checkout"ed and...