84 matches found
fetchmail -- fetchmailconf local password exposure
The fetchmail team reports: The fetchmailconf program before and excluding version 1.49 opened the run control file, wrote the configuration to it, and only then changed the mode to 0600 rw-------. Writing the file, which usually contains passwords, before making it unreadable to other users, can...
CVE-2001-1583
lpd daemon in.lpd in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program. NOTE: this might be the same vulnerability as CVE-2000-1220...
PT-2001-2667 · Oracle · Solaris
Name of the Vulnerable Software and Affected Versions: Solaris versions 8 and earlier Description: The issue allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when the lpd daemon invokes a mail program. Recommendations...
HM Software S to Infinity 3.0 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/1368/info A number of vulnerabilities exist in HM Software S to Infinity, a security access control, desktop lockdown and transparent encryption application. Intended features include restriction of access to folders, files, floppy and CD-ROM drives, etc...