Lucene search
K

4974 matches found

securityvulns
securityvulns
added 2003/04/23 12:0 a.m.45 views

SRT2003-04-22-1336 - SAP DB Development Tools install flaw

Secure Network Operations, Inc. http://www.secnetops.com Strategic Reconnaissance Team [email protected] Team Lead Contact [email protected] Our Mission: Secure Network Operations offers expertise in Networking, Intrusion Detection Systems IDS, Software Security Validation, and...

0.1AI score
Exploits0
securityvulns
securityvulns
added 2003/04/23 12:0 a.m.36 views

SAP DB development tools privelege escalation

instdbmsrv and instlserver allow chmod/chown for any files...

3.2AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2003/04/01 12:0 a.m.85 views

SAP DB weak permissions

777 permissions are used for executables...

1.6AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2002/05/06 12:0 a.m.153 views

Security holes : PHP Image View, NewsPro, Photo DB, As_web, GuestBook

Hi all : 1 PHP Image View 1.0 http://www.onlinetools.org Problems : - XSS - phpinfo; Exploits : - /phpimageview.php?pw=show - /phpimageview.php?pic=javascript:alertdocument.domain 2 NewsPro 1.01 http://www.aspbin.co.uk Problem : - Admin access Exploit : - Set cookie "logged,true" on the...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2002/05/03 4:0 a.m.27 views

CVE-2001-1331

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options 1 -u or 2 -c, which do not drop privileges and follow symlinks...

6.4AI score0.00295EPSS
Exploits0References3
CVE
CVE
added 2002/05/03 4:0 a.m.55 views

CVE-2001-1331

CVE-2001-1331 affects the man-db package’s mandb tool. The vulnerability exists in mandb before version 2.3.16-3, where invoking mandb with -u or -c does not drop privileges and does not drop file-system symlinks, enabling local users to overwrite arbitrary files. Impact is local, potentially ena...

1.2CVSS6.5AI score0.00295EPSS
Exploits0References3Affected Software2
securityvulns
securityvulns
added 2002/04/17 12:0 a.m.34 views

Format string bug in AOLServer DB API

Format string bug in NsPdLog API call...

1.9AI score
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.26 views

CVE-1999-1330

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf...

6.6AI score0.00395EPSS
Exploits0References4
CVE
CVE
added 2002/03/09 5:0 a.m.56 views

CVE-1999-1330

The CVE-1999-1330 issue affects the db library’s snprintf usage in version 1.85.4, where the size parameter is ignored and could permit buffer overflows that proper snprintf implementation would prevent. This describes a potential local memory corruption risk. Exploitation details or concrete rem...

4.6CVSS7AI score0.00395EPSS
Exploits0References4Affected Software2
NVD
NVD
added 2002/03/08 5:0 a.m.27 views

CVE-2002-0056

Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to 1 OpenDataSource or 2 OpenRowset in an ad hoc connection...

7.5CVSS8.2AI score0.24864EPSS
Exploits0References6
Cvelist
Cvelist
added 2002/02/21 5:0 a.m.29 views

CVE-2002-0056

Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to execute arbitrary code via a long OLE DB provider name to 1 OpenDataSource or 2 OpenRowset in an ad hoc connection...

8.2AI score0.24864EPSS
Exploits0References6
CVE
CVE
added 2002/02/21 5:0 a.m.69 views

CVE-2002-0056

CVE-2002-0056 concerns Microsoft SQL Server 7.0 and 2000, where a buffer overflow is triggered by a long OLE DB provider name used with OpenDataSource or OpenRowset in an ad hoc connection. The resulting issue can allow an attacker to execute arbitrary code with the SQL Server service account’s p...

7.5CVSS8.2AI score0.24864EPSS
Exploits0References6Affected Software1
securityvulns
securityvulns
added 2001/06/13 12:0 a.m.48 views

Символьные линки в man-db (symbolic link)

Проблема символьных линков в sgid man программе...

0.7AI score
Exploits0References1Affected Software1
securityvulns
securityvulns
added 2001/06/13 12:0 a.m.56 views

[SECURITY] [DSA-059-1] man-db symlink attack

-----BEGIN PGP SIGNED MESSAGE----- - ------------------------------------------------------------------------ Debian Security Advisory DSA-059-1 [email protected] http://www.debian.org/security/ Wichert Akkerman June 12, 2001 -...

0.9AI score
Exploits0
Debian
Debian
added 2001/06/12 2:43 p.m.16 views

[SECURITY] [DSA-059-1] man-db symlink attack

Package : man-db Problem type : symlink attack Debian-specific: no Luki R. reported a bug in man-db: it did handle nested calls of dropeffectiveprivs and regaineffectiveprivs correctly which would cause it to regain privileges to early. This could be abused to make man create files as user man...

5.9AI score
Exploits0
Debian
Debian
added 2001/05/08 1:55 p.m.8 views

[SECURITY] [DSA-056-1] man-db local exploit

Package : man-db Problem type : local file overwrite Debian-specific: no Ethan Benson found a bug in man-db packages as distributed in Debian/GNU/Linux 2.2. man-db includes a mandb tool which is used to build an index of the manual pages installed on a system. When the -u or - -c option were give...

5.8AI score
Exploits0
NVD
NVD
added 2001/05/03 4:0 a.m.18 views

CVE-2001-1331

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options 1 -u or 2 -c, which do not drop privileges and follow symlinks...

1.2CVSS6.5AI score0.00295EPSS
Exploits0References3
Debian
Debian
added 2001/02/08 11:38 p.m.12 views

[SECURITY] [DSA 028-1] New man-db packages released

---------------------------------------------------------------------------- Debian Security Advisory DSA-028-1 [email protected] http://www.debian.org/security/ Martin Schulze February 9, 2001 - ---------------------------------------------------------------------------- Package : man-db...

5.5AI score
Exploits0
CVE
CVE
added 2000/07/12 4:0 a.m.72 views

CVE-2000-0032

Solaris dmi_cmd vulnerability CVE-2000-0032 allows local users to crash the dmispd daemon by placing a malformed file in /var/dmi/db. The description does not provide exploit details, affected versions, or remediation. No additional technical details are given in the connected documents. Actionab...

10CVSS6.7AI score0.02685EPSS
Exploits0References2Affected Software2
Positive Technologies
Positive Technologies
added 2000/05/05 12:0 a.m.4 views

PT-2000-1324 · Gossamer Threads · Gossamer Threads Dbman

Name of the Vulnerable Software and Affected Versions: Gossamer Threads DBMan version db.cgi Description: The issue allows remote attackers to view environmental variables and setup information. This is achieved by referencing a non-existing database in the db parameter. Recommendations: For...

6.4CVSS6.6AI score0.02635EPSS
Exploits0References5
Rows per page
Query Builder