9214 matches found
ncpfs: Multiple vulnerabilities
Background ncpfs is a NCP protocol network filesystem driver that allows access to NetWare services, to mount volumes of NetWare servers or print to NetWare print queues. Description Erik Sjolund discovered two vulnerabilities in the programs bundled with ncpfs: there is a potentially exploitable...
[ GLSA 200501-35 ] Evolution: Integer overflow in camel-lock-helper
Gentoo Linux Security Advisory GLSA 200501-35 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
Debian DSA-655-1 : zhcon - missing privilege release
Erik Sjolund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package...
RHEL 2.1 : kernel (RHSA-2005:016)
Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 2.1 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for the following security issues : iSEC Security Research discovered a VMA handling flaw ...
DSA-655-1 zhcon - missing privilege release
Bulletin has no description...
zhcon -- unauthorized file access
Martin Joey Schulze reports: Erik Sjöund discovered that zhcon, a fast console CJK system using the Linux framebuffer, accesses a user-controlled configuration file with elevated privileges. Thus, it is possible to read arbitrary files. When installed from the FreeBSD Ports Collection, zhcon is...
Siteman 1.1 - User Database Privilege Escalation (1)
source: https://www.securityfocus.com/bid/12304/info Siteman is reported prone to a vulnerability that may allow users to gain elevated privileges. This issue results from insufficient sanitization of user-supplied data. Apparently, an attacker can supply additional lines to the stream used to...
Important: Red Hat Security Advisory: kernel security update
Updated kernel packages that fix several security issues in Red Hat Enterprise Linux 3 are now available. The Linux kernel handles the basic functions of the operating system. This advisory includes fixes for several security issues: iSEC Security Research discovered a VMA handling flaw in the...
Veritas NetBackup "bpjava-susvc" process contains an input validation error
Overview Veritas NetBackup Administrative Assistant interface may allow users to execute arbitrary commands with elevated privileges. Description The Veritas NetBackup Administrative Assistant interface bpjava-susvc contains an input validation vulnerability. According to Veritas Alert 271727 :Wh...
iDEFENSE Security Advisory 01.14.05: Exim dns_buld_reverse() Buffer Overflow Vulnerability
Exim dnsbuldreverse Buffer Overflow Vulnerability iDEFENSE Security Advisory 01.14.05 www.idefense.com/application/poi/display?id=183&type=vulnerabilities January 14, 2005 I. BACKGROUND Exim is a mail transfer agent MTA for Unix systems similar to sendmail. More information is available at the...
iDEFENSE Security Advisory [IDEF0725] Exim host_aton() Buffer Overflow Vulnerability
Exim hostaton Buffer Overflow Vulnerability iDEFENSE Security Advisory IDEF0725 http://www.idefense.com/application/poi/display?type=vulnerabilities January 07, 2005 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at:...
iDEFENSE Security Advisory [IDEF0731] Exim auth_spa_server() Buffer Overflow Vulnerability
Exim authspaserver Buffer Overflow Vulnerability iDEFENSE Security Advisory IDEF0731 www.idefense.com/application/poi/display?id=178&type=vulnerabilities January 07, 2004 I. BACKGROUND Exim is a message transfer agent developed for use on Unix systems. More information is available at:...
CVE-2004-1328
CVE-2004-1328 concerns an HP-UX local privilege‑escalation in the newgrp(1) command affecting HP-UX B.11.00, B.11.04 and B.11.11. The issue is documented across CVE/NVD and HP advisories, with patches PHCO_26385, PHCO_29682 and PHCO_32280 issued to address the vulnerability (linked to HPSBUX01102...
CVE-2004-1328
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges...
CVE-2004-1328
Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges...
CVE-2004-2515
Format string vulnerability in VMware Workstation 4.5.2 build-8848, if running with elevated privileges, might allow local users to execute arbitrary code via format string specifiers in command line arguments. NOTE: it is not clear if there are any default or typical circumstances under which...
CVE-2004-2730
Sysinternals PsTools before 2.05, including 1 PsExec before 1.54, 2 PsGetsid before 1.41, 3 PsInfo before 1.61, 4 PsKill before 1.03, 5 PsList before 1.26, 6 PsLoglist before 2.51, 7 PsPasswd before 1.21, 8 PsService before 2.12, 9 PsSuspend before 1.05, and 10 PsShutdown before 2.32, does not...
isec-0019-scm.txt
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Synopsis: Linux kernel scmsend local DoS Product: Linux kernel Version: 2.4 up to and including 2.4.28, 2.6 up to and including 2.6.9 Vendor: http://www.kernel.org/ URL: http://isec.pl/vulnerabilities/isec-0019-scm.txt CVE: CAN-2004-1016 Author: Paul...
Oracle Trigger Abuse (#NISR2122004I)
NGSSoftware Insight Security Research Advisory Name: Oracle 10g/9i Trigger Abuse Systems Affected: Oracle 10g/9i on all operating systems Severity: High risk Vendor URL: http://www.oracle.com/ Author: David Litchfield davidl at ngssoftware.com Relates to:...
XFree86 vulnerable to buffer overflow via crafted font directory in 'fonts.alias' file
Overview XFree86 contains a vulnerability in the parsing of the 'fonts.alias' file, which could be exploited by a local user to execute arbitrary code with elevated privileges. Description XFree86 contains a flaw during the processing of the 'fonts.alias' file. XFree86 is an implementation of the...