6 matches found
CVE-2017-18610
The magic-fields plugin before 1.7.2 for WordPress has XSS via the RCCWPCreateCustomFieldPage.php custom-group-id parameter...
Code injection
When mount.ecrpytfsprivate before version 87-0ubuntu1.2 calls setreuid it doesn't also set the effective group id. So when it creates the new version, mtab.tmp, it's created with the group id of the user running mount.ecryptfsprivate...
MITKRB5-SA-2011-005 FTP daemon fails to set effective group ID [CVE-2011-1526]
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 MITKRB5-SA-2011-005 MIT krb5 Security Advisory 2011-005 Original release: 2011-07-05 Topic: FTP daemon fails to set effective group ID CVE-2011-1526 CVSSv2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:O/RC:C CVSSv2 Base Score: 6.5 Access Vector: Network...
Security fix for the ALT Linux 7 package krb5 version 1.6.3-alt13
July 6, 2011 Ivan A. Melnikov 1.6.3-alt13 - check if ftp daemon fails to set effective group id MITKRB5-SA-2011-005, CVE-2011-1526...
CVE-2005-2496
The xntpd ntp ntpd daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended...
CVE-1999-1554
/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the group ID to the group ID of the user who started Mail, which allows local users to read the mail of other users...