CVE-2002-0664

The default Access Control Lists ACLs of the administration database for ZMerge 4.x and 5.x provides arbitrary users including anonymous users with Manager level access, which allows the users to read or modify import/export scripts...

Hosting Controller 1.4 - Import Root Directory Command Execution

source: https://www.securityfocus.com/bid/4761/info Hosting Controller is an application which consolidates all hosting tasks into one interface. Hosting Controller runs on Microsoft Windows operating systems. The Import Root Directory improotdir.asp script does not force an authentication...

[RHSA-2002:070-06] Updated mod_python packages available

--------------------------------------------------------------------- Red Hat, Inc. Red Hat Security Advisory Synopsis: Updated modpython packages available Advisory ID: RHSA-2002:070-06 Issue date: 2002-04-22 Updated on: 2002-05-02 Product: Red Hat Linux Keywords: modpython publisher imported...

CVE-2001-0072

gpg aka GnuPG 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust...

[SECURITY] [DSA-010-1] two gpg problems

Package : gnupg Problem type : cheating with detached signatures, circumvention of web of trust Debian-specific: no Two bugs in GnuPG have recently been found: 1. false positives when verifying detached signatures - ----------------------------------------------------- There is a problem in the w...

Уязвимость в алгоритме импорта токенов

Генерация токенов легко восстанаваливается по файлу импорта закрытого ключа .asc...

CVE-2000-1017

The CVE-2000-1017 entry concerns Webteachers Webdata (WebData database). The vulnerability allows remote attackers who have valid WebData accounts to read arbitrary files by submitting a request to import a file into the WebData database. The description specifies the attack flow but does not pro...

Дыркав WebDATA

Пользователь может импортировать в базу любой открытый на чтение локальный файл и получить к нему доступ...

DST2K0039: Webteachers Webdata: Importing files lower than web ro ot possible in to database

All, We have released the following advisory due to the fact that we have provided a patch Section II. If people require any help with implementing this patch please come back to us on the following e-mail address [email protected]. This patch may require a little tinkering with for you...

DST2K0039.txt

============================================================================ Delphis Consulting Plc ============================================================================ Security Team Advisories 26/09/2000 [email protected] http://www.delphisplc.com/thinking/whitepapers/...

CVE-2000-0409

CVE-2000-0409 affects Netscape 4.73 and earlier. When importing a new certificate, Netscape follows symlinks, allowing a local user to overwrite files owned by the user importing the certificate. The available documents state the issue and the affected behavior but do not specify exact vulnerable...

CVE-2000-0409

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate...

Possible symlink problems with Netscape 4.73

It appears that Netscape 4.73 and earlier versions incorrectly creates a temporary file in '/tmp' when importing certificates: ... open"/tmp/tmp3919AA5000A07DC", OWRONLY|OCREAT|OTRUNC, 0666 = 25 fchmod25, 0600 = 0 fstat25, stmode=0,stsize=0, ... = 0 ... Netscape doesn't try to stat/lstat the file...

CVE-2000-0409

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate...

CVE-1999-0702

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability...

ie5_vulnerabilities.txt

Subject: IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs To: [email protected] Disclaimer: The opinions expressed in this advisory and program are my own and not of any company. The usual standard disclaimer...

CVE-1999-0702

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability...

Microsoft Internet Explorer 4.0.1/5 - Import/Export Favorites

Microsoft Internet Explorer 4.0.1 for Windows 98/Windows NT 4.0,Microsoft Internet Explorer 5.0 for Windows 2000/Windows 95/Windows 98/Windows NT 4 Import/Export Favorites Vulnerability source: https://www.securityfocus.com/bid/627/info The ImportExportFavorites method, used to import and export...

ms-excel-numbers.txt

Date: Thu, 31 Dec 1998 23:02:41 +0100 From: "Tom Rowe" Subject: Excel bug I imagine this has been discussed some, but in case it hasn't. If you enter a number, say 123456789999 in Excel and save the file as comma delimited csv I think MS uses it will be saved as 1.234567E+11. Quite a few programs...

Security update 1970-01-01

...