7660 matches found
CVE-2003-0337
The ckconfig command in lsadmin for Load Sharing Facility LSF 5.1 allows local users to execute arbitrary programs by modifying the LSFENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSFSERVERDIR to point to a malicious lim program, which lsadmin then executes...
CVE-2003-0337
The ckconfig command in lsadmin for Load Sharing Facility LSF 5.1 allows local users to execute arbitrary programs by modifying the LSFENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSFSERVERDIR to point to a malicious lim program, which lsadmin then executes...
Security advisory: LSF 5.1 local root exploit
Security Advisory 22 May 2003 Local root in LSF 5.1 Name: Load Sharing Facility version 5.1 Severity: High Vendor URL: http://www.platform.com Author: Tomasz Grabowski [email protected] Vendor notified: 25 Feb 2003 Vendor response: 25 Feb 2003 Vendor fix: 19 Mar 2003 Commercial: I'm looking for ...
CVE-2003-0233
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load method, a different vulnerability than CVE-2003-0115...
Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service Vulnerability =============================================================================== Revision Numeral 1.0 For Public Releas...
CVE-2003-0233
Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via the Load method, a different vulnerability than CVE-2003-0115...
Platform Load Sharing Facility 45 - LSF_ENVDIR Local Command Execution
Platform Load Sharing Facility 45 - LSFENVDIR Local Command Execution source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated...
Platform Load Sharing Facility 4/5 - 'LSF_ENVDIR' Local Command Execution
source: https://www.securityfocus.com/bid/7655/info It has been reported that Load Sharing Facility LSF does not properly handle input in environment variables. Because of this, an attacker may be able to gain escalated privileges on a vulnerable system. LSF 5.1 'lsadmin' local root exploit...
Platform Load Sharing Facility 4/5/6 - 'EAuth' Local Privilege Escalation
source: https://www.securityfocus.com/bid/9724/info Load Sharing Facility eauth component has been reported prone to privilege escalation vulnerability. The eauth component is responsible for controlling authentication procedures within Load Sharing Facility. An issue has been reported where an...
Platform Load Sharing Facility 456 - EAuth Local Privilege Escalation
Platform Load Sharing Facility 456 - EAuth Local Privilege Escalation source: https://www.securityfocus.com/bid/9724/info Load Sharing Facility eauth component has been reported prone to privilege escalation vulnerability. The eauth component is responsible for controlling authentication procedur...
CVE-2002-1338
The Load method in the Chart component of Office Web Components OWC 9 and 10 generates an exception when a specified file does not exist, which allows remote attackers to determine the existence of local files...
CVE-2002-1293
The Microsoft Java implementation, as used in Internet Explorer, provides a public load0 method for the CabCracker class com.ms.vm.loader.CabCracker, which allows remote attackers to bypass the security checks that are performed by the load method...
PHP-Nuke x.x SQL Injection
Hello, All PHP-Nuke versions, including the just released 6.0, are vulnerable to a very simple SQL injection that may lead to a basic DoS attack. For instance, if you create a short script, to send a few requests, I have tested with just 6 similar to this:...
Microsoft Office Web Components allows arbitary user to determine whether local file exists via Chart component "Load" method
Overview Microsoft Office Web Components OWC allows a malicious script on a web page to learn if a file exists on the client's filesystem. Description OWC allows viewing of Microsoft Office documents such as spreadsheets and charts to be viewed within an HTML document in Microsoft Internet Explor...
CVE-2002-0209
CVE-2002-0209 affects Nortel Alteon ACEdirector WebOS 9.0 with SLB and Cookie-Based Persistence enabled. A remote attacker can determine the real IP address of a web server when a half-closed session is present, causing ACEdirector to send packets from the server without mapping to the virtual IP...
CVE-2002-0209
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing SLB and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the...
CVE-2002-0209
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing SLB and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the...
PHP 4.x/5.x MySQL Library - 'Safe_mode' Filesystem Circumvention (2)
...
Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing
source: https://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. It is possible to retrieve the real IP addresses of webservers that are managed by an ACEdirector. When a client is...
Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing
Alteon AceDirector - Half-Closed HTTP Request IP Address Revealing source: https://www.securityfocus.com/bid/3964/info Alteon ACEdirector is a hardware solution distributed by Nortel Networks. ACEdirector runs the Nortel WebOS operating system. It is possible to retrieve the real IP addresses of...