424 matches found
CVE-1999-1560
Vulnerability in a script in Texas A&M University TAMU Tiger allows local users to execute arbitrary commands as the Tiger user, usually root...
Potential Internet Explorer Security Risk
Potential Security Risk with Internet Explorer This was tested on version: 5.00.2614.3500 with Windows 98 SE 4.10.2222A. I was playing with Favorites and added a favorite with the name of 'www.dsakfjhasdfj.com' and set it to point to the address 'c:command.com'. dont include the '' characters...
CVE-2001-0424
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id...
CVE-2001-0370
fcheck prior to 2.57.59 calls the file signature checking program insecurely, which can allow a local user to run arbitrary commands via a file name that contains shell metacharacters...
CVE-2001-0424
BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id...
CVE-2001-0111
CVE-2001-0111 : The vulnerability affects the splitvt utility (before 1.6.5). It is a format-string flaw that can allow a local attacker to run arbitrary commands via the -rcfile argument. Debian’s DSA-014-2 describes a buffer overflow/format-string attack with root access risk; remediation is up...
CVE-2001-0115
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter...
CVE-2000-1123
CVE-2000-1123 involves a buffer overflow in the pioout command on IBM AIX 4.3.x and earlier. The root cause is a vulnerable buffer handling in pioout, allowing local users to execute arbitrary commands with privileges on affected systems. Documents confirm the affected product as IBM AIX 4.3.x an...
Sendfile 1.x2.1 - Local Privileged Arbitrary Command Execution
Sendfile 1.x2.1 - Local Privileged Arbitrary Command Execution source: https://www.securityfocus.com/bid/2645/info Sendfile is an implementation of the SAFT simple asynchronous file transfer protocol for UNIX systems. Due to a problem dropping privileges completely before running user-specified...
Sendfile 1.x2.1 - Forced Privilege Lowering Failure
Sendfile 1.x2.1 - Forced Privilege Lowering Failure source: https://www.securityfocus.com/bid/2652/info Sendfile is an implementation of the SAFT simple asynchronous file transfer protocol for UNIX systems. A serialization error exists in the Sendfile daemon, sendfiled. When used in conjunction...
Sendfile 1.x/2.1 - Forced Privilege Lowering Failure
source: https://www.securityfocus.com/bid/2652/info Sendfile is an implementation of the SAFT simple asynchronous file transfer protocol for UNIX systems. A serialization error exists in the Sendfile daemon, sendfiled. When used in conjunction with other problems found in the daemon, it may be...
CVE-2001-0112
Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands...
CVE-2000-1089
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability...
CVE-2000-1004
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters...
CVE-2000-1089
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability...
CVE-2000-1163
ghostscript before 5.10-16 uses an empty LDRUNPATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript...
CVE-2000-0963
Buffer overflow in ncurses library allows local users to execute arbitrary commands via long environmental information such as TERM or TERMINFODIRS...
CVE-2000-0918
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters...
CVE-2000-0918
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters...
Oracle (oidldapd connect) - Local Command Line Overflow
Oracle oidldapd connect - Local Command Line Overflow / Exploit Code for oidldapd in Oracle 8.1.6 8ir2 for Linux. I tested in RH 6.2 and 6.1. This code is a bullshit i know please no comments about ;-. If someone exports this to Sparc please tell me. synopsis: buffer overflow in oidldapd impact:...