160 matches found
Smail 3 - Multiple RemoteLocal Vulnerabilities
Smail 3 - Multiple RemoteLocal Vulnerabilities // source: https://www.securityfocus.com/bid/12899/info Smail-3 is reported prone to multiple vulnerabilities. These issues can allow a local or remote attacker to execute arbitrary code on a vulnerable computer. A successful attack may lead to a...
GLSA-200412-25 : CUPS: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200412-25 CUPS: Multiple vulnerabilities CUPS makes use of vulnerable Xpdf code to handle PDF files CAN-2004-1125. Furthermore, Ariel Berkman discovered a buffer overflow in the ParseCommand function in hpgl-input.c in the hpgltop...
Linux 2.6 Kernel Capability LSM Module Local Privilege Elevation
Venustech AD-Lab www.venustech.com.cn Security Advisory Advisory: ADLAB-04003Linux 2.6. Kernel Capability LSM Module Local Privilege Elevation Authors: [email protected] Release: 09/12/04 Class: Design Error Remote: No, local Vulnerable: Linux kernel 2.6. Linux kernel 2.5.72-lsm1...
SNAP Innovation's PrimeBase Database 4.2 poor default file permissions.
SNAP Innovation's PrimeBase Database 4.2 poor default file permissions and use of symlinks during install. September 1, 2003 I. BACKGROUND From the readme.txt file "The PrimeBase Database Server is a relational Database Management System DBMS for Mac, UNIX and Windows platforms. The PrimeBase...
D-Link 704p Broadband Router Remote / Local DoS
02 August 2003 Hardware: D-Link 704p Vulnerability: Multiple Local/Remote see below Warning Level: Moderate Description: This small advisory is on the D-Link 704p router with firmware version 2.70. The router is a small 4 port DSL/CABLE router. Earlier this year I made a small post on BUGTRAQ abo...
FlashFXP 1.4 - User Password Encryption
// source: https://www.securityfocus.com/bid/7499/info FlashFXP uses a trivially reversible algorithm to encrypt FTP user credentials. Local attackers with access to the sites.data may exploit this weakness to gain unauthorized access to FTP user credentials for remote sites. / Flashfxp sites.dat...
APC < 3.8.0 apcupsd Multiple Vulnerabilities
The remote host is running the apcupsd client which, according to its version number, is affected by multiple vulnerabilities : - The configuration file '/var/run/apcupsd.pid' is by default world-writable. A local attacker could re-write this file with other process IDs in order to crash the...
CVE-2002-1379
OpenLDAP2 OpenLDAP 2 2.2.0 and earlier allows remote or local attackers to execute arbitrary code when libldap reads the .ldaprc file within applications that are running with extra privileges...
akfingerd 0.5 Multiple Vulnerabilities
The remote finger service appears to vulnerable to a remote attack which can disrupt the service of the finger daemon. This denial of service does not affect other services that may be running on the remote computer, only the finger service can be disrupted. akfingerd version 0.5 or earlier is...
Trillian Instant Messaging 0.x - Credential Encryption
// source: https://www.securityfocus.com/bid/5677/info The Trillian instant messaging client uses weak encryption to store saved authentication credentials for instant messaging services. The credentials are encrypted by using XOR with a static key that is used with every installation of the...
CVE-1999-1326
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR abort file transfer command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files...
CVE-2001-0635
Red Hat Linux 7.1 is affected by CVE-2001-0635 due to insecure permissions on swap files created at install. The swap files could be world-readable, enabling a local attacker to read sensitive data such as passwords and potentially escalate privileges. The connected Red Hat advisory RHSA-2001:058...
RAZOR advisory: multiple Sendmail vulnerabilities
RAZOR Advisory: Multiple Local Sendmail Vulnerabilities ======================================================= Author: Michal Zalewski [email protected] Release Date: 10/01/2001 Assigned CVE numbers: CAN-2001-0713, CAN-2001-0714, CAN-2001-0715 Topic: ------ The Sendmail mail delivery...
CVE-1999-1388
The CVE-1999-1388 entry concerns SunOS 4.1.x, where the passwd utility is vulnerable to a local symlink attack via the -F command line argument. This allows local users to overwrite arbitrary files, due to the underlying symlink race condition in passwd. The affected component is the passwd progr...
CVE-2001-0623
CVE-2001-0623 affects the sendfiled component of SAFT on Linux, where privileges are not properly dropped when sending notification emails, enabling a local user to gain privileges (local privilege escalation). The issue is documented in Debian security advisories DSA-050-1 and DSA-052-1, which d...
DoS против small http
Наблюдается утечка к памяти при запросе листинга каталога с отсутствующим index.html, сервер перестает отвечать на запросы, если соединения закрывается до начала передачи данных клиенту, кроме того есть локальные атаки...
CVE-2000-0107
The CVE-2000-0107 entry concerns the Linux apcd program, which is vulnerable to a local symlink attack that lets an authenticated local attacker modify arbitrary files. The root cause is improper handling of symlinks, enabling file overwrites via symlink manipulation. The available references con...
CVE-2000-0147
The CVE-2000-0147 issue affects snmpd on SCO OpenServer, where the SNMP community string is writable by default. This enables local attackers to modify the host’s configuration. Connected sources corroborate the default-write vulnerability but do not provide a patch or explicit remediation details.
CVE-1999-1133
HP-UX 9.x and 10.x running X windows may allow local attackers to gain privileges via 1 vuefile, 2 vuepad, 3 dtfile, or 4 dtpad, which do not authenticate users...
Security Update for Windows Server 2003 for Itanium-based Systems (KB2731847)
A security issue has been identified that could allow an authenticated local attacker to compromise your system and gain control over it. You can help protect your system by installing this update from Microsoft. After you install this update, you may have to restart your system...