7115 matches found
SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing
SGI IRIX 6.5.x - FAM Arbitrary Root Owned Directory File Listing source: https://www.securityfocus.com/bid/5487/info fam is a freely available, open source file alteration monitor. It is maintained and distributed by SGI, and will work on the Linux and Unix operating systems. It is possible for a...
CVE-2002-0793
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 aka QNX4 allow local users to overwrite arbitrary files via 1 the -f argument to the monitor utility, 2 the -d argument to dumper, 3 the -c argument to crttrap, or 4 using the Watcom sample utility...
CVE-2002-0649
Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 MSDE allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which 1 a 0x04 byte that causes the SQL Monitor thread to generate...
CVE-2002-0793
Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 aka QNX4 allow local users to overwrite arbitrary files via 1 the -f argument to the monitor utility, 2 the -d argument to dumper, 3 the -c argument to crttrap, or 4 using the Watcom sample utility...
PT-2002-1814 · Blackberry · Qnx Rtos
Name of the Vulnerable Software and Affected Versions: QNX RTOS version 4.25 Description: The issue allows local users to overwrite arbitrary files via specific arguments to certain utilities, including 1 the -f argument to the monitor utility, 2 the -d argument to dumper, 3 the -c argument to...
CVE-2001-1116
CVE-2001-1116 affects Identix BioLogon 2.03 and earlier. On multi-monitor systems running Windows 98/ME, it does not lock secondary displays, allowing an attacker with physical access to bypass authentication via a secondary display. The available sources confirm the affected product/versions and...
QNX RTOS 4.25 - monitor Arbitrary File Modification
QNX RTOS 4.25 - monitor Arbitrary File Modification source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor ...
QNX RTOS 4.25 - monitor Arbitrary File Modification
source: https://www.securityfocus.com/bid/4902/info The QNX RTOS monitor utility is prone to an issue which may allow local attackers to modify arbitrary system files such as /etc/passwd. monitor is installed setuid root by default. The monitor -f command line option may be used by a local attack...
Alchemy Eye/Network Monitor Traversal Arbitrary Command Execution
Alchemy Eye and Alchemy Network Monitor are network management tools for Microsoft Windows. The product contains a built-in HTTP server for remote monitoring and control. This HTTP server allows arbitrary commands to be run on the server by a remote attacker. %NASLMINLEVEL 70300 This script was...
Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution
-----BEGIN PGP SIGNED MESSAGE----- Rapid 7, Inc. Security Advisory Visit http://www.rapid7.com to download NeXposetm, our advanced vulnerability scanner. Linux and Windows 2000 versions are available now! Rapid 7 Advisory R7-0001: Alchemy Eye HTTP Remote Command Execution Published: November 29,...
CVE-2001-0871
Directory traversal vulnerability in HTTP server for Alchemy Eye and Alchemy Network Monitor allows remote attackers to execute arbitrary commands via an HTTP request containing 1 a .. in versions 2.0 through 2.6.18, or 2 a DOS device name followed by a .. in versions 2.6.19 through 3.0.10...
CVE-2001-0871
CVE-2001-0871 affects Alchemy Eye and Alchemy Network Monitor’s built-in HTTP server. Versions 2.0–2.6.18 are vulnerable to simple dotdot traversal; versions 2.6.19–3.0.10 are vulnerable to a variant using a DOS device name (e.g., NUL) plus traversal. Successful exploitation allows remote attacke...
CVE-2001-0870
The CVE-2001-0870 issue affects Alchemy Eye and Alchemy Network Monitor versions 1.9x through 2.6.18, whose built-in HTTP server is enabled by default and allows remote, unauthenticated access to view monitoring logs by directly requesting the eye.ini file. The vulnerability enables disclosure of...
CVE-1999-1395
Vulnerability in Monitor utility SYS$SHARE:SPISHR.EXE in VMS 5.0 through 5.4-2 allows local users to gain privileges...
CVE-1999-1395
CVE-1999-1395 describes a local privilege escalation in the Monitor utility (SYS$SHARE:SPISHR.EXE) affecting VMS 5.0 through 5.4-2. The vulnerability allows local users to gain privileges. The connected documents confirm the affected product and code component but do not provide specific technica...
Identix BioLogon Client security bug
Aug 3rd, 2001 10:56am Vendor: http://www.identix.com Software: BioLogon 2.0 Client see http://www.identix.com/itsecurity/softwareprod.html Security flaw in Indentix BioLogon 2.0 Client for Windows Identix's BioLogon software is used as the software "glue" to tie together various biometric devices...
CVE-2000-1034
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability...
CVE-2000-1034
The CVE relates to a buffer overflow in the Windows 2000 System Monitor ActiveX control (sysmon.ocx). The vulnerability allows remote code execution by crafting a malicious LogFileName value in HTML/scripted content, permitting exploitation by a user who can load the affected page or message. The...
CVE-2000-0978
The CVE-2000-0978 entry concerns the Big Brother System and Network Monitor (bbd server). It identifies a vulnerability in versions before 1.5c2 where remote attackers could execute arbitrary commands via the shell metacharacter “&”. The impact is remote command execution with the potential for p...
CVE-2000-1127
registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable...