CVE-2006-0576

Untrusted search path vulnerability in opcontrol in OProfile 0.9.1 and earlier allows local users to execute arbitrary commands via a modified PATH that references malicious 1 which or 2 dirname programs. NOTE: while opcontrol normally is not run setuid, a common configuration suggests accessing...

CVE-2003-1291

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables...

[SA15907] Mozilla Thunderbird Attachment Spoofing Vulnerability

TITLE: Mozilla Thunderbird Attachment Spoofing Vulnerability SECUNIA ADVISORY ID: SA15907 VERIFY ADVISORY: http://secunia.com/advisories/15907/ CRITICAL: Less critical IMPACT: Spoofing, System access WHERE: From remote SOFTWARE: Mozilla Thunderbird 1.x http://secunia.com/product/4652/ DESCRIPTION...

Ubuntu 4.10 / 5.04 : util-linux vulnerability (USN-184-1)

David Watson discovered that 'umount -r' removed some restrictive mount options like the 'nosuid' flag. If /etc/fstab contains user-mountable removable devices which specify the 'nosuid' flag which is common practice for such devices, a local attacker could exploit this to execute arbitrary...

Design/Logic Flaw

The dupfdopen function in sys/kern/kerndescrip.c in OpenBSD 3.7 and 3.8 allows local users to re-open arbitrary files by using setuid programs to access file descriptors using /dev/fd/...

[SA18296] OpenBSD suid Programs File Re-Opening Vulnerability

TITLE: OpenBSD suid Programs File Re-Opening Vulnerability SECUNIA ADVISORY ID: SA18296 VERIFY ADVISORY: http://secunia.com/advisories/18296/ CRITICAL: Less critical IMPACT: Security Bypass WHERE: Local system OPERATING SYSTEM: OpenBSD 3.x http://secunia.com/product/100/ DESCRIPTION: A...

CVE-2005-2711

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to...

GLSA-200512-17 : scponly: Multiple privilege escalation issues

The remote host is affected by the vulnerability described in GLSA-200512-17 scponly: Multiple privilege escalation issues Max Vozeler discovered that the scponlyc command allows users to chroot into arbitrary directories. Furthermore, Pekka Pessi reported that scponly insufficiently validates...

Perl programs providing user-controlled I/O format strings may contain format string vulnerabilities

Overview Programs written in Perl may contain many of the same types of format string vulnerabilities as programs written in C. Description Perl is a programming language used in many applications and commonly used for web applications. It provides many of the same functions for formatted I/O as ...

CVE-2005-2940

Unquoted Windows search path vulnerability in Microsoft Antispyware 1.0.509 Beta 1 might allow local users to gain privileges via a malicious "program.exe" file in the C: folder, involving the programs 1 GIANTAntiSpywareMain.exe, 2 gcASNotice.exe, 3 gcasServ.exe, 4 gcasSWUpdater.exe, or 5...

[EXPL] F-Secure Internet Gatekeeper Local Root (Exploit)

The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com - - promotion The SecuriTeam alerts list - Free, Accurate, Independent. Get your security news from a reliable source...

Open WebMail userstat.pl Arbitrary Command Execution

The target is running at least one instance of Open WebMail in which the userstat.pl component fails to sufficiently validate user input. SPDX-FileCopyrightText: 2004 George A. Theall Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

X11 Server Unauthenticated Access

The remote X11 server accepts connections from anywhere. An attacker can connect to it to eavesdrop on the keyboard and mouse events of a user on the remote host. It is even possible for an attacker to grab a screenshot of the remote host or to display arbitrary programs. An attacker can exploit...

CVE-2005-3113

The ActiveX control for NateOn Messenger NateonDownloadManager.ocx allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method...

CVE-2005-3113

CVE-2005-3113 affects NateOn Messenger: the ActiveX control NateonDownloadManager.ocx lets remote attackers set arguments to GotNate.Excute to download and run arbitrary programs. The impact is remote code execution on the vulnerable host; exploitation status and concrete mitigations are not deta...

USN-184-1: umount vulnerability

David Watson discovered that "umount -r" removed some restrictive mount options like the "nosuid" flag. If /etc/fstab contains user-mountable removable devices which specify the "nosuid" flag which is common practice for such devices, a local attacker could exploit this to execute arbitrary...

Debian DSA-811-2 : common-lisp-controller - design error

The bugfix for the problem mentioned below contained an error that caused third-party programs to fail. The problem is corrected by this update. For completeness we're including the original advisory text : Francois-Rene Rideau discovered a bug in common-lisp-controller, a Common Lisp source and...

Debian DSA-800-1 : pcre3 - integer overflow

An integer overflow with subsequent buffer overflow has been detected in PCRE, the Perl Compatible Regular Expressions library, which allows an attacker to execute arbitrary code. Since several packages link dynamically to this library you are advised to restart the corresponding services or...

CVE-2005-2772

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via 1 a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and 2 certain arguments when launching third party programs such as...

CVE-2005-2772

Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via 1 a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and 2 certain arguments when launching third party programs such as...