CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs...

CVE-2004-0841

The CVE-2004-0841 entry corresponds to Internet Explorer 6.x vulnerability commonly called Script in Image Tag File Download (also HijackClick 3). The connected advisories describe this as an IE vulnerability that allows a remote attacker to escalate privileges by abusing script execution in imag...

CVE-2004-0841

Internet Explorer 6.x allows remote attackers to install arbitrary programs via mousedown events that call the Popup.show method and use drag-and-drop actions in a popup window, aka "HijackClick 3" and the "Script in Image Tag File Download Vulnerability."...

cdrecord privilege escalation

Privileges are not dropped on user specified program invocation...

CVE-1999-1365

Technical details for CVE-1999-1365 are not publicly available in the provided documents. No vendor/product/version specifics or exploitation information are included here. Monitor for updates.

CVE-2002-1184

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access Everyone:F and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan hor...

CVE-2004-0121

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs...

CVE-2003-1326

Microsoft Internet Explorer 5.5 and 6.0 are affected by CVE-2003-1326, which enables remote attackers to bypass cross-domain security and execute script or arbitrary code via dialog boxes. The issue centers on improper handling of dialog frames and the dialogArguments mechanism, enabling cross-do...

CVE-1999-1217

The PATH in Windows NT includes the current working directory ., which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories...

CVE-2002-1184

The CVE-2002-1184 entry describes that the Windows 2000 system root folder has default Everyone:F permissions and is searched during login or program launch, enabling privilege escalation via Trojan horse programs. Affected software: Microsoft Windows 2000 (system root folder permissions in the s...

GLSA-200405-06 : libpng denial of service vulnerability

The remote host is affected by the vulnerability described in GLSA-200405-06 libpng denial of service vulnerability libpng provides two functions pngchunkerror and pngchunkwarning for default error and warning messages handling. These functions do not perform proper bounds checking on the provide...

CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs...

CVE-2004-0648

Mozilla Suite before 1.7.1, Firefox before 0.9.2, and Thunderbird before 0.7.2 allow remote attackers to launch arbitrary programs via a URI referencing the shell: protocol...

CVE-2004-1707

The 1 dbsnmp and 2 nmo programs in Oracle 8i, Oracle 9i, and Oracle IAS 9.0.2.0.1, on Unix systems, use a default path to find and execute library files while operating at raised privileges, which allows certain Oracle user accounts to gain root privileges via a modified libclntsh.so.9.0...

SUSE-SA:2002:032: xf86

The remote host is missing the patch for the advisory SUSE-SA:2002:032 xf86. The xf86 package contains various libraries and programs which are fundamental for the X server to function. The libX11.so library from this package dynamically loads other libraries where the pathname is controlled by t...

Mozilla fails to restrict access to the "shell:" URI handler

Overview A vulnerability in the way Mozilla and its derived programs handle certain types of links could allow an attacker to run local programs on a vulnerable system. Description Versions of the Mozilla, Firefox, and Thunderbird programs for Microsoft Windows will handle URIs of the form shell:...

CVE-2003-1041

Internet Explorer 5.x and 6.0 allows remote attackers to execute arbitrary programs via a modified directory traversal attack using a URL containing ".." dot dot sequences and a filename that ends in "::" which is treated as a .chm file even if it does not have a .chm extension. NOTE: this bug ma...

cvs

New cvs packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a buffer overflow vulnerability which could allow an attacker to run arbitrary programs on the CVS server. Sites running a CVS server should upgrade to the new CVS package right away. More details about this issue may...

CVE-2004-0364

The WrapNISUM ActiveX component WrapUM.dll in Norton Internet Security 2004 is marked safe for scripting, which allows remote attackers to execute arbitrary programs via the LaunchURL method...

CVE-2004-0186

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted...