DSA-463 samba - privilege escalation

Bulletin has no description...

CVE-2004-0127

Directory traversal vulnerability in editconfiggedcom.php for phpGedView 2.65.1 and earlier allows remote attackers to read arbitrary files or execute arbitrary PHP programs on the server via .. dot dot sequences in the gedcomconfig parameter...

CVE-2003-1291

VMware ESX Server 1.5.2 before Patch 4 allows local users to execute arbitrary programs as root via certain modified VMware ESX Server environment variables...

CVE-2003-1378

Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone set to Internet Zone, allows remote attackers to execute arbitrary programs via an HTML email with the CODEBASE parameter set to the program, a vulnerability similar to CAN-2002-0077...

CVE-2003-0089

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as 1 swinstall and 2 swmodify...

CVE-2001-1411

Format string vulnerability in gm4 aka m4 on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs...

NSFOCUS SA2003-08: HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NSFOCUS Security AdvisorySA2003-08 Topic: HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability Release Date: 2003-11-13 CVE CAN ID: CAN-2003-0090 http://www.nsfocus.com/english/homepage/research/0308.htm Affected system:...

NSFOCUS SA2003-08: HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NSFOCUS Security AdvisorySA2003-08 Topic: HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability Release Date: 2003-11-13 CVE CAN ID: CAN-2003-0090 http://www.nsfocus.com/english/homepage/research/0308.htm Affected system:...

CVE-2001-1411

Format string vulnerability in gm4 aka m4 on Mac OS X may allow local users to gain privileges if gm4 is called by setuid programs...

CVE-2001-1411

CVE-2001-1411 describes a format string vulnerability in gm4 (m4) on Mac OS X. The flaw may allow local users to gain privileges if gm4 is executed by setuid programs. The vulnerability is triggered through improper handling of format strings in gm4, leading to potential privilege escalation. The...

CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

DEBIAN-CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

Man Utility 2.3.19 - Local Compression Program Privilege Escalation

source: https://www.securityfocus.com/bid/8675/info A vulnerability has been reported in man that may allow an attacker to gain elevated privileges. The problem lies in man failing to carry out sufficient sanity checks before executing a user-defined compression program. As a result, it may be...

CVE-2003-0742

CVE-2003-0742 affects SCO Internet Manager (mana). Local users can trigger menu.mana to run in the context of ncsa_httpd by exporting REMOTE_ADDR and then modify PATH to point to a malicious hostname program, enabling arbitrary program execution with root privileges on OpenServer 5.0.5–5.0.7. The...

CVE-2003-0709

Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option...

[SECURITY] [DSA-358-4] New kernel packages fix potential "oops"

-------------------------------------------------------------------------- Debian Security Advisory DSA 358-4 [email protected] http://www.debian.org/security/ Matt Zimmerman August 13th, 2003 http://www.debian.org/security/faq -...

Symantec Norton AntiVirus 20022003 - Device Driver Memory Overwrite

Symantec Norton AntiVirus 20022003 - Device Driver Memory Overwrite source: https://www.securityfocus.com/bid/8329/info It has been reported that a memory corruption vulnerability affects the Symantec Norton AntiVirus Device Driver. According to the report, one of the device control operation...

Symantec Norton AntiVirus 2002/2003 - Device Driver Memory Overwrite

source: https://www.securityfocus.com/bid/8329/info It has been reported that a memory corruption vulnerability affects the Symantec Norton AntiVirus Device Driver. According to the report, one of the device control operation handlers attempts to write data to an address offset from a pointer...

Solaris ld.so.1 buffer overflow

OVERVIEW ======== There is a buffer overflow vulnerability in the Solaris runtime linker, /lib/ld.so.1. A local user can gain elevated privileges if there are any dynamically linked, executable SUID/SGID programs in the filesystem. On a typical Solaris installation most or all SUID/SGID programs...

CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...