CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

DEBIAN-CVE-2003-0390

Multiple buffer overflows in Options Parsing Tool OPT shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed into macros such as optwarn2, as used in functions such as optatoi...

CVE-2003-0390

CVE-2003-0390 is a vulnerability in the Options Parsing Tool (OPT) shared library ≤ 3.18 used by setuid programs. It describes multiple buffer overflows triggered by long command line options fed into macros such as opt_warn_2 (used in opt_atoi), enabling local arbitrary code execution. The provi...

CVE-2002-1469

scponly does not properly verify the path when finding the 1 scp or 2 sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs...

seti@home remotely exploitable buffer overflow

The seti@home client contains a buffer overflow in the HTTP response handler. A malicious, spoofed seti@home server can exploit this buffer overflow to cause remote code execution on the client. Exploit programs are widely available...

CVE-2002-0246

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LCMESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint...

CVE-2002-0532

EMU Webmail allows local users to execute arbitrary programs via a .. dot dot in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters...

HP-UX 1011 - NLSPATH Environment Variable Format String (2)

HP-UX 1011 - NLSPATH Environment Variable Format String 2 // source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker coul...

HP-UX 1011 - NLSPATH Environment Variable Format String (1)

HP-UX 1011 - NLSPATH Environment Variable Format String 1 // source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker coul...

HP-UX 10/11 - NLSPATH Environment Variable Format String (2)

// source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path for a message catalogue, which...

Online tax programs information leak

No description provided...

EUVD-2002-1393

Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to 1 delete entries via direct access of admin.cgi, or 2 reconfigure Guestbook via direct access of config.cgi...

OpenBSD 2.x3.x - CHPass Temporary File Link File Content Revealing

OpenBSD 2.x3.x - CHPass Temporary File Link File Content Revealing source: https://www.securityfocus.com/bid/6748/info It has been reported that a problem with chpass included with OpenBSD may allow local users to gain access to the content of specific files. This vulnerability requires that line...

CVE-2002-2063

AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames...

CVE-2002-2352

The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs...

CVE-2002-1184

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access Everyone:F and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan hor...

DSA-188 apache-ssl - several vulnerabilities

Bulletin has no description...

Multiple compilers "erased" memory reading

Multiple secure programs use something like memsetbuf, 0, len to erase keys, passwords, etc from memory. The problem is this code can be eliminated by compiler during optimization process...

[CLA-2002:529] Conectiva Linux Security Announcement - XFree86

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : XFree86 SUMMARY : Local vulnerabilities DATE :...

X11 vulnerable to buffer overflow in handling of -xrm option

Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...