CVE-2000-1156

StarOffice 5.2 follows symlinks and sets world-readable permissions for the /tmp/soffice.tmp directory, which allows a local user to read files of the user who is using StarOffice...

CVE-2000-0936

Samba Web Administration Tool SWAT in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords...

CVE-2000-1127

registrar in the HP resource monitor service allows local users to read and modify arbitrary files by renaming the original registrar.log log file and creating a symbolic link to the target file, to which registrar appends log information and sets the permissions to be world readable...

Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak

Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak source: https://www.securityfocus.com/bid/2044/info Ptrace is a unix system call that is used to analyze running processes, usually for breakpoint debugging. The linux implementation of ptrace in 2.2.x kernels and possibly earli...

Linux Kernel 2.2.x - Non-Readable File Ptrace Local Information Leak

source: https://www.securityfocus.com/bid/2044/info Ptrace is a unix system call that is used to analyze running processes, usually for breakpoint debugging. The linux implementation of ptrace in 2.2.x kernels and possibly earlier versions contains a vulnerability that may allow an attacker to ga...

vixie cron...

Attached shell-script exploits fopen + preserved umask vulnerability in Paul Vixie's cron code. It will work on systems where /var/spool/cron is user-readable eg. 0755 - AFAIR Debian does so. RedHat at least 6.1 and previous have mode 0700 on /var/spool/cron, and thus it isn't exploitable in its...

hpux.10.20.644.txt

Problem: on HP-UX 10.20 you can change any file on the root partition to mode 644: $ uname -sr HP-UX B.10.20 $ cd /etc/opt/resmon/log $ mv registrar.log registrar.log.orig $ ls -l /.shhistory -rw------- 1 root sys 3316 Sep 20 15:22 /.shhistory $ ln /.shhistory registrar.log $ nc hpux.example.com...

HP-UX 10.20 resource monitor service

Problem: on HP-UX 10.20 you can change any file on the root partition to mode 644: $ uname -sr HP-UX B.10.20 $ cd /etc/opt/resmon/log $ mv registrar.log registrar.log.orig $ ls -l /.shhistory -rw------- 1 root sys 3316 Sep 20 15:22 /.shhistory $ ln /.shhistory registrar.log $ nc hpux.example.com...

CVE-2000-0164

The installation of Sun Internet Mail Server SIMS creates a world-readable file that allows local users to obtain passwords...

CVE-2000-0552

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information...

CVE-2000-0458

The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information...

thttpd ssi: retrieval of arbitrary world-readable files

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi [email protected] Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description...

Дыркав WebDATA

Пользователь может импортировать в базу любой открытый на чтение локальный файл и получить к нему доступ...

thttpd-219.txt

thttpd 2.19 and earlier server-side-includes CGI program ssi allows retrieval of arbitrary world-readable files Date: October 2, 2000 Application: thttpd 2.19 and before Author: ghandi Vendor Status: merged patches into thttpd 2.20 Fix: upgrade into thttpd 2.20 1. Description The included cgi-bin...

SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure

SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure source: https://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. It is possible for a remote user ...

SmartWin CyberOffice Shopping Cart 2.0 - Client Information Disclosure

source: https://www.securityfocus.com/bid/1734/info Smartwin Technology CyberOffice Shopping Cart is a shopping cart application for e-commerce enabled websites running Windows NT 4.0 or 2000. It is possible for a remote user to gain read access to the private directory on a website running...

MultiHTML 1.5 - File Disclosure

MultiHTML 1.5 - File Disclosure source: https://www.securityfocus.com/bid/6711/info MultiHTML is prone to a file disclosure vulnerability. It is possible for remote attackers to issue requests which are capable of disclosing sensitive webserver readable resources on the system hosting the softwar...

SCO scohelhttp documentation webserver exposes local files

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ====================================================================== Defcom Labs Advisory def-2000-01 UnixWare 7 scohelphttp exposes local files Author: Olle Segerdahl [email protected] Release Date: 2000-09-11...

CVE-2000-0361

The CVE-2000-0361 issue affects wvdial 1.4 and earlier, where the PPP wvdial.lxdialog script creates a .config file with world-readable permissions. This allows a local attacker who is in the dialout group to access login credentials stored in that file. The available connected sources confirm th...

CVE-2000-0361

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information...