7551 matches found
CVE-2001-0371
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information...
CVE-2001-1037
Cisco SN 5420 Storage Router 1.13 and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged...
CVE-1999-1204
Check Point Firewall-1 does not properly handle certain restricted keywords e.g., Mail, auth, time in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator...
CVE-2001-0816
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorizedkeys2 command= restrictions using sftp commands...
CVE-2001-0816
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorizedkeys2 command= restrictions using sftp commands...
CVE-2001-1461
Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, Windows NT and Windows 2000 allows attackers to access restricted resources via URL-encoded 1 /.. or 2 .. sequences...
Citrix Client Access Verification
Your professional opinions are appreciated. About a month ago I had posted the below as a Citrix Client Access Advisory and got several responses to the fact that it either it was not a valid vulnerabilty or that it was a default configuration problem. which may be true. but consider this. The...
OpenSSH: sftp & bypassing keypair auth restrictions
OpenSSH: sftp-server & bypassing keypair auth restrictions Summary: If you 1 are using keypairs and /.ssh/authorizedkeys2 to enable remote execution of commands via OpenSSH's sshd and 2 have sshd configured to provide sftp service via the sftp-server subsystem, then clients who have access with...
CVE-1999-1347
CVE-1999-1347 affects Red Hat Linux 6.1 and earlier. The vulnerability arises in Xsession, where local users with restricted accounts can bypass execution of the .xsession file by starting a desktop session (KDE, GNOME or similar) from KDM. This bypass allows the user to run with the environmenta...
CVE-2001-1407
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug...
CVE-2001-0371
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information...
Vulnerability in TYPSoft FTP Server
----- Begin Hush Signed Message from [email protected] ----- Vulnerability in TYPSoft FTP Server Overview TYPSoft FTP Server v0.85 is an ftp server available from http://www.webmasterfree.com and http://typsoft.n3.net. A vulnerability exists which allows a remote attacker to break out of the...
datawizards ftpxq 2.0.93 - Directory Traversal
datawizards ftpxq 2.0.93 - Directory Traversal source: https://www.securityfocus.com/bid/2426/info FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies. A problem in the software could allow access to...
datawizards ftpxq 2.0.93 - Directory Traversal
source: https://www.securityfocus.com/bid/2426/info FtpQX is a ftp daemon designed to provide ftp services for Microsoft Operating Systems. It is maintained and distributed by Datawizard Technologies. A problem in the software could allow access to restricted resources. Due to insufficient input...
Дырка в GroupWise client
Пользователь может получить доступ к файлам, доступ к которым запрещен системной политикой используя файлы в качестве вложения в письмо...
Дырка в SiteMinder
С помощью специально сконструированной URL можно получить доступ к закрытым документам, кроме того, можно получить исходные тексты CGI-приложений...
Security Bulletin (MS00-057)
Microsoft Security Bulletin MS00-057 - -------------------------------------- Patch Available for "File Permission Canonicalization" Vulnerability Originally posted: August 10, 2000 Summary ======= Microsoft has released a patch that eliminates a security vulnerability in Microsoftr Internet...
CVE-2000-0030
Solaris dmispd dmicmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database...
bugzpladv1_eng.txt
0x15.0x05.Y2K ------------------------------------- BugzPL ADVISORY 1, final version ------------------------------------- Bypassing restricted bash for fun and profit ; I. Introduction bash-2 gives us a possibility to use a shell in restricted mode. This mode can be initiated using several metho...
NTMail Proxy Exploit
NTmail version 5.x possibly other versions, I haven't checked has two web functions. One is a web configuration server which lets you configure the mail server via a browser. The other is it can also work as a proxy server. These two functions are set by default to use two different ports 8000 fo...