2332 matches found
CVE-2002-1420
OpenBSD 3.1 and earlier are affected by a local privilege escalation due to an integer signedness error in select(2): a negative size value passes the boundary check as signed but is then used as unsigned during a data copy, allowing a local user to overwrite kernel memory. Impact: local code/ker...
CVE-2004-0709
HP OpenView Select Access 5.0 through 6.0 does not correctly decode UTF-8 encoded unicode characters in a URL, which could allow remote attackers to bypass access restrictions...
[security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 HP SECURITY BULLETIN HPSBMA01045 REVISION: 0 SSRT4719 rev.0 hp OpenView Select Access remote unauthorized access ----------------------------------------------------------------- NOTICE: There are no restrictions for distribution of this Bulletin...
HP OpenView Select Access fails to properly decode UTF-8 encoded unicode characters in URLs
Overview There is a vulnerability in the way HP OpenView Select Access decodes UTF-8 encoded unicode characters in URLs. This vulnerability could allow a remote user to gain access to resources the user would otherwise be unauthorized to access. Description HP OpenView Select Access is a software...
DoS против MDaemon (imap buffer overflow)
Переполнение буфера в команде Select пользователь должен быть авторизован...
CVE-2003-0399
Vignette StoryServer 4 and 5, Vignette V/5, and possibly other versions allows remote attackers to perform unauthorized SELECT queries by setting the vgncreds cookie to an arbitrary value and directly accessing the save template...
S21SEC-017 - Vignette /vgn/legacy/save SQL access
ID: S21SEC-017-en Title: Vignette /vgn/legacy/save SQL access Date: 15/03/2003 Status: Vendor contacted and solution available Scope: Execution of SQL SELECT calls Platforms: All Author: rpinuaga Location: http://www.s21sec.com/es/avisos/s21sec-017-en.txt Release: External S 2 1 S E C...
MySQL privelege escalation
By spoofing datadir/my.cnf with SELECT INTO it's possible to launch MySQL with any account, including root...
openbsd-select-bug.txt
Hi there, Recently a bug in the select syscall of openbsd was published. This text describes the details and the eventual exploitation of this bug. First of all let us look at the definition of select: int selectint nfds, fdset readfds, fdset writefds, fdset exceptfds, struct timeval timeout; The...
OpenBSD contains buffer overflow in "select" call
Overview A locally exploitable buffer overflow exists in all versions of OpenBSD. Description The buffer overflow exists in the select2 system call. The overflow occurs if select is supplied with arbitrary negative values. --- Impact Local users can gain system privileges and execute code in the...
Signed/unsigned conversion bug in OpenBSD select() call
By passing negative argument to select function it's possible to overwrite the fragment of kernel memory...
PT-1999-1082 · Netbsd · Netbsd
Name of the Vulnerable Software and Affected Versions: NetBSD affected versions not specified Description: A race condition exists between the select and accept calls in NetBSD TCP servers, allowing remote attackers to cause a denial of service. Recommendations: At the moment, there is no...