CVE-2008-1483

OpenSSH 4.3p2, and probably other versions, allows local users to hijack forwarded X connections by causing ssh to set DISPLAY to :10, even when another process is listening on the associated port, as demonstrated by opening TCP port 6010 IPv4 and sniffing a cookie sent by Emacs...

PYSEC-2008-10

The xml-rpc server in Roundup 1.4.4 does not check property permissions, which allows attackers to bypass restrictions and edit or read restricted properties via the 1 list, 2 display, and 3 set methods...

DEBIAN-CVE-2008-1468

Cross-site scripting XSS vulnerability in namazu.cgi in Namazu before 2.0.18 allows remote attackers to inject arbitrary web script or HTML via UTF-7 encoded input, related to failure to set the charset, a different vector than CVE-2004-1318 and CVE-2001-1350. NOTE: some of these details are...

NULL dereference in iwl driver

The iwlsetrate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwlgethwmode return value without checking for NULL, which might allow remote attackers to cause a denial of service kernel panic via unspecified vectors during module initialization...

IBM DB2数据库db2db本地权限提升漏洞

BUGTRAQ ID: 27680 CVECAN ID: CVE-2007-5757 IBM DB2是一个大型的商业关系数据库系统，面向电子商务、商业资讯、内容管理、客户关系管理等应用，可运行于AIX、HP-UX、Linux、Solaris、Windows等系统。 在设置DB2INSTANCE环境变量的时候，libdb2库会使用相关用户的目录而不是DB2例程目录，这会允许本地非特权用户控制一些set-uid root二进制程序所操作的目录结构。...

Cross site request forgery (csrf)

SNMPd in MikroTik RouterOS 3.2 and earlier allows remote attackers to cause a denial of service daemon crash via a crafted SNMP SET request...

MicroTik RouterOS 3.2 - SNMPd snmp-set Denial of Service

MicroTik RouterOS 3.2 - SNMPd snmp-set Denial of Service / -------------------------------------------------------------------------- c ShadOS 2008 | || || | | |/ / | || | | / - | | ' | ' | / | ' \ - |||||||\|||, |||// hellknights.void.ru |/ .0x48k...

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

panic caused by set_mempolicy with MPOL_BIND

The Linux kernel 2.6.9 before 2.6.9-67 in Red Hat Enterprise Linux RHEL 4 on Itanium ia64 does not properly handle page faults during NUMA memory access, which allows local users to cause a denial of service panic via invalid arguments to setmempolicy in an MPOLBIND operation...

IBM AIX swap命令本地缓冲区溢出漏洞

BUGTRAQ ID: 27432 IBM AIX是一款商业性质的UNIX操作系统。 AIX的swap命令工具集实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 AIX的swap命令用于激活和关闭paging space，其主文件集为bos.rte.control。以下bos.rte.control文件集命令存在缓冲区溢出漏洞。如果本地攻击者执行了这些命令的话： /usr/sbin/swap /usr/sbin/swapoff /usr/sbin/swapon...

IBM AIX逻辑卷标管理器多个命令本地缓冲区溢出漏洞

BUGTRAQ ID: 27431 IBM AIX是一款商业性质的UNIX操作系统。 AIX的逻辑卷标管理命令工具集实现上存在缓冲区溢出漏洞，本地攻击者可能利用此漏洞提升自己的权限。 AIX的逻辑卷标管理器提供了一套用于管理逻辑卷标的工具。逻辑卷标管理器的bos.rte.lvm和bos.clvm.enh命令中存在缓冲区溢出漏洞。如果本地攻击者执行了以下bos.rte.lvm命令： /usr/sbin/lchangevg /usr/sbin/ldeletepv /usr/sbin/putlvodm /usr/sbin/lvaryoffvg /usr/sbin/lvgenminor...

CVE-2008-0375

Unspecified vulnerability in OKI C5510MFP Printer CU H2.15, PU 01.03.01, System F/W 1.01, and Web Page 1.00 allows remote attackers to set the password and obtain administrative access via unspecified vectors...

Coppermine Photo Gallery 1.4.10 - SQL Injection

Coppermine Photo Gallery 1.4.10 - SQL Injection table prefix\n"; print " - hostname\n"; print " - web dirname \n"; print " - force mode - '0' - for Off or "album number" for force mode On \n"; print " table prefix - prefix of sql tables\n"; print " example: " . $argv0 . " coppermine.site photo/ 1...

Ubuntu 6.06 LTS / 6.10 / 7.04 / 7.10 : postgresql vulnerabilities (USN-568-1)

Nico Leidecker discovered that PostgreSQL did not properly restrict dblink functions. An authenticated user could exploit this flaw to access arbitrary accounts and execute arbitrary SQL queries. CVE-2007-3278, CVE-2007-6601 It was discovered that the TCL regular expression parser used by...

Design/Logic Flaw

admin.php in UploadImage 1.0 does not check for the original password before making a change to a new password, which allows remote attackers to gain administrator privileges via the pass parameter in a nopass Set Password action...

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

PostgreSQL privilege escalation

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

CVE-2007-6600

PostgreSQL 8.2 before 8.2.6, 8.1 before 8.1.11, 8.0 before 8.0.15, 7.4 before 7.4.19, and 7.3 before 7.3.21 uses superuser privileges instead of table owner privileges for 1 VACUUM and 2 ANALYZE operations within index functions, and supports 3 SET ROLE and 4 SET SESSION AUTHORIZATION within inde...

DEBIAN-CVE-2007-6562

Multiple stack-based buffer overflows in the use of FDSET in TCPreen before 1.4.4 allow remote attackers to cause a denial of service via multiple concurrent connections, which result in overflows in the 1 SocketAddress::Connect function in libsolve/sockprot.cpp and 2 monitorbridge function in...

WinRAR 3.30 Long Filename Buffer Overflow Exploit

No description provided by source. / WinRAR Buffer Overflow 3.30 Exploit Bug founded by: Vredited By Alpha Programmer & Trap-Set U.H Team Exploit made by: K4P0 Contact: [email protected] / include stdio.h include windows.h int mainvoid char EvilBuff1024; // Normal cmd.exe shellcode...