CVE-2002-0939

The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user module protection only...

CVE-2002-0940

This CVE concerns domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54, where the software does not use Operator Card Set protected keys when the user requests them if the Operator Card Set has not been generated. The outcome is a lower protection level than the user-specified module protecti...

CVE-2002-0940

domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use Operator Card Set protected keys when the user requests them but does not generate the Operator Card Set, which results in a lower protection level than specified by the user module protection only...

CVE-2002-0939

The CVE applies to the Install Wizard for nCipher MSCAPI CSP 5.50. The issue is that when a user requests Operator Card Set protected keys but does not actually generate the Operator Card Set, the wizard ends up using only module protection rather than the higher protection level that the user in...

DEBIAN-CVE-2002-0740

Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d SPOOLDIR argument...

nCipher Advisory #3: MSCAPI keys erroneously module-protected - update

nCipher Security Advisory No. 3 | Windows 2000 keys unexpectedly only module-protected | ==================================================== | | UPDATED - VERSION 2 | Changes are marked with |' at the right. | | | SUMMARY ======= In certain circumstances, the nCipher MSCAPI CSP Install Wizard...

CVE-2001-0488

This CVE concerns HP-UX 10.x where the pcltotiff utility has setgid permissions (sgid bin) to read fonts, allowing local users to cause denial of service. The root cause is insecure sgid settings on /opt/sharedprint/bin/pcltotiff, as described in HP advisory HPSBUX0104-149. Impact is local DoS; n...

CVE-1999-1413

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...

CVE-1999-1413

Solaris 2.4 before patching, prior to the kernel jumbo patch -35, is vulnerable. Set-gid programs can dump core even if the real user is not in the set-gid group, enabling local privilege escalation through a core dump (e.g., via dmesg). The connected documents confirm the vulnerability details; ...

CVE-1999-1413

Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to dump core even if the real user id is not in the set-gid group, which allows local users to overwrite or create files at higher privileges by causing a core dump, e.g. through dmesg...

Переполнения буфера в утилитах Caldera Open Unix (buffer overflow)

Переполнения буфера во многих suid-утилитах...

CVE-2001-0488

pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service...

CVE-2001-0081

swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys...

CVE-2001-0081

Technical details about CVE-2001-0081 are not publicly provided in the supplied documents. Monitor for updates from vendors and security advisories.

CVE-2001-0081

swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys...

gtk+ security hole.

while going through a quick audit of gtk i found: gtk+ can be tricked into running arbitrary code via a bogus module. this means any program using gtk that is setid can be exploited via this method. here is an exploit i wrote for this security hole: original xgtk.cworking/un-wrapped:...

Уязвимость в Oracle Listener

Используя команды SET TRCFILE или SET LOGFILE пользователь может перезаписать любой файл своими данными...

iis-unicode.txt

Recently I received an email from Par Osterberg that directed my attention to a post in the Packetstorm forums: http://209.143.242.119/cgi-bin/cbmc/forums.cgi?authkey=anonymous&uname=anonymous&datopic=Windows&mesgcheck=defined&gum=474&editoron= An anonymous person posts that they can run arbitrar...

CVE-1999-0889

Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set...

CVE-1999-0745

This CVE concerns a buffer overflow in the Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler. The affected component is the PDNSD service used as part of the Source Code Browser on IBM AIX with the C Set ++ toolchain. The description consistently ci...