738 matches found
Frox 0.7.18 - Arbitrary Configuration File Access
source: https://www.securityfocus.com/bid/14711/info Frox is prone to a vulnerability that permits read access to arbitrary files. Successful exploitation of this vulnerability will grant the attacker read access to arbitrary files on the system in the security context of the Frox process...
CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...
DEBIAN-CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...
CVE-2005-2541
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...
CVE-2001-1564
CVE-2001-1564 affects HP-UX kernels prior to some later patch levels (versions 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11). The issue is that setrlimit does not correctly enforce core file size after the process drops setuid/setgid privileges, which could allow a local user to cause a den...
CVE-2005-2072
CVE-2005-2072 affects the runtime linker (ld.so) in Solaris 8, 9, and 10, where LD_AUDIT in setuid/setgid contexts can be abused to gain privileges (including by using a long LD_AUDIT value). Connected advisories list vendor patches addressing this: Solaris 8/9/10 patches 109147-44, 109148-42, 11...
CVE-2005-2072
The runtime linker ld.so in Solaris 8, 9, and 10 trusts the LDAUDIT environment variable in setuid or setgid programs, which allows local users to gain privileges by 1 modifying LDAUDIT to reference malicious code and possibly 2 using a long value for LDAUDIT...
CVE-2002-1871
pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid root if the pkgmap file contains a "?" question mark in the 1 mode, 2 owner, or 3 group fields, which allows attackers to elevate privileges...
CVE-2005-0602
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges...
DEBIAN-CVE-2005-0602
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges...
CVE-2005-0970
Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts...
CVE-2005-0602
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges...
CVE-2005-0970
CVE-2005-0970 concerns Mac OS X 10.3.x and earlier where users can install, create, and execute setuid/setgid scripts, enabling unauthorized activities with escalated privileges through vulnerable scripts. The vulnerability is described as a design flaw in script handling that allows set-user IDs...
CVE-2005-0602
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges...
CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
DEBIAN-CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...
typespeed keyboard touch-typist trainer format string bug
Format string bug in setgid games application...
CVE-2004-2312
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument...
rockdodger -- buffer overflows
The environment variable HOME is copied without regard to buffer size, which can be used to gain elevated privilege if the binary is installed setgid games, and a string is read from the high score file without bounds check. The port installs the binary without setgid, but with a world-writable...