3209 matches found
HP-UX 1011 - NLSPATH Environment Variable Format String (1)
HP-UX 1011 - NLSPATH Environment Variable Format String 1 // source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker coul...
HP-UX 10/11 - NLSPATH Environment Variable Format String (2)
// source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path for a message catalogue, which...
HP-UX 10/11 - NLSPATH Environment Variable Format String (1)
// source: https://www.securityfocus.com/bid/8985/info HP-UX allows the NLSPATH to be set for setuid root programs, which use catopen3C and may be executed by other local users. This could result in privilege escalation as an attacker could specify an arbitrary path for a message catalogue, which...
XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3)
// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploi...
CVE-2003-0019
umlnet in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode...
cPanel 5.0 - Openwebmail Local Privilege Escalation
cPanel 5.0 - Openwebmail Local Privilege Escalation source: https://www.securityfocus.com/bid/6885/info It has been reported that cPanels' openwebmail package, distributed as part of the cPanel CGI application, is vulnerable to an external file include vulnerability. Exploitation of this issue ma...
CVE-2002-2092
Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and earlier, and FreeBSD 4.4 and earlier allows local users to gain privileges by attaching a debugger to a process before the kernel has determined that the process is setuid or setgid...
CVE-2002-2023
The getparameterfromfreqencysource function in beep2 1.0, 1.1 and 1.2, when installed setuid root, allows local users to read arbitrary files via unknown attack vectors...
CVE-2002-1963
Linux kernel 2.4.1 through 2.4.19 sets root's NRRESERVEDFILES limit to 10 files, which allows local users to cause a denial of service resource exhaustion by opening 10 setuid binaries...
CVE-2002-2334
Joe text editor 2.8 through 2.9.7 does not remove the group and user setuid bits for backup files, which could allow local users to execute arbitrary setuid and setgid root programs when root edits scripts owned by other users...
CVE-2002-2396
Buffer overflow in Advanced TFTP atftp 0.5 and 0.6, if installed setuid or setgid, may allow local users to execute arbitrary code via a long argument to the -g option...
DEBIAN-CVE-2002-1896
Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, allows local users to execute arbitrary code via a long 1 -f or 2 -o command line argument...
iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 11.08.02b: http://www.idefense.com/advisory/11.08.02b.txt Non-Explicit Path Vulnerability in QNX Neutrino RTOS November 8, 2002 I. BACKGROUND QNX Software Systems Ltd.'s Neutrino RTOS QNX is a real-time operating system...
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has bee...
QNX RTOS 6.2 - Application Packager Non-Explicit Path Execution
source: https://www.securityfocus.com/bid/6146/info A vulnerability has been discovered in an application packager shipped with QNX RTOS. It should be noted that the vulnerable packager is installed setuid root by default. It has been reported that the packager fails to use absolute paths to...
Abuse 2.0 - Local Buffer Overflow
Abuse 2.0 - Local Buffer Overflow / source: https://www.securityfocus.com/bid/6094/info Vulnerabilities have been discovered in two files used by Abuse. By passing an execessively long commandline argument to Abuse, it is possible to overrun a buffer. Exploiting this issue could allow a local...
Abuse 2.0 - Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/6094/info Vulnerabilities have been discovered in two files used by Abuse. By passing an execessively long commandline argument to Abuse, it is possible to overrun a buffer. Exploiting this issue could allow a local attacker to overwrite sensitive memor...
Sun Solaris asppls(1M) vulnerable to arbitrary file overwriting via symlink redirection of temporary file
Overview Sun Solaris asppls1M creates temporary files insecurely, leading to possible local root compromise. Description Sun Microsystems describes the function of asppls1M as follows:aspppd is the link manager for the asynchronous data link protocol specified in RFC1331, The Point-to-Point...
AlsaPlayer 0.99.71 - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/5767/info Alsaplayer is a PCM player that utilizes the ALSA libraries and drivers. It is availabe for Linux and Unix platforms. A vulnerability has been discovered in Alsaplayer. By specifying an overly long "add-on path", it is possible for an attacke...
X11 vulnerable to buffer overflow in handling of -xrm option
Overview The X11 library included with many UNIX variants contains a buffer-overflow vulnerability that may allow attackers to gain root privileges. Description The X11 library contains an unspecified buffer-overflow vulnerability. Programs that use this library and accept the -xrm option includi...