CVE-2012-10022

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...

CVE-2025-46093

LiquidFiles before 4.1.2 is affected. The vulnerability stems from FTP SITE CHMOD handling (mode 6777: setuid/setgid) which can allow FTPDrop users to execute arbitrary code as root by abusing the Actionscript feature and the sudoers configuration. Affected software: LiquidFiles prior to 4.1.2. I...

CVE-2012-10022

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...

CVE-2012-10022 Kloxo <= 6.1.12 Local Privilege Escalation

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...

CVE-2012-10022

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...

CVE-2012-10022 Kloxo <= 6.1.12 Local Privilege Escalation

Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits execution of arbitrary commands as root if the invoking user matches uid 48. This flaw enables attacker...

CVE-2012-10022

CVE-2012-10022 affects Kloxo 6.1.12 and earlier. It involves two setuid root binaries, lxsuexec and lxrestart; lxsuexec performs a uid check and allows execution of commands as root when the invoking user has uid 48, enabling local privilege escalation from a user with Apache-level access without...

PT-2025-31681 · Kloxo · Kloxo

Name of the Vulnerable Software and Affected Versions: Kloxo versions 6.1.12 and earlier Description: Kloxo versions 6.1.12 and earlier contain two setuid root binaries—lxsuexec and lxrestart—that allow local privilege escalation from uid 48. The lxsuexec binary performs a uid check and permits...

RockyLinux 8 : glibc (RLSA-2025:8686)

The remote RockyLinux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2025:8686 advisory. glibc: static setuid binary dlopen may incorrectly search LDLIBRARYPATH CVE-2025-4802 Tenable has extracted the preceding description block directly from the...

SUSE CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges...

ROS-20250722-04

Vulnerability of the glibc system library dlopen function is related to the use of an insecure search path for executable programs when processing the LDLIBRARYPATH variable. executable programs when processing the LDLIBRARYPATH variable. Exploitation of the vulnerability could allow an attacker...

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries.

...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...

CentOS 9 : ncurses-6.2-12.20210508.el9

The remote CentOS Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ncurses-6.2-12.20210508.el9 build changelog. - ncurses before 6.4 20230408, when used by a setuid application, allows local users to trigger security- relevant memory corruptio...

CVE-2025-49809

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

CVE-2025-49809

mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTRPACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries...

glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH

A flaw was found in the glibc library. A statically linked setuid binary that calls dlopen, including internal dlopen calls after setlocale or calls to NSS functions such as getaddrinfo, may incorrectly search LDLIBRARYPATH to determine which library to load, allowing a local attacker to load...

CLSA-2025-1750784684 Fix CVE(s): CVE-2025-4802

SECURITY UPDATE: Untrusted LDLIBRARYPATH environment variable vulnerability - debian/patches/any/CVE-2025-4802.patch: Ignore LDLIBRARYPATH and debug env var for setuid for static - CVE-2025-4802...

CLSA-2025-1750697072 glibc: Fix of CVE-2025-4802

CVE-2025-4802: fix issue of untrusted LDLIBRARYPATH environment variable vulnerability by restricting loading of dynamically shared libraries in statically compiled setuid binaries...

libblockdev: LPE from allow_active to root in libblockdev via udisks

A Local Privilege Escalation LPE vulnerability was found in libblockdev. Generally, the "allowactive" setting in Polkit permits a physically present user to take certain actions based on the session type. Due to the way libblockdev interacts with the udisks daemon, an "allowactive" user on a syst...