DSA-1173-1 openssl - cryptographic weakness

Bulletin has no description...

SUSE Security Announcement: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx (SUSE-SA:2006:007)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SUSE Security Announcement Package: binutils,kdelibs3,kdegraphics3,koffice,dia,lyx Announcement ID: SUSE-SA:2006:007 Date: Fri, 10 Feb 2006 15:00:00 +0000 Affected Products: Novell Linux Desktop 9 SUSE LINUX 10.0 SUSE LINUX 9.3 SUSE LINUX 9.2 SUSE LIN...

[ GLSA 200512-18 ] XnView: Privilege escalation

Gentoo Linux Security Advisory GLSA 200512-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...

[SA18235] XnView / NView Insecure RPATH Vulnerability

TITLE: XnView / NView Insecure RPATH Vulnerability SECUNIA ADVISORY ID: SA18235 VERIFY ADVISORY: http://secunia.com/advisories/18235/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: XnView 1.x http://secunia.com/product/6705/ NView 4.x...

CVE-2005-0627

Qt before 3.3.4 searches the BUILDPREFIX directory, which could be world-writable, to load shared libraries regardless of the LDLIBRARYPATH environment variable, which allows local users to execute arbitrary programs...

CVE-2005-0627

Qt before 3.3.4 searches the BUILDPREFIX directory, which could be world-writable, to load shared libraries regardless of the LDLIBRARYPATH environment variable, which allows local users to execute arbitrary programs...

CVE-2005-0227

PostgreSQL pgsql 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension...

security flaw

PostgreSQL pgsql 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension...

CVE-2005-0227

CVE-2005-0227 affects PostgreSQL versions 7.4.x, 7.2.x and related builds. It allows a local user to load arbitrary shared libraries and execute code via the LOAD extension, enabling partial confidentiality and integrity impact and potential service impact. The vulnerability is tied to the abilit...

Vulnerability in core server (CVE-2005-0227)

Any database user is permitted to load arbitrary shared libraries using the LOAD command. A valid login is required to exploit this vulnerability...

PT-2005-1308 · Postgresql +1 · Postgresql +1

Name of the Vulnerable Software and Affected Versions: PostgreSQL versions 7.2.x through 7.4.x PostgreSQL affected versions not specified Description: The issue allows local users to load arbitrary shared libraries and execute code via the LOAD extension. Any database user is permitted to load...

CVE-2003-1052

IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modifying the shared libraries that are used in setuid root programs...

RHEL 2.1 : glibc (RHSA-2004:383)

Updated glibc packages that fix a security flaw in the resolver as well as dlclose handling are now available. The GNU libc packages known as glibc contain the standard C libraries used by applications. A security audit of the glibc packages in Red Hat Enterprise Linux 2.1 found a flaw in the...

CVE-2004-0530

The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a static library, includes /tmp in the search path, which allows local users to execute arbitrary code as the PHP user by inserting shared libraries into the appropriate path...

PHP local security issue

New PHP packages are available for Slackware 8.1, 9.0, 9.1, and -current to fix a security issue. These fix a problem in previous Slackware php packages where linking PHP against a static library in an insecure path under /tmp could allow a local attacker to place shared libraries at this locatio...

RealOne Player for Linux 2.2 Alpha - Insecure Configuration File Permission Privilege Escalation

// source: https://www.securityfocus.com/bid/8571/info The configuration files for the RealOne Player are installed in the a hidden folder in a users home directory. The issue presents itself, because configuration files stored in this directory are installed with insecure permissions. This means...

RealPlayer 9 *nix - Local Privilege Escalation

RealPlayer 9 nix - Local Privilege Escalation / rp9-priv-esc.c A local privilege escalation attack against the community supported version of Real.com's Realplayer, version 9. Written by: Jon Hart warchild spoofed.org By default, configuration files are stored in $USER/.realnetworks/, but all the...

RealPlayer 9 *nix Local Privilege Escalation Exploit

Exploit for linux platform in category local exploits ==================================================== RealPlayer 9 nix Local Privilege Escalation Exploit ==================================================== / rp9-priv-esc.c A local privilege escalation attack against the community supported...

IBM DB2 - Shared Library Injection

IBM DB2 - Shared Library Injection source: https://www.securityfocus.com/bid/8346/info IBM DB2 ships with a number of shared libraries, stored in a directory owned by the user and group 'bin'. As setuid root utilities are linked to these libraries, their ownership by a user and group of a lower...

Progress Database 9.1 - Environment Variable Privilege Escalation

Progress Database 9.1 - Environment Variable Privilege Escalation // source: https://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress...