Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

CVE
CVEadded 2007/11/14 1:0 a.m.48 views

CVE-2007-3880

CVE-2007-3880 is a format-string vulnerability in the srsexec binary of Sun Remote Services Net Connect (SUNWsrspx), affecting Solaris 8/9/10 via NetConnect 3.2.3/3.2.4. An attacker with local access to a set-UID root srsexec can trigger syslog handling of crafted input containing format specifie...

7.2CVSS6.4AI score0.00053EPSS
Exploits0References8Affected Software1
securityvulns
securityvulnsadded 2007/11/06 12:0 a.m.56 views

iDefense Security Advisory 11.02.07: Sun Microsystems Solaris srsexec Format String Vulnerability

iDefense Security Advisory 11.02.07 http://labs.idefense.com/intelligence/vulnerabilities/ Nov 02, 2007 I. BACKGROUND The srsexec utility is part of the SRS Proxy Core package that is available with Solaris 10. This package is used to monitor the performance of clients running Solaris from a...

7.2CVSS0.9AI score0.00053EPSS
Exploits0
Tenable Nessus
Tenable Nessusadded 2007/05/20 12:0 a.m.23 views

Solaris 10 (sparc) : 123870-05 (deprecated)

NetConnect 3.2.4: srsproxy/srsexec patch for Solaris 8/9/10. Date this patch was last updated by Sun : Nov/01/07 This plugin has been deprecated and either replaced with individual 123870 patch-revision plugins, or deemed non-security related. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

2.1CVSS6.7AI score0.10401EPSS
Exploits1References2
seebug.org
seebug.orgadded 2007/05/14 12:0 a.m.28 views

Sun Solaris srsexec任意文件读取本地信息泄露漏洞

Solaris是一款由Sun开发和维护的商业性质UNIX操作系统。 Solaris系统的srsexec工具在处理文件访问权限时存在漏洞,本地攻击者可能利用此漏洞读取部分敏感文件内容。 如果安装了SUNWsrspx软件包的话,则该软件包中的srsexec工具可能允许本地攻击者访问敏感信息,如root口令哈希。漏洞起因是没有丢弃或检查目标文件的权限,如果用户指定了verify only模式(-v)及debug(-d)模式的话,且指定了受保护的文件(如/etc/shadow),srsexec就会在debug消息中显示/etc/shadow的第一行。 Sun SRS Net Connect...

7.1AI score
Exploits0
securityvulns
securityvulnsadded 2007/05/12 12:0 a.m.35 views

Sun Solaris srsexec unauthorized files accesss

By using combination of -d and -v command line options it's possible to read first line of any file...

3.9AI score
Exploits0References1Affected Software1
ATTACKERKB
ATTACKERKBadded 2007/05/11 12:0 a.m.23 views

CVE-2007-2617

srsexec in Sun Remote Services SRS Net Connect Software Proxy Core package in Sun Solaris 10 does not enforce file permissions when opening files, which allows local users to read the first line of arbitrary files via the -d and -v options. Recent assessments: h00die at March 25, 2020 12:46am UTC...

7.5CVSS6.1AI score0.6839EPSS
Exploits8References10
exploitpack
exploitpackadded 2007/05/10 12:0 a.m.17 views

Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure

Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure source: https://www.securityfocus.com/bid/23915/info Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error. A local attacker may exploit this issue to access...

7.2AI score
Exploits0
Exploit DB
Exploit DBadded 2007/05/10 12:0 a.m.23 views

Sun Microsystems Solaris SRSEXEC 3.2.x - Arbitrary File Read Local Information Disclosure

source: https://www.securityfocus.com/bid/23915/info Sun Microsystems Solaris is prone to a local information-disclosure vulnerability due to a design error. A local attacker may exploit this issue to access sensitive information, including superuser password information, that may lead to further...

7.4AI score
Exploits0
Rows per page
Query Builder