5379 matches found
IBM AIX lsfs utility invokes grep and lslv with relative pathnames
Overview The IBM AIX operating system contains a vulnerability in the lsfs utility that allows a local user to execute arbitrary code as root. Description The IBM AIX lsfs utility displays filesystem information such as mount points, permissions and volume sizes. To list this information, it...
Digital Unix 4.0 - MSGCHK Buffer Overflow
// source: https://www.securityfocus.com/bid/3311/info The msgchk utility under certain versions of Digital Unix contains a buffer overflow vulnerability which could yield root privilege. If a local user invokes the msgchk utility at the command line, argumented with a sufficiently long string of...
CBOS Web-based Configuration Utility Vulnerability
...
Intego FileGuard 2.0/4.0 - Weak Password Encryption
source: https://www.securityfocus.com/bid/3213/info Intego FileGuard is a commercial access control utility for Mac OS versions 7-9.1. It's functionality includes the ability to enforce privileges, log activities, manage user accounts, restrict access by time, etc. Intego FileGuard provides syste...
sort creates temporary files insecurely
Overview The sort utility creates temporary files insecurely, making sort subject to a denial-of-service attack. Description The UNIX sort utility creates temporary files with predictable names. The creation is done in a manner to prevent information loss via a symlink attack, but existence of th...
Solaris 2.6/7/8 (SPARC) - xlock Heap Overflow
// source: https://www.securityfocus.com/bid/3160/info Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships with Solaris as part of OpenWindows...
Solaris 8 - x86 xlock Heap Overflow
// source: https://www.securityfocus.com/bid/3160/info Xlock is a utility for locking X-windows displays. It is installed setuid root because it uses the user's password to authorize access to the display when it is locked. The version of xlock that ships with Solaris as part of OpenWindows...
CVE-2001-1022
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command...
ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption
ArGoSoft FTP Server 1.2.2.2 - Weak Password Encryption // source: https://www.securityfocus.com/bid/3029/info ArGoSoft FTP server is an FTP server for the Windows platform. A design error exists in ArGoSoft FTP which enables an authenticated user to view other users encrypted passwords. However d...
Apple Mac OSX 10 - nidump Password File Disclosure
Apple Mac OSX 10 - nidump Password File Disclosure source: https://www.securityfocus.com/bid/2953/info A vulnerability exists in all versions of Apple MacOS X. It has been found to contain a vulnerability which could allow disclosure of passwords and other sensitive system information. nidump is ...
Apple Mac OSX 10 - nidump Password File Disclosure
source: https://www.securityfocus.com/bid/2953/info A vulnerability exists in all versions of Apple MacOS X. It has been found to contain a vulnerability which could allow disclosure of passwords and other sensitive system information. nidump is a Mac OS X system data extraction utility which can...
1C: Arcadia Internet Store 1.0 - Path Disclosure
1C: Arcadia Internet Store 1.0 - Path Disclosure source: https://www.securityfocus.com/bid/2904/info 1C: Arcadia Internet Store is a online shopping utility for Microsoft Windows NT/2000 that is fully integratable with 1C: Enterprise, another popular Russian web-commerce utility. One of the...
Символьные линки в kmmodreg из HP/UX (symbolic links)
Проблема символьных линков в утилите kmmodreg boot...
Solaris 2.62.67.08 whodo - Local Buffer Overflow
Solaris 2.62.67.08 whodo - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2935/info The 'whodo' utility shipped with Sun Microsystems' Solaris provides a listing of users online and their activities. It is installed setuid root because it reads from the 'utmp' log as well as...
Solaris 2.6/2.6/7.0/8 whodo - Local Buffer Overflow
// source: https://www.securityfocus.com/bid/2935/info The 'whodo' utility shipped with Sun Microsystems' Solaris provides a listing of users online and their activities. It is installed setuid root because it reads from the 'utmp' log as well as from the process table. 'whodo' contains a buffer...
Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass
Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass source: https://www.securityfocus.com/bid/2801/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway...
Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass
Aladdin Knowledge Systems eSafe Gateway 3.0 - HTML tag Script-filtering Bypass source: https://www.securityfocus.com/bid/2800/info eSafe Gateway is a security utility used for filtering internet content. It is possible to craft an html file that slips through eSafe Gateway's script filtering...
Aladdin Knowledge Systems eSafe Gateway 3.0 - Unicode Script-filtering Bypass
source: https://www.securityfocus.com/bid/2801/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply encoding the tag in Unicode format, such that the filter...
Переполнение буфера в HP OpenView NNM (buffer overflow)
Переполнение буфера в suid root утилите ecsd...
eSafe Gateway 2.1 - Script-filtering Bypass
source: https://www.securityfocus.com/bid/2750/info eSafe Gateway is a security utility used for filtering internet content. An html file may be crafted to bypass the script-filtering feature offered by eSafe Gateway. This is done by simply changing the syntax of the function in such a way as to...