Local user gains root privileges via buffer overflow in rdist, via expstr() function.
7.8CVSS
7.4AI Score
0.001EPSS
8.4CVSS
7.9AI Score
0.0004EPSS
8.4CVSS
7.6AI Score
0.0005EPSS
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
8.4CVSS
7.5AI Score
0.0004EPSS
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
7AI Score
0.0004EPSS
In Sun Solaris and SunOS, man and catman contain vulnerabilities that allow overwriting arbitrary files.
7.3AI Score
0.0004EPSS
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
7AI Score
0.009EPSS
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
7.2AI Score
0.0004EPSS
6.7AI Score
0.0004EPSS
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
7.5AI Score
0.057EPSS
6.7AI Score
0.0004EPSS
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
6.7AI Score
0.013EPSS
7AI Score
0.035EPSS
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
6.7AI Score
0.0004EPSS
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
6.6AI Score
0.0005EPSS
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
7.3AI Score
0.011EPSS
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
7.6AI Score
0.0004EPSS
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
7.2AI Score
0.0004EPSS
6.9AI Score
0.007EPSS
The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.
7.2AI Score
0.014EPSS
Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.
7.3AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
6.8AI Score
0.0004EPSS
7.3AI Score
0.0004EPSS
Buffer overflow in Solaris kcms_configure via a long NETPATH environmental variable.
7.2AI Score
0.0004EPSS
6.9AI Score
0.002EPSS
6.9AI Score
0.008EPSS
6.6AI Score
0.019EPSS
6.6AI Score
0.008EPSS
Buffer overflow in CDE dtmail and dtmailpr programs allows local users to gain privileges via a long -f option.
7.2AI Score
0.0004EPSS
Buffer overflow in CDE mailtool allows local users to gain root privileges via a long MIME Content-Type.
7.2AI Score
0.0004EPSS
6.6AI Score
0.003EPSS
6.6AI Score
0.0004EPSS
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
6.6AI Score
0.0004EPSS
Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.
6.6AI Score
0.0004EPSS
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
7.1AI Score
0.015EPSS
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.
6.8AI Score
0.002EPSS
Buffer overflow in uum program for Canna input system allows local users to gain root privileges.
7.3AI Score
0.0004EPSS
Buffer overflow in canuum program for Canna input system allows local users to gain root privileges.
7.3AI Score
0.0004EPSS
Buffer overflow in Solaris lpstat via class argument allows local users to gain root access.
7.2AI Score
0.0004EPSS
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
7.6AI Score
0.019EPSS
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
7.7AI Score
0.006EPSS
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
7.2AI Score
0.014EPSS
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
7.1AI Score
0.0004EPSS
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.
7.3AI Score
0.0004EPSS
useradd in Solaris 7.0 does not properly interpret certain date formats as specified in the "-e" (expiration date) argument, which could allow users to login after their accounts have expired.
6.9AI Score
0.0005EPSS
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
6.8AI Score
0.0004EPSS
Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local users to gain privileges via a long string in the terminal name argument.
7.2AI Score
0.0004EPSS
Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer 3.0 Beta and Forte Community Edition 1.0 Beta does not properly restrict access to IP addresses as specified in its configuration, which allows arbitrary remote attackers to access the server.
6.8AI Score
0.004EPSS
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
6.4AI Score
0.001EPSS