6.9AI Score
0.0004EPSS
Buffer overflow in GNOME libraries 1.0.8 allows local user to gain root access via a long --espeaker argument in programs such as nethack.
7.2AI Score
0.0004EPSS
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
6.9AI Score
0.0004EPSS
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
6.7AI Score
0.0004EPSS
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
7.3AI Score
0.0004EPSS
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
6.4AI Score
0.0004EPSS
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
7.2AI Score
0.0004EPSS
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
6.2AI Score
0.0004EPSS
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
7AI Score
0.137EPSS
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
7.2AI Score
0.0004EPSS
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
7.3AI Score
0.0004EPSS
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
6.6AI Score
0.0004EPSS
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
6.6AI Score
0.0004EPSS
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
7.7AI Score
0.005EPSS
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
6.5AI Score
0.002EPSS
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
6.7AI Score
0.008EPSS
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
7.1AI Score
0.02EPSS
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
6.8AI Score
0.039EPSS
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
6.5AI Score
0.0004EPSS
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
7.2AI Score
0.0004EPSS
Multiple shell programs on various Unix systems, including (1) tcsh, (2) csh, (3) sh, and (4) bash, follow symlinks when processing << redirects (aka here-documents or in-here documents), which allows local users to overwrite files of other users via a symlink attack.
6.2AI Score
0.0004EPSS
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
6.7AI Score
0.002EPSS
6.4AI Score
0.0004EPSS
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
6.2AI Score
0.001EPSS
6.8AI Score
0.0004EPSS
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
6.4AI Score
0.0004EPSS
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
6.4AI Score
0.0004EPSS
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
6.3AI Score
0.0004EPSS
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
6.6AI Score
0.001EPSS
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
6.8AI Score
0.042EPSS
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
6.3AI Score
0.0004EPSS
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
6.3AI Score
0.0004EPSS
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
6.4AI Score
0.0004EPSS
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
6.3AI Score
0.0004EPSS
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
6.3AI Score
0.0004EPSS
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
6.4AI Score
0.0004EPSS
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
6.8AI Score
0.0004EPSS
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
6.7AI Score
0.007EPSS
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
6.3AI Score
0.0005EPSS
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
7.7AI Score
0.009EPSS
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
7.8AI Score
0.059EPSS
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
7.8AI Score
0.008EPSS
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
7.3AI Score
0.007EPSS
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
7.3AI Score
0.003EPSS
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
6.3AI Score
0.0004EPSS
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
6.5AI Score
0.001EPSS
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
6.8AI Score
0.0004EPSS
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
6.4AI Score
0.0004EPSS
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
6.6AI Score
0.0004EPSS
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
6.5AI Score
0.024EPSS