5 matches found
CVE-2004-1682
The CVE-2004-1682 entry concerns the QNX 6.1 FTP client, where a format string vulnerability in the QUOTE command can allow remote authenticated users to obtain group bin privileges. The root cause is improper handling of format specifiers in QUOTE, enabling privilege escalation. The provided doc...
CVE-2004-1391
The CVE-2004-1391 entry concerns the PPPoE daemon (PPPoEd) in QNX RTP 6.1, where an untrusted execution path allows local users to execute arbitrary programs by manipulating the PATH environment variable to reference a malicious mount program. This describes a local-privilege problem rooted in PA...
CVE-2004-1390
CVE-2004-1390 affects the PPPoE daemon (PPPoEd) in QNX RTP 6.1 . The issue is described as multiple buffer overflows in PPPoEd that allow a remote attacker to execute arbitrary code by supplying a long argument to any of the flags: -F, name, en, upscript, downscript, retries, timeout, scriptdetac...
CVE-2001-0325
CVE-2001-0325 affects QNX RTP 5.60. The vulnerability is a buffer/stack overflow in parsing arguments to the stat command (also described as a strtok()-related overflow in the FTP stat handling), allowing a remote attacker to cause a denial of service and potentially execute arbitrary code. Conne...
CVE-2004-1681
CVE-2004-1681 affects QNX Photon microGUI on QNX RTP 6.1. Affected components are phrelay-cfg, phlocale, pkg-installer, and input-cfg, with multiple buffer overflows described as enabling local privilege escalation through an overly long -s (server) command line parameter. The vulnerability is lo...