Unknown · CVSS Not scored
Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local users to gain root privileges, as identified by Sun BugID 4659277, a different vulnerability than CVE-2003-1082.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
mod_digest for Apache before 1.3.31 does not properly verify the nonce of a client response by using a AuthNonce secret.
Published Feb 3, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Race condition in Solaris 2.6 through 9 allows local users to cause a denial of service (kernel panic), as demonstrated via the namefs function, pipe, and certain STREAMS routines.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in the (1) dbm_open function, as used in ndbm and dbm, and the (2) dbminit function in Solaris 2.6 through 9 allow local users to gain root privileges via long arguments to Xsun or other programs that use these functions.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the sysinfo system call for Solaris for SPARC 2.6 through 9, and Solaris for x86 2.6, 7, and 8, allows local users to read kernel memory.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (syslogd crash) and possibly execute arbitrary code via long syslog UDP packets.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (rpcbind crash).
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Solaris 8 with IPv6 enabled allows remote attackers to cause a denial of service (kernel panic) via a crafted IPv6 packet.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The Xsun server for Sun Solaris 2.6 through 9, when running in Direct Graphics Access (DGA) mode, allows local users to cause a denial of service (Xsun crash) or to create or overwrite arbitrary files on the system, probably via a symlink attack on temporary server files.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple race conditions in the handling of O_DIRECT in Linux kernel prior to version 2.4.22 could cause stale data to be returned from the disk when handling sparse files, or cause incorrect data to be returned when a file is truncated as it is being read, which might allow local users to obtain sensitive data that was originally owned by other users, a different vulnerability than CVE-2003-0018.
Published Feb 16, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the libraries for the PGX32 frame buffer in Solaris 2.5.1 and 2.6 through 9 allows local users to gain root access.
Published Feb 8, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Various routines for the ppc64 architecture on Linux kernel 2.6 prior to 2.6.2 and 2.4 prior to 2.4.24 do not use the copy_from_user function when copying data from userspace to kernelspace, which crosses security boundaries and allows local users to cause a denial of service.
Published Feb 27, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
The scosession program in OpenServer 5.0.6 and 5.0.7 allows local users to gain privileges via crafted strings on the commandline.
Published Feb 6, 2005 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Xscreensaver 4.14 contains certain debugging code that should have been omitted, which causes Xscreensaver to create temporary files insecurely in the (1) apple2, (2) xanalogtv, and (3) pong screensavers, and allows local users to overwrite arbitrary files via a symlink attack.
Published Feb 28, 2006 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as used in LSASS.EXE, CRYPT32.DLL, and other Microsoft executables and libraries on Windows NT 4.0, 2000, and XP, allow remote attackers to execute arbitrary code via ASN.1 BER encodings with (1) very large length fields that cause arbitrary heap data to be overwritten, or (2) modified bit strings.
Published Feb 11, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Orville Write (orville-write) 2.53 and earlier allow local users to gain privileges.
Published Feb 19, 2004 · Updated Aug 8, 2024
Unknown · CVSS Not scored
miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 does not properly handle metacharacters such as line feeds and carriage returns (CRLF) in Base-64 encoded strings during Basic authentication, which allows remote attackers to spoof a session ID and gain root privileges.
Published Feb 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerabilities in the logging routines for MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in Kerberos principal names.
Published Feb 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Buffer overflow in secure locate (slocate) before 2.7 allows local users to execute arbitrary code via a long (1) -c or (2) -r command line argument.
Published Feb 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Oracle 9i Database release 2, Release 1, 8i, 8.1.7, and 8.0.6 allow remote attackers to execute arbitrary code via (1) a long conversion string argument to the TO_TIMESTAMP_TZ function, (2) a long time zone argument to the TZ_OFFSET function, or (3) a long DIRECTORY parameter to the BFILENAME function.
Published Feb 21, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Published Feb 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.
Published Feb 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3.10.5, may allow attackers to cause a denial of service or execute arbitrary code, related to usage of the vsprintf function.
Published Feb 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrators to log in as other users by using the administrator password.
Published Feb 26, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.
Published Feb 5, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Unknown vulnerability in the directory parser for Direct Connect 4 Linux (dcgui) before 0.2.2 allows remote attackers to read files outside the sharelist.
Published Feb 11, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Published Feb 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.
Published Feb 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
Published Feb 1, 2003 · Updated Aug 8, 2024
Unknown · CVSS Not scored
AbsoluteTelnet SSH2 client does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.
Published Feb 1, 2003 · Updated Aug 8, 2024