Searching groups software vulnerabilities

The installation of Novell Netware NDS 5.99 pro

installation | Netware | Novell | NDS |

The installation of Novell Netware NDS 5.99 provides an unauthenticated client with Read access for the tree, which allows remote attackers to access sensitive information such as users, groups, and readable objects via CX.EXE and NLIST.EXE.


Transarc DCE Distributed File System (DFS) 1.1

Distributed | Transarc | System | File | DCE |

Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 does not properly initialize the grouplist for users who belong to a large number of groups, which could allow those users to gain access to resources that are protected by DFS.


"Multiple Users" Control Panel in Mac OS 9 allo

effectively | privileges | "Multiple | password | removing | without | Control | account | removes | Groups | Users" | Normal | allows | which | Owner | users | Panel | user | gain | Data | File | Mac | log |

"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user to log in as the Owner account without a password.


Cross-site scripting vulnerability AOL Instant

vulnerability | Cross-site | Messenger | scripting | Instant | AOL |

Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.


NFS in SGI 6.5.21m and 6.5.21f does not perform

configurations | /etc/exports | restrictions | wildcards | hostnames | attackers | intended | certain | without | perform | groups | access | bypass | checks | allow | which | could | entry | 6521f | 6521m | does | uses | SGI | NFS | not | any |

NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certain configurations when an /etc/exports entry uses wildcards without any hostnames or groups, which could allow attackers to bypass intended restrictions.


The getgrouplist function in GNU libc (glibc) 2

getgrouplist | function | libc | GNU |

The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows attackers to cause a denial of service (segmentation fault) and execute arbitrary code when a user is a member of a large number of groups, which can cause a buffer overflow.


describecomponents.cgi in Bugzilla 2.17.3 and 2

describecomponentscgi | Bugzilla |

describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products.


Unknown vulnerability in the administrative con

administrative | vulnerability | controls | Bugzilla | Unknown |

Unknown vulnerability in the administrative controls in Bugzilla 2.17.1 through 2.17.7 allows users with "grant membership" privileges to grant memberships to groups that the user does not control.


The person-to-person secure messaging feature i

person-to-person | messaging | Sticker | feature | before | secure |

The person-to-person secure messaging feature in Sticker before 3.1.0 beta 2 allows remote attackers to post messages to unauthorized private groups by using the group's public encryption key.


Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when

running | NetMail | Novell | Linux | group | owner | sets | 352a | 352b | 352c |

Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.


The Server Admin tool in servermgr_ipfilter for

servermgr_ipfilter | Server | Admin | tool | Mac |

The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to 10.4.2, when using multiple subnets and Address Groups, does not always properly write firewall rules to the Active Rules when certain conditions occur, which could result in firewall policies that are less restrictive than intended by the administrator.


chpst in runit 1.3.3-1 for Debian GNU/Linux, wh

inconsistent | permissions | GNU/Linux | specified | dietlibc | machines | properly | multiple | compiled | against | causes | handle | groups | assign | option | endian | little | Debian | gid_t | runit | group | chpst | sizes | which | 133-1 | does | type | i386 | root | not | bit | due |

chpst in runit 1.3.3-1 for Debian GNU/Linux, when compiled on little endian i386 machines against dietlibc, does not properly handle when multiple groups are specified in the -u option, which causes chpst to assign permissions for the root group due to inconsistent bit sizes for the gid_t type.


utilities/register.asp in Nukedit 4.9.6 and ear

utilities/registerasp | Nukedit |

utilities/register.asp in Nukedit 4.9.6 and earlier allows remote attackers to create new users as part of arbitrary groups, including the administrative group, via a modified groupid parameter when creating a user via the addDB action.


Apple Mac OS X 10.4 through 10.4.7, when the ad

Apple | Mac |

Apple Mac OS X 10.4 through 10.4.7, when the administrator clears the "Allow user to administer this computer" checkbox in System Preferences for a user, does not remove the user's account from the appserveradm or appserverusr groups, which still allows the user to manage WebObjects applications.


Unspecified vulnerability in Cybozu Office 6.5

vulnerability | information | Unspecified | attackers | sensitive | including | Windows | vectors | Office | Cybozu | groups | remote | obtain | allows | Build | users | via |

Unspecified vulnerability in Cybozu Office 6.5 Build 1.2 for Windows allows remote attackers to obtain sensitive information, including users and groups, via unspecified vectors.


The chroot helper in rMake for rPath Linux 1 do

supplemental | permissions | privileges | installed | insecure | packages | chroot | groups | causes | helper | local | users | might | allow | Linux | rPath | which | rMake | gain | drop | does | not |

The chroot helper in rMake for rPath Linux 1 does not drop supplemental groups, which causes packages to be installed with insecure permissions and might allow local users to gain privileges.


rMake before 1.0.4 drops root privileges in a w

before | rMake |

rMake before 1.0.4 drops root privileges in a way that retains the original supplemental groups, which might allow attackers to gain privileges via a crafted recipe file, a different vulnerability than CVE-2007-0536.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.


Multiple SQL injection vulnerabilities in Phoru

vulnerabilities | injection | Multiple | before | Phorum | SQL |

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.


Stack-based buffer overflow in the AUTH_LIST_GR

AUTH_LIST_GROUPS_FOR_AUTHID | Stack-based | arbitrary | attackers | possibly | argument | overflow | function | service | execute | denial | before | buffer | Fixpak | allows | cause | code | long | via | UDB | DB2 | IBM |

Stack-based buffer overflow in the AUTH_LIST_GROUPS_FOR_AUTHID function in IBM DB2 UDB 9.1 before Fixpak 3 allows attackers to cause a denial of service and possibly execute arbitrary code via a long argument.


Software vulnerabilities results 1 to 20 of 29     
Page: 12