package software vulnerabilities
vulnerabilities.aspcode.net
Searching package software vulnerabilities
swinstall and swmodify commands in SD-UX packag
overwrite
|
arbitrary
|
swinstall
|
swmodify
|
commands
|
systems
|
package
|
create
|
access
|
files
|
HP-UX
|
SD-UX
|
allow
|
users
|
local
|
root
|
gain
|
swinstall and swmodify commands in SD-UX package in HP-UX systems allow local users to create or overwrite arbitrary files to gain root access.
Buffer overflow in the bootp server in the Debi
overflow
|
package
|
Debian
|
netstd
|
Buffer
|
server
|
bootp
|
Linux
|
Buffer overflow in the bootp server in the Debian Linux netstd package.
Buffer overflow in Linux linuxconf package allo
privileges
|
linuxconf
|
attackers
|
parameter
|
overflow
|
package
|
remote
|
Buffer
|
allows
|
Linux
|
long
|
gain
|
root
|
via
|
Buffer overflow in Linux linuxconf package allows remote attackers to gain root privileges via a long parameter.
search.cgi in the SolutionScripts Home Free pac
SolutionScripts
|
directories
|
attackers
|
searchcgi
|
package
|
remote
|
allows
|
Home
|
view
|
Free
|
via
|
search.cgi in the SolutionScripts Home Free package allows remote attackers to view directories via a .. (dot dot) attack.
Buffer overflow in WebObjects.exe in the WebObj
WebObjectsexe
|
WebObjects
|
attackers
|
Developer
|
overflow
|
service
|
request
|
package
|
headers
|
denial
|
allows
|
Buffer
|
Accept
|
remote
|
cause
|
such
|
HTTP
|
long
|
via
|
Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 package allows remote attackers to cause a denial of service via an HTTP request with long headers such as Accept.
Buffer overflow in IC Radius package allows a r
attacker
|
overflow
|
service
|
package
|
Buffer
|
denial
|
Radius
|
allows
|
remote
|
cause
|
user
|
name
|
long
|
via
|
Buffer overflow in IC Radius package allows a remote attacker to cause a denial of service via a long user name.
pg and pb in SuSE pbpg 1.x package allows an at
arbitrary
|
attacker
|
package
|
allows
|
files
|
SuSE
|
pbpg
|
read
|
pg and pb in SuSE pbpg 1.x package allows an attacker to read arbitrary files.
Buffer overflow in restore program 0.4b17 and e
arbitrary
|
overflow
|
commands
|
execute
|
package
|
earlier
|
restore
|
program
|
allows
|
Buffer
|
04b17
|
local
|
users
|
long
|
tape
|
dump
|
name
|
via
|
Buffer overflow in restore program 0.4b17 and earlier in dump package allows local users to execute arbitrary commands via a long tape name.
Buffer overflow in kon program in Kanji on Cons
overflow
|
program
|
Console
|
Buffer
|
Kanji
|
kon
|
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
The FSserial, FlagShip_c, and FlagShip_p progra
world-writeable
|
FlagShip_p
|
FlagShip_c
|
installed
|
programs
|
FSserial
|
FlagShip
|
replace
|
package
|
Trojan
|
horses
|
allows
|
local
|
which
|
users
|
them
|
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
document.d2w CGI program in the IBM Net.Data db
nonexistent
|
documentd2w
|
attackers
|
determine
|
physical
|
package
|
program
|
command
|
NetData
|
sending
|
server
|
allows
|
db2www
|
remote
|
path
|
CGI
|
IBM
|
web
|
document.d2w CGI program in the IBM Net.Data db2www package allows remote attackers to determine the physical path of the web server by sending a nonexistent command to the program.
speechd 0.54 and earlier, with the Festival or
speechd
|
speechd 0.54 and earlier, with the Festival or rsynth speech synthesis package, allows attackers to execute arbitrary commands via shell metacharacters.
runlpr in the LPRng package allows the local lp
privileges
|
arguments
|
package
|
command
|
certain
|
runlpr
|
allows
|
LPRng
|
local
|
line
|
gain
|
user
|
root
|
via
|
runlpr in the LPRng package allows the local lp user to gain root privileges via certain command line arguments.
The default --checksig setting in RPM Package M
--checksig
|
Package
|
Manager
|
default
|
setting
|
RPM
|
The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.
psbanner in the LPRng package allows local user
/tmp/before
|
overwrite
|
arbitrary
|
psbanner
|
symbolic
|
package
|
allows
|
attack
|
files
|
local
|
users
|
LPRng
|
file
|
link
|
via
|
psbanner in the LPRng package allows local users to overwrite arbitrary files via a symbolic link attack on the /tmp/before file.
znew in the gzip package allows local users to
overwrite
|
arbitrary
|
temporary
|
package
|
symlink
|
allows
|
attack
|
users
|
files
|
local
|
znew
|
gzip
|
via
|
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files.
Unknown vulnerability in Mac OS X 10.3.4, relat
vulnerability
|
Unknown
|
Mac
|
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517.
The f2c translator in the f2c package 3.1 allow
translator
|
arbitrary
|
temporary
|
symlink
|
package
|
attack
|
allows
|
files
|
local
|
users
|
read
|
f2c
|
via
|
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
Oracle Database Server 10g Release 2 allows loc
arbitrary
|
malicious
|
reference
|
TYPE_NAME
|
argument
|
Database
|
queries
|
package
|
execute
|
Release
|
allows
|
Oracle
|
Server
|
local
|
users
|
SQL
|
via
|
10g
|
Oracle Database Server 10g Release 2 allows local users to execute arbitrary SQL queries via a reference to a malicious package in the TYPE_NAME argument in the (1) GET_DOMAIN_INDEX_TABLES or (2) GET_V2_DOMAIN_INDEX_TABLES function in the DBMS_EXPORT_EXTENSION package.
The ntfs-3g package before 1.913-2.fc7 in Fedor
permissions
|
incorrect
|
710/Gutsy
|
1913-2fc7
|
ntfs-3g
|
package
|
assign
|
before
|
Fedora
|
Ubuntu
|
The ntfs-3g package before 1.913-2.fc7 in Fedora 7, and an ntfs-3g package in Ubuntu 7.10/Gutsy, assign incorrect permissions (setuid root) to mount.ntfs-3g, which allows local users with fuse group membership to read from and write to arbitrary block devices, possibly involving a file descriptor leak.
Software vulnerabilities results 1 to 20 of 158
Page:
1
2
3
4
5
...
8
►