Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.
0711dd25c34bb121e569a2a04f39eb7eNGSSoftware Security Advisory NISR29012003 - There is a remotely exploitable buffer overflow vulnerability in the Microsoft RPC (Remote Procedure Call) Locator Service. This vulnerability, which especially affects Windows Domain Controllers, has been fixed by Microsoft and patch information can be found in Microsoft security advisory MS03-001.
65eb9ac93802f55ed2de5a92a6cfd606Carl Livitt security advisory CLIVITT-2003-2 - A format string vulnerability has been found in the plpnfsd daemon that comes with versions of the plptools package prior to 0.7. This issue can allow code execution with elevated privileges and has been fixed in newer versions of plptools. This advisory contains exploit code that may be used against affected SuSE Linux systems.
ac9f4e45a524276516f7ca240c0ae0a0The utility slocate has a local buffer overflow vulnerability when the -r and -c switches are used. Due to this utility being setgid slocate on many default installs, slight privilege escalation is possible.
183a5220d52fe7a1bf9e1f346889bb9cCVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.
04389f84addb51044ce4e82de3bf21cfiDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.
fb32a4acc9576b038a89bcfa8ef7a947The WebIntelligence application v2.x is a web interface which uses HTTPS and cookies to keep track of user sessions. Guessing session cookies, remote attackers can hijack the sessions of other users and take any action the account owner can take.
028411aba8f0d205341c12f2f49b3db0Tanne v0.6.17 contains a remote format string vulnerability in logger() which can lead to arbitrary code execution as root. for Linux/x86 which has been tested against Redhat 6.1, 7.0, and 8.0. Tanne is a secure http session management tool sometimes used in online banking.
e82f28d58237d7cebb5cd5afc51b7b60Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.
f3524837f48eaa73a53fcc6ee5a1ba6eThe Platinum FTP Server v1.06 contains remote directory traversal vulnerabilities that allow denial of service, list any directory on the server, and possibly arbitrary file deletion. Denial of service exploit in perl included. Fix available here.
864c40d419eb5997082b084cb768595c
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed