Computer Security
[EN] securityvulns.ru no-pyccku


Apple MacOS X Xcode OpenBase SQL privilege escalation
updated since 16.10.2006
Published:08.11.2006
Source:
SecurityVulns ID:6724
Type:local
Threat Level:
6/10
Description:On executing tar from suid root application TAR_OPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem.
Affected:XCODE : Xcode OpenBase 9.1
 XCODE : Xcode OpenBase 10.0
Original documentdocumentKevin Finisterre, [Full-disclosure] OpenBase SQL multiple vulnerabilities Part Deux (08.11.2006)
Files:Xcode OpenBase <= 9.1.5 Local Root Exploit (OSX)
 Exploits XCode OpenBase SQL unsafe system() call
 Exploits XCode OpenBase SQL symlink

Lotus Notes information leak
Published:08.11.2006
Source:
SecurityVulns ID:6794
Type:remote
Threat Level:
6/10
Description:It's possible to check user existance and download certificate of new user with TCP/1352 port protocol.
Original documentdocumentAndrew Christensen, [Full-disclosure] Lotus Notes pre-login User.ID key leak (08.11.2006)
Files:Lotus Notes Port 1352 Pre-login Information Leakage

Lotus Domino tunekrnl utility buffer overflow
Published:08.11.2006
Source:
SecurityVulns ID:6795
Type:local
Threat Level:
5/10
Description:Multiple buffer overflows in suid utility.
Affected:IBM : Lotus Domino 6.5
 IBM : Lotus Domino 7.0
Original documentdocumentIDEFENSE, [Full-disclosure] iDefense Security Advisory 11.08.06: IBM Lotus Domino 7 tunekrnl Multiple Vulnerabilities (08.11.2006)

OmniNFS NFS server buffer overflow
Published:08.11.2006
Source:
SecurityVulns ID:6796
Type:remote
Threat Level:
5/10
Affected:OMNINFS : Omni-NFS Server 1.0
Files:Exploit for Omni-NFS Server stack overflow vulnerability (Metasploit)

Multiple Mozilla Firefox / Thunderbird / Seamonkey security vulnerabilities
Published:08.11.2006
Source:
SecurityVulns ID:6797
Type:client
Threat Level:
8/10
Description:Memory corruption, javascript code spoofing, code execution. May be used for hidden malware installation.
Files:Mozilla Foundation Security Advisory 2006-64
 Mozilla Foundation Security Advisory 2006-66
 Mozilla Foundation Security Advisory 2006-67

Linux kernel IPv6 filtering bypass
Published:08.11.2006
Source:
SecurityVulns ID:6798
Type:remote
Threat Level:
6/10
Description:It's possible to bypass filtering by using fragmented packets.
Affected:LINUX : kernel 2.6
Original documentdocumentSECUNIA, [SA22731] Linux Kernel Fragmented IPv6 Packet Filtering Bypass (08.11.2006)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod