 |
|
|
|
FreeBSD telnetd privilege escalation
updated since 16.02.2009 | | Published: |  | 17.02.2009 | | Source: |  | FULL-DISCLOSURE | | SecurityVulns ID: |  | 9680 | | Type: |  | remote | | Level: |  | 9/10 | | Description: |  | LD_xxx environment variable are not cleared on 'login' execution, makeing it's possible to execute code witi root privileges.
For remote exploitation it's required to have ability to upload the file to remote system (via FTP, Web, etc). |
Enomaly ECP / Enomalism symbolic links vulnerability
updated since 01.02.2009 | | Published: | | 17.02.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9638 | | Type: | | local | | Level: | | 5/10 | | Description: | | Insecure temporary files creation. |
| Affected: |  | ENOMALY : Enomaly ECP 2.1 | | CVE: |  | CVE-2009-0390 (Argument injection vulnerability in Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to send signals to arbitrary processes by populating the /tmp/enomalism2.pid file with command-line arguments for the kill program.) | | | | CVE-2008-4990 (Enomaly Elastic Computing Platform (ECP), formerly Enomalism, before 2.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/enomalism2.pid temporary file.) |
blender / gedit / gnumeric / vim / eog python scripts code execution
updated since 17.02.2009 | | Published: | | 07.04.2009 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 9683 | | Type: | | local | | Level: | | 4/10 | | Description: | | sys.path variable manipulation is possible to load arbitrary modules. |
| Affected: | | GNUMERIC : gnumeric 1.8 | | | | BLENDER : Blender 2.46 | | | | GEDIT : gedit 2.24 | | | | EPIPHANY : epiphany 2.24 | | | | EOG : Eye of GNOME 2.22 | | CVE: | | CVE-2009-0318 (Untrusted search path vulnerability in the GObject Python interpreter wrapper in Gnumeric allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).) | | | | CVE-2009-0316 (Untrusted search path vulnerability in src/if_python.c in the Python interface in Vim before 7.2.045 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983), as demonstrated by an erroneous search path for plugin/bike.vim in bicyclerepair.) | | | | CVE-2009-0314 (Untrusted search path vulnerability in the Python module in gedit allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).) | | | | CVE-2008-5987 (Untrusted search path vulnerability in the Python interface in eog 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).) | | | | CVE-2008-5985 (Untrusted search path vulnerability in the Python interface in Epiphany 2.22.3, and possibly other versions, allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to a vulnerability in the PySys_SetArgv function (CVE-2008-5983).) | | | | CVE-2008-5983 (Untrusted search path vulnerability in the PySys_SetArgv API function in Python 2.6 and earlier, and possibly later versions, prepends an empty string to sys.path when the argv[0] argument does not contain a path separator, which might allow local users to execute arbitrary code via a Trojan horse Python file in the current working directory.) | | | | CVE-2008-4863 (Untrusted search path vulnerability in BPY_interface in Blender 2.46 allows local users to execute arbitrary code via a Trojan horse Python file in the current working directory, related to an erroneous setting of sys.path by the PySys_SetArgv function.) |
|
|
|
|
|
|
|
|
