(Description Provided by CVE) : netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
IBM AIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user overflows a buffer in its portmir command, typically via assembly language instructions coded in an exploit written in the c programming language. This flaw may lead to a loss of Integrity.
FreeBSD contains a flaw that may allow a malicious user to write to arbitrary files. The issue is triggered when a malicious user invokes the open() system call. It is possible that the flaw may allow unauthorized I/O resulting in a loss of integrity.
(Description Provided by CVE) : Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
PHP/FI contains a flaw that allows a remote attacker to view arbitray files. The issue is due to the "mylog.html" sample script not sanitizing input passed to the "screen" variable. By supplying a fully qualified path and filename, the script will return the contents of the file.
PHP/FI contains a flaw that allows a remote attacker to view arbitray files. The issue is due to the "mlog.html" sample script not sanitizing input passed to the "screen" variable. By supplying a fully qualified path and filename, the script will return the contents of the file.
It is possible for non-administrative users to create a program and set it to run by the next user who logs on. Unauthorized access rights could be obtained if the next user to log on has administrative rights.
Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious web page contains an IFRAME, which can copy HTML or text files from the system to any other system for later viewing and may allow a remote attacker to view arbitrary files resulting in a loss of confidentiality.
By default, 3Com SuperStack II PS Hub installs with default user credentials (username/password combination) for the administrator account. The 'admin' account has no password, which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.
(Description Provided by CVE) : IMAP 4.1 BETA, and possibly other versions, does not properly handle the SIGABRT (abort) signal, which allows local users to crash the server (imapd) via certain sequences of commands, which causes a core dump that may contain sensitive password information.
(Description Provided by CVE) : HP Laserjet printers with JetDirect cards, when configured with TCP/IP, allow remote attackers to bypass print filters by directly sending PostScript documents to TCP ports 9099 and 9100.
Solaris contains a flaw related to the FTP client. The issue is triggered when a remote attacker uploads a file that starts with the '|' (pipe) character, which will cause the contents of the file to be executed as a shell script.
(Description Provided by CVE) : Directory traversal vulnerability in Muhammad A. Muquit wwwcount (Count.cgi) 2.3 allows remote attackers to read arbitrary GIF files via ".." sequences in the image parameter, a different vulnerability than CVE-1999-0021.
IOS and IOS/700 contain a flaw that may allow a malicious user to establish unauthorized connections. The issue is triggered when an attacker exploits a flaw in IOS to bypass CHAP authentication. It is possible that the flaw may allow arbitrary PPP connections resulting in unauthorized network traffic.
(Description Provided by CVE) : In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.