Security Holes in Remedy Client Installer - Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Tested on Solaris 2.6 and 8, using the installer for AR 4.5.1. Other platforms are likely vulnerable as well.
c95b5fdfab0923436993b9af56b0a4a3494ae9311cfd445be9ca1fe847a44131Local root compromise in MicroFocus Cobol for Solaris/Sparc - If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 can be tricked into running code as root due to a permission problem.
6be64d2889f4def783b33e0ef5fcbe35a375d34660178a987267aed924cd2601Store.cgi from Key to the Web's ecommerace solution contains a vulnerability which allows web users to read any file on the system. Exploit URL included.
0c35ce0b2d171b46048cd2cee55ae9e0bebb76665535c56dce2ba5fe63c19216Oracle 8.1.6.0.0 local exploit for the dbsnmp binary. Gives uid=oracle shell. Tested on Red Hat 6.2.
d5ef5c71547dbb0ab80a21d8e2640abc52b98797fa1bf2a190144680962eafd4Oracle 8.0.5 local exploit - Gives UID=oracle via a buffer overflow in otrcrep binary. Tested on Linux.
d15db2d3ef39c249b21725fb76411b54d33502941e840a661aeb1f0a71e6b8a2Securax Security Advisory #21 - Globalscape's CuteFTP, a popular FTP client, uses a weak encryption scheme, allowing plaintext login and password recovery from the address book. Includes cuteftpd.c which calculates the plaintext.
2499dd93058956bab1a6f07a873e2dc6e7a2668ba0e1e125af0103445bbc88e9Hypoclear Security Advisory - The Linksys "EtherFast 4-Port Cable/DSL Router" has a security flaw which allows router passwords and ISP account passwords to be viewed in the HTML source stored on the router, allowing password sniffing attacks.
26e8cd8f9e6041805654444b40bcbded274950ae7ad6fc58b730a749f7b18052
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed