Security Holes in Remedy Client Installer - Due to improper handling of temporary files, the installer program for Remedy Software's Action Request System client for unix can allow local users to gain root privileges. Tested on Solaris 2.6 and 8, using the installer for AR 4.5.1. Other platforms are likely vulnerable as well.
c95b5fdfab0923436993b9af56b0a4a3494ae9311cfd445be9ca1fe847a44131
Local root compromise in MicroFocus Cobol for Solaris/Sparc - If the AppTrack feature is enabled, the default install of MicroFocus Cobol 4.1 can be tricked into running code as root due to a permission problem.
6be64d2889f4def783b33e0ef5fcbe35a375d34660178a987267aed924cd2601
Store.cgi from Key to the Web's ecommerace solution contains a vulnerability which allows web users to read any file on the system. Exploit URL included.
0c35ce0b2d171b46048cd2cee55ae9e0bebb76665535c56dce2ba5fe63c19216
Oracle 8.1.6.0.0 local exploit for the dbsnmp binary. Gives uid=oracle shell. Tested on Red Hat 6.2.
d5ef5c71547dbb0ab80a21d8e2640abc52b98797fa1bf2a190144680962eafd4
Oracle 8.0.5 local exploit - Gives UID=oracle via a buffer overflow in otrcrep binary. Tested on Linux.
d15db2d3ef39c249b21725fb76411b54d33502941e840a661aeb1f0a71e6b8a2
Securax Security Advisory #21 - Globalscape's CuteFTP, a popular FTP client, uses a weak encryption scheme, allowing plaintext login and password recovery from the address book. Includes cuteftpd.c which calculates the plaintext.
2499dd93058956bab1a6f07a873e2dc6e7a2668ba0e1e125af0103445bbc88e9
Hypoclear Security Advisory - The Linksys "EtherFast 4-Port Cable/DSL Router" has a security flaw which allows router passwords and ISP account passwords to be viewed in the HTML source stored on the router, allowing password sniffing attacks.
26e8cd8f9e6041805654444b40bcbded274950ae7ad6fc58b730a749f7b18052