CVE-2002-1814 – Mandrake 7/8/9 / RedHat 6.x/7 Bonobo EFSTool - Commandline Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2002-1814
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. • https://www.exploit-db.com/exploits/21583 https://www.exploit-db.com/exploits/21584 https://www.exploit-db.com/exploits/21585 http://online.securityfocus.com/archive/1/279676 http://www.iss.net/security_center/static/9451.php http://www.securiteam.com/exploits/5AP0E0K8AO.html http://www.securityfocus.com/bid/5125 •
CVE-2002-0004 – AT 3.1.8 - Formatted Time Heap Overflow
https://notcve.org/view.php?id=CVE-2002-0004
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. Corrupción de memoria en el comando "at" permite que usuarios locales ejecuten código arbitrario haciendo uso de un tiempo de ejecución mal escrito (lo que provoca que at libere la misma memoria dos veces). • https://www.exploit-db.com/exploits/21229 http://marc.info/?l=bugtraq&m=101128661602088&w=2 http://marc.info/?l=bugtraq&m=101147632721031&w=2 http://online.securityfocus.com/advisories/3833 http://online.securityfocus.com/advisories/3969 http://www.debian.org/security/2002/dsa-102 http://www.novell.com/linux/security/advisories/2002_003_at_txt.html http://www.redhat.com/support/errata/RHSA-2002-015.html http://www.securityfocus.com/bid/3886 https://exchange.xforce. •
CVE-2001-1036 – GNU findutils 4.0/4.1 - Locate Arbitrary Command Execution
https://notcve.org/view.php?id=CVE-2001-1036
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory. • https://www.exploit-db.com/exploits/21043 http://www.osvdb.org/5477 http://www.securityfocus.com/archive/1/200991 http://www.securityfocus.com/bid/3127 https://exchange.xforce.ibmcloud.com/vulnerabilities/6932 •
CVE-2000-0867
https://notcve.org/view.php?id=CVE-2000-0867
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. • ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-032.0.txt http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:050 http://marc.info/?l=bugtraq&m=97726239017741&w=2 http://www.novell.com/linux/security/advisories/adv9_draht_syslogd_txt.html http://www.osvdb.org/5824 http://www.redhat.com/support/errata/RHSA-2000-061.html http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000 •
CVE-2000-0844 – Immunix OS 6.2 - LC glibc format string
https://notcve.org/view.php?id=CVE-2000-0844
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. • https://www.exploit-db.com/exploits/20187 https://www.exploit-db.com/exploits/209 https://www.exploit-db.com/exploits/215 https://www.exploit-db.com/exploits/249 https://www.exploit-db.com/exploits/20185 https://www.exploit-db.com/exploits/210 https://www.exploit-db.com/exploits/20188 https://www.exploit-db.com/exploits/20186 https://www.exploit-db.com/exploits/197 https://www.exploit-db.com/exploits/20189 https://www.exploit-db.com/exploits/20190 ftp: • CWE-264: Permissions, Privileges, and Access Controls •