CVSS: 7.2EPSS: 0%CPEs: 17EXPL: 2CVE-2003-1358 – HP-UX 10.x - rs.F3000 Unauthorized Access
https://notcve.org/view.php?id=CVE-2003-1358
rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program. • https://www.exploit-db.com/exploits/22248 http://securityreason.com/securityalert/3236 http://www.securityfocus.com/advisories/4960 http://www.securityfocus.com/archive/1/324381 http://www.securityfocus.com/bid/6837 https://exchange.xforce.ibmcloud.com/vulnerabilities/11312 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 5.0EPSS: 1%CPEs: 4EXPL: 0CVE-2003-1087
https://notcve.org/view.php?id=CVE-2003-1087
Unknown vulnerability in diagmond and possibly other applications in HP9000 Series 700/800 running HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows remote attackers to cause a denial of service (program failure) via certain network traffic. • http://marc.info/?l=bugtraq&m=109292319608851&w=2 http://secunia.com/advisories/8971 http://www.securityfocus.com/bid/7827 https://exchange.xforce.ibmcloud.com/vulnerabilities/12199 •
CVSS: 2.1EPSS: 0%CPEs: 3EXPL: 0CVE-2003-1099
https://notcve.org/view.php?id=CVE-2003-1099
shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files with predictable names in /tmp, which allows local users to cause a denial of service and possibly execute arbitrary code via a symlink attack. • http://secunia.com/advisories/10339 http://www.ciac.org/ciac/bulletins/o-032.shtml http://www.kb.cert.org/vuls/id/509454 http://www.kb.cert.org/vuls/id/CRDY-5VFQA3 http://www.securityfocus.com/bid/9141 https://exchange.xforce.ibmcloud.com/vulnerabilities/13882 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5788 •
CVSS: 7.2EPSS: 0%CPEs: 6EXPL: 0CVE-2003-1356
https://notcve.org/view.php?id=CVE-2003-1356
The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 through 11.11 is "incorrect," which allows attackers to gain access or cause a denial of service via unknown vectors. • http://archives.neohapsis.com/archives/hp/2003-q1/0009.html http://www.securityfocus.com/bid/6640 https://exchange.xforce.ibmcloud.com/vulnerabilities/11107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5758 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 4.3EPSS: 2%CPEs: 58EXPL: 0CVE-2003-0914
https://notcve.org/view.php?id=CVE-2003-0914
ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote attackers to poison the cache via a malicious name server that returns negative responses with a large TTL (time-to-live) value. ISC BIND 8.3.x antes de 8.3.7, y 8.4.x antes de 8.4.3 permite a atacantes remotos envenenar la cache mediante un servidor de nombres malicioso que devuelve respuestas negativas con un valor TTL (time to live) largo. • ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2004-003.0/CSSA-2004-003.0.txt ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.33/CSSA-2003-SCO.33.txt http://secunia.com/advisories/10542 http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/57434 http://www.debian.org/security/2004/dsa-409 http://www.kb.cert.org/vuls/id/734644 http://www.trustix.org/errata/misc/2003/TSL-2003-0044-bind.asc.txt https://oval.cisecurity.org/repository& •