Page 2 of 138 results (0.008 seconds)

CVSS: 10.0EPSS: 1%CPEs: 1EXPL: 0

ftpd.c in (1) wu-ftpd 2.4.2 and (2) ftpd in HP HP-UX B.11.11 assigns uid 0 to the FTP client in certain operating-system misconfigurations in which PAM authentication can succeed even though no passwd entry is available for a user, which allows remote attackers to gain privileges, as demonstrated by a login attempt for an LDAP account when nsswitch.conf does not specify LDAP for passwd information. El archivo ftpd.c en (1) wu-ftpd versiones 2.4.2 y (2) ftpd en HP-UX de HP versión B.11.11, asigna uid 0 al cliente FTP en ciertas configuraciones erróneas del sistema operativo en las que la autenticación PAM puede tener éxito aunque no hay ninguna entrada de passwd disponible para un usuario, lo que permite a los atacantes remotos alcanzar privilegios, como es demostrado por un intento de inicio de sesión para una cuenta LDAP cuando nsswitch.conf no especifica LDAP para la información de passwd. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01525562 http://secunia.com/advisories/31471 http://www.openwall.com/lists/oss-security/2008/08/20/4 http://www.securityfocus.com/bid/30666 http://www.securitytracker.com/id?1020682 http://www.vupen.com/english/advisories/2008/2364 https://exchange.xforce.ibmcloud.com/vulnerabilities/44414 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5971 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.3EPSS: 0%CPEs: 3EXPL: 0

Unspecified vulnerability in useradd on HP-UX B.11.11, B.11.23, and B.11.31 allows local users to access arbitrary files and directories via unspecified vectors. Vulnerabilidad no especificada en useradd de HP-UX B.11.11, B.11.23 y B.11.31, permite a usuarios locales acceder a archivos arbitrariamente a través de vectores no especificados. • http://marc.info/?l=bugtraq&m=121130252706976&w=2 http://secunia.com/advisories/30308 http://securitytracker.com/id?1020045 http://www.securityfocus.com/bid/29286 http://www.vupen.com/english/advisories/2008/1570 https://exchange.xforce.ibmcloud.com/vulnerabilities/42523 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5558 •

CVSS: 6.8EPSS: 1%CPEs: 3EXPL: 0

Unspecified vulnerability in the FTP server for HP-UX B.11.11, B.11.23, and B.11.31 allows remote authenticated users to cause a denial of service (FTP server outage) via unknown attack vectors. Vulnerabilidad no especificada en el servidor FTP de HP-UX B.11.11, B.11.23, y B.11.31 permite a usuarios remotos autenticados provocar una denegación de servicio (parada del servicio FTP) a través de vectores de ataque desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01446326 http://secunia.com/advisories/30195 http://www.securityfocus.com/bid/29160 http://www.securitytracker.com/id?1020005 http://www.vupen.com/english/advisories/2008/1475/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42357 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5289 •

CVSS: 7.2EPSS: 0%CPEs: 9EXPL: 0

Unspecified vulnerability in HP LDAP-UX vB.04.10 through vB.04.15 allows local users to gain privileges via unknown vectors. Vulnerabilidad sin especificar de HP LDAP-UX versiones de la vB.04.10 a la vB.04.15, permite a usuarios locales obtener privilegios a través de vectores desconocidos. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01447010 http://secunia.com/advisories/30132 http://www.securityfocus.com/bid/29078 http://www.securitytracker.com/id?1019981 http://www.vupen.com/english/advisories/2008/1450/references https://exchange.xforce.ibmcloud.com/vulnerabilities/42265 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6037 •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

HP StorageWorks Library and Tape Tools (LTT) before 4.5 SR1 on HP-UX B.11.11 and B.11.23 allows local users to gain privileges via unspecified vectors. Versiones anteriores a 4.5 SR1 de HP StorageWorks Library y Tape Tools (LTT) en HP-UX B.11.11 y B.11.23 permite a usuarios locales conseguir privilegios utilizando vectores no especificados. • http://secunia.com/advisories/29442 http://securitytracker.com/id?1019651 http://www.securityfocus.com/bid/28314 http://www.vupen.com/english/advisories/2008/0926/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41337 https://www12.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01399648 • CWE-264: Permissions, Privileges, and Access Controls •