Page 5 of 41 results (0.014 seconds)

CVSS: 7.5EPSS: 0%CPEs: 9EXPL: 0

CVE-2008-4815 – Reader: insecure RPATH flaw

https://notcve.org/view.php?id=CVE-2008-4815

Untrusted search path vulnerability in Adobe Reader and Acrobat 8.1.2 and earlier on Unix and Linux allows attackers to gain privileges via a Trojan Horse program in an unspecified directory that is associated with an insecure RPATH. Vulnerabilidad de ruta de búsqueda no confiable en Adobe Reader y Acrobat 8.1.2 y anteriores en Unix y Linux; permite a los atacantes ganar privilegios mediante un programa troyano en un directorio no especificado que está asociado a una RPATH no segura. • http://download.oracle.com/sunalerts/1019937.1.html http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html http://secunia.com/advisories/32700 http://secunia.com/advisories/32872 http://www.adobe.com/support/security/bulletins/apsb08-19.html http://www.redhat.com/support/errata/RHSA-2008-0974.html http://www.securityfocus.com/bid/32100 http://www.securitytracker.com/id?1021140 http://www.us-cert.gov/cas/techalerts/TA08-309A.html http://www.vupen.com/eng • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 19EXPL: 0

CVE-2008-0525

https://notcve.org/view.php?id=CVE-2008-0525

PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script. El cliente PatchLink Update para Unix, tal y como es usado por Novell ZENworks Patch Management Update Agent para Linux/Unix/Mac (LUM) versiones 6.2094 hasta 6.4102 y otros productos, permite a los usuarios locales (1) truncar archivos arbitrarios por medio de un ataque de tipo symlink en el archivo /tmp/patchlink.tmp usado por el script logtrimmer y (2) ejecutar código arbitrario por medio de un ataque tipo symlink en el archivo /tmp/plshutdown usado por el script rebootTask. • http://secunia.com/advisories/28657 http://secunia.com/advisories/28665 http://securityreason.com/securityalert/3599 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=527 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=528 http://support.lumension.com/scripts/rightnow.cfg/php.exe/enduser/std_adp.php?p_faqid=530 http://www.securityfocus.com/archive/1/487103/100/0/threaded http://www.securityfocus.com/bid • CWE-59: Improper Link Resolution Before File Access ('Link Following') •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

CVE-2007-6305

https://notcve.org/view.php?id=CVE-2007-6305

Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands." Múltiples vulnerabilidades no especificadas en IBM Hardware Management Console (HMC) 7 R3.2.0 permite a atacantes obtener privilegios mediante "algunos comandos HMC". • http://secunia.com/advisories/27961 http://www-1.ibm.com/support/docview.wss?uid=isg1MB02226 http://www.securitytracker.com/id?1019062 http://www.vupen.com/english/advisories/2007/4144 http://www14.software.ibm.com/webapp/set2/subscriptions/pqvcmjd?mode=18&ID=4038 https://www14.software.ibm.com/webapp/set2/sas/f/hmc/power6/install/v7.Readme.html#MH01065 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-6052

https://notcve.org/view.php?id=CVE-2007-6052

IBM DB2 UDB 9.1 before Fixpak 4 does not properly perform vector aggregation, which might allow attackers to cause a denial of service (divide-by-zero error and DBMS crash), related to an "overflow." NOTE: the vendor description of this issue is too vague to be certain that it is security-related. IBM DB2 UDB 9.1 anterior a Fixpak 4 no realiza adecuadamente la suma de vector, lo cual permite a atacantes provocar denegación de servicio (error de división por zero y caida DBMS), relacionad con un "desbordamiento". NOTA: la descripción del vendedor de este asunto es muy vaga como para afirmar que se trata de un asunto de seguridad. • http://www-1.ibm.com/support/docview.wss?uid=swg1IZ08205 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/bid/26450 http://www.vupen.com/english/advisories/2007/3867 •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

CVE-2007-6050

https://notcve.org/view.php?id=CVE-2007-6050

Unspecified vulnerability in DB2LICD in IBM DB2 UDB 9.1 before Fixpak 4 has unknown impact and attack vectors, related to creation of an "insecure directory." Vulnerabilidad no especificada en DB2LICD en IBM DB2 UDB 9.1 anterior a Fixpak 4 tiene un impacto desconocido y vectores de ataque, relacionado con la creación de un "directorio no seguro". • http://www-1.ibm.com/support/docview.wss?uid=swg1IZ03881 http://www-1.ibm.com/support/docview.wss?uid=swg21255607 http://www.securityfocus.com/bid/26450 http://www.vupen.com/english/advisories/2007/3867 • CWE-264: Permissions, Privileges, and Access Controls •