CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 2CVE-2004-1054 – AIX 4.3/5.1 < 5.3 - 'lsmcode' Execution Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1054
Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5.2.0, and 5.3.0 allows local users to gain privileges by modifying the PATH environment variable to point to a malicious "uname" program, which is executed from lsvpd after lsvpd has been invoked by invscout. Vulnerabilidad de camino de ejecución no confiable en invscout de IBM AIX 5.1.0, 5.2.0 y 5.3.0 permite a usuarios locales ganar privilegios modificando la variable de entorno PATH para que apunte a un programa "uname" malicioso, que es ejecutado desde lsvpd después de que lsvpd haya sido ejecutado por invscout • https://www.exploit-db.com/exploits/701 https://www.exploit-db.com/exploits/898 http://www-1.ibm.com/support/search.wss?rs=0&q=IY64820&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY64852&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY64976&apar=only http://www.idefense.com/application/poi/display?id=171&type=vulnerabilities https://exchange.xforce.ibmcloud.com/vulnerabilities/18619 •
CVSS: 7.2EPSS: 0%CPEs: 7EXPL: 3CVE-2004-1329 – IBM AIX 5.x - 'Diag' Local Privilege Escalation
https://notcve.org/view.php?id=CVE-2004-1329
Untrusted execution path vulnerability in the diag commands (1) lsmcode, (2) diag_exec, (3) invscout, and (4) invscoutd in AIX 5.1 through 5.3 allows local users to execute arbitrary programs by modifying the DIAGNOSTICS environment variable to point to a malicious Dctrl program. • https://www.exploit-db.com/exploits/25039 http://marc.info/?l=bugtraq&m=110355931920123&w=2 http://www-1.ibm.com/support/search.wss?rs=0&q=IY64277&apar=only http://www-1.ibm.com/support/search.wss?rs=0&q=IY64389&apar=only http://www.securityfocus.com/archive/1/464276/100/0/threaded http://www.securityfocus.com/archive/1/464481/100/0/threaded http://www.securityfocus.com/bid/12041 https://exchange.xforce.ibmcloud.com/vulnerabilities/18620 https://www.exploit-d •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2004-0545
https://notcve.org/view.php?id=CVE-2004-0545
LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary files via a symlink attack. LVM de AIX 5.1 Y 5.2 permite a usuarios locales sobreescribir ficheros de su elección mediante un ataque de enlaces simbólicos (symlink attack) • http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0544.2 http://www.ciac.org/ciac/bulletins/o-131.shtml http://www.securityfocus.com/bid/10230 https://exchange.xforce.ibmcloud.com/vulnerabilities/16011 •
CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 3CVE-2004-0544 – AIX 4.3.3/5.x - Getlvcb Command Line Argument Buffer Overflow
https://notcve.org/view.php?id=CVE-2004-0544
Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users to gain privileges via the (1) putlvcb or (2) getlvcb commands. Múltiples desbordamientos de búfer en LVM de AIX 5.1 y 5.2 permite a usuarios locales ganar privilegios mediante comandos (1)putlvcb o (2) getlvcb. • https://www.exploit-db.com/exploits/23840 https://www.exploit-db.com/exploits/23841 http://secunia.com/advisories/11158 http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0544.2 http://www-1.ibm.com/support/docview.wss?uid=isg1IY55681 http://www-1.ibm.com/support/docview.wss?uid=isg1IY55682 http://www.ciac.org/ciac/bulletins/o-131.shtml http://www.osvdb.org/4392 http://www.osvdb.org/4393 http://www.securityfocus.com/bid/9905 http& •
CVSS: 10.0EPSS: 85%CPEs: 12EXPL: 0CVE-2004-0368
https://notcve.org/view.php?id=CVE-2004-0368
Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and other operating systems allows remote attackers to execute arbitrary code via a crafted XDMCP packet. Vulnerabilidad de doble liberación de memora en dtlogin de CDE sobre Solaris, y posiblemente otros sistemas operativos, permite a atacantes remotos ejecutar código arbitrario mediante cierto paquete UDP. • ftp://patches.sgi.com/support/free/security/advisories/20040801-01-P http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0064.html http://lists.immunitysec.com/pipermail/dailydave/2004-March/000402.html http://secunia.com/advisories/11210 http://secunia.com/advisories/11214 http://secunia.com/advisories/11495 http://secunia.com/advisories/11614 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101478-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57539-1&se • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •