Page 6 of 76 results (0.010 seconds)

CVSS: 10.0EPSS: 1%CPEs: 7EXPL: 0

CVE-2009-3517

https://notcve.org/view.php?id=CVE-2009-3517

nfs.ext in IBM AIX 5.3.x through 5.3.9 and 6.1.0 through 6.1.2 does not properly use the nfs_portmon setting, which allows remote attackers to bypass intended access restrictions for NFSv4 shares via unspecified vectors. nfs.ext en IBM AIX v5.3.x hasta v5.3.9 y v6.1.0 hasta v6.1.2 no usa apropiadamente la configuración nfs_portmon, lo que permite a atacantes remotos eludir las restricciones de acceso para NFSv4 compartidos a través de vectores no especificados. • http://aix.software.ibm.com/aix/efixes/security/nfs4_advisory.asc http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49024 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49096 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ49278 http://www-01.ibm.com/support/docview.wss?uid=isg1IZ50399 http://www-01.ibm.com/support/docview.wss? •

CVSS: 9.3EPSS: 51%CPEs: 16EXPL: 2

CVE-2009-2727 – ToolTalk - rpc.ttdbserverd _tt_internal_realpath Buffer Overflow (AIX)

https://notcve.org/view.php?id=CVE-2009-2727

Stack-based buffer overflow in the _tt_internal_realpath function in the ToolTalk library (libtt.a) in IBM AIX 5.2.0, 5.3.0, 5.3.7 through 5.3.10, and 6.1.0 through 6.1.3, when the rpc.ttdbserver daemon is enabled in /etc/inetd.conf, allows remote attackers to execute arbitrary code via a long XDR-encoded ASCII string to remote procedure 15. Desbordamiento de búfer basado en pila en la función _tt_internal_realpath en la biblioteca ToolTalk (libtt.a) en IBM AIX v5.2.0, v5.3.0, v5.3.7 a la v5.3.10, y v6.1.0 a la v6.1.3, cuando el demonio rpc.ttdserver está activado en /etc/inetd.conf, permite a atacantes remotos ejecutar código de su elección a través de una cadena larga ASCII XDR-encoded sobre el procedimiento remoto 15. • https://www.exploit-db.com/exploits/16930 http://aix.software.ibm.com/aix/efixes/security/libtt_advisory.asc http://risesecurity.org/advisories/RISE-2009001.txt http://secunia.com/advisories/35505 http://www.ibm.com/support/docview.wss?uid=isg1IZ52842 http://www.ibm.com/support/docview.wss?uid=isg1IZ52843 http://www.ibm.com/support/docview.wss?uid=isg1IZ52844 http://www.ibm.com/support/docview.wss?uid=isg1IZ52845 http://www.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 1

CVE-2009-2669 – IBM AIX 5.6/6.1 - '_LIB_INIT_DBG' Arbitrary File Overwrite via Libc Debug

https://notcve.org/view.php?id=CVE-2009-2669

A certain debugging component in IBM AIX 5.3 and 6.1 does not properly handle the (1) _LIB_INIT_DBG and (2) _LIB_INIT_DBG_FILE environment variables, which allows local users to gain privileges by leveraging a setuid-root program to create an arbitrary root-owned file with world-writable permissions, related to libC.a (aka the XL C++ runtime library) in AIX 5.3 and libc.a in AIX 6.1. Cierto componente de depuración en IBM AIX v5.3 y v6.1 no proporciona la gestión de los entornos (1) _LIB_INIT_DBG y (2) _LIB_INIT_DBG_FILE, que permite a usuarios locales obtener privilegios utilizando para ello un programa setuid-root para crear un archivo root-owned a su elección con permisos world-writable, relacionados con ibC.a (como la librería XL C++ runtime) en AIX v5.3 y libc.a en AIX v6.1. • https://www.exploit-db.com/exploits/9645 http://aix.software.ibm.com/aix/efixes/security/libC_advisory.asc http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=815 http://secunia.com/advisories/36156 http://www.ibm.com/support/docview.wss?uid=isg1IZ54090 http://www.ibm.com/support/docview.wss?uid=isg1IZ54091 http://www.ibm.com/support/docview.wss?uid=isg1IZ54593 http://www.ibm.com/support/docview.wss? • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 2

CVE-2009-1786 – Kingsoft Webshield 1.1.0.62 - Cross-Site Scripting / Remote Command Execution

https://notcve.org/view.php?id=CVE-2009-1786

The malloc subsystem in libc in IBM AIX 5.3 and 6.1 allows local users to create or overwrite arbitrary files via a symlink attack on the log file associated with the MALLOCDEBUG environment variable. El subsistema malloc en libc en IBM AIX v5.3 y v6.1 permite a usuarios locales crear o sobrescribir ficheros de forma arbitraria a través de un ataque de enlace simbólico en el fichero log asociado con la variable de entorno MALLOCDEBUG. • https://www.exploit-db.com/exploits/33001 http://aix.software.ibm.com/aix/efixes/security/libc_advisory.asc http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=802 http://secunia.com/advisories/35146 http://securitytracker.com/id?1022261 http://www.ibm.com/support/docview.wss?uid=isg1IZ50121 http://www.ibm.com/support/docview.wss?uid=isg1IZ50129 http://www.ibm.com/support/docview.wss? • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

CVE-2009-1355

https://notcve.org/view.php?id=CVE-2009-1355

Stack-based buffer overflow in muxatmd in IBM AIX 5.2, 5.3, and 6.1 allows local users to gain privileges via a long filename. Desbordamiento de búfer basado en pila en muxatmd en IBM AIX v5.2, v5.3, y v6.1 permite a usuarios locales conseguir privilegios a través de un nombre largo de fichero. • http://aix.software.ibm.com/aix/efixes/security/muxatmd_advisory.asc http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=784 http://secunia.com/advisories/34662 http://www.ibm.com/support/docview.wss?uid=isg1IZ48495 http://www.ibm.com/support/docview.wss?uid=isg1IZ48496 http://www.ibm.com/support/docview.wss?uid=isg1IZ48499 http://www.ibm.com/support/docview.wss? • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •