Page 8 of 115 results (0.005 seconds)

CVSS: 6.4EPSS: 1%CPEs: 4EXPL: 0

HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the add_new_client command, causes the TFTP server to set world-writable permissions on part of the directory tree, which allows remote attackers to modify data or cause disk consumption. • http://marc.info/?l=bugtraq&m=112420609211136&w=2 http://marc.info/?l=bugtraq&m=112422597529112&w=2 http://secunia.com/advisories/16456 http://securitytracker.com/id?1014711 https://exchange.xforce.ibmcloud.com/vulnerabilities/21857 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5775 •

CVSS: 7.5EPSS: 25%CPEs: 15EXPL: 0

Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with the -v (debug) option enabled, allows remote attackers to execute arbitrary code via a long command request. • http://marc.info/?l=bugtraq&m=110797179710695&w=2 http://secunia.com/advisories/13608 http://securitytracker.com/id?1012650 http://www.idefense.com/application/poi/display?id=175&type=vulnerabilities&flashstatus=false http://www.kb.cert.org/vuls/id/647438 http://www.securityfocus.com/bid/12077 https://exchange.xforce.ibmcloud.com/vulnerabilities/18636 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5701 •

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. • http://marc.info/?l=bugtraq&m=108455531606056&w=2 http://secunia.com/advisories/11615 http://www.hp.com/products1/unix/java/mozilla/HPSBUX01034.html http://www.osvdb.org/6120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6105 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. • http://marc.info/?l=bugtraq&m=110384155209555&w=2 http://www.ciac.org/ciac/bulletins/p-085.shtml http://www.securityfocus.com/bid/12098 https://exchange.xforce.ibmcloud.com/vulnerabilities/18674 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5435 •

CVSS: 9.3EPSS: 19%CPEs: 157EXPL: 1

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •