Page 9 of 166 results (0.012 seconds)

CVSS: 7.2EPSS: 0%CPEs: 3EXPL: 0

HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/. • http://marc.info/?l=bugtraq&m=108455531606056&w=2 http://secunia.com/advisories/11615 http://www.hp.com/products1/unix/java/mozilla/HPSBUX01034.html http://www.osvdb.org/6120 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6105 • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 4.6EPSS: 0%CPEs: 5EXPL: 0

Unknown vulnerability in System Administration Manager (SAM) in HP-UX B.11.00, B.11.11, B.11.22, and B.11.23 allows local users to gain privileges. • http://marc.info/?l=bugtraq&m=110384155209555&w=2 http://www.ciac.org/ciac/bulletins/p-085.shtml http://www.securityfocus.com/bid/12098 https://exchange.xforce.ibmcloud.com/vulnerabilities/18674 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5435 •

CVSS: 9.3EPSS: 19%CPEs: 157EXPL: 1

The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers to load unsafe classes and execute arbitrary code by using the reflection API to access private Java packages. • https://www.exploit-db.com/exploits/24763 http://jouko.iki.fi/adv/javaplugin.html http://lists.apple.com/archives/security-announce/2005/Feb/msg00000.html http://rpmfind.net/linux/RPM/suse/updates/9.3/i386/rpm/i586/java-1_4_2-sun-src-1.4.2.08-0.1.i586.html http://secunia.com/advisories/13271 http://secunia.com/advisories/29035 http://securityreason.com/securityalert/61 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101523-1 http://sunsolve.sun.co • CWE-264: Permissions, Privileges, and Access Controls •

CVSS: 7.8EPSS: 0%CPEs: 21EXPL: 3

Buffer overflow in the get_tag function in mod_include for Apache 1.3.x to 1.3.32 allows local users who can create SSI documents to execute arbitrary code as the apache user via SSI (XSSI) documents that trigger a length calculation error. • https://www.exploit-db.com/exploits/587 https://www.exploit-db.com/exploits/24694 http://marc.info/?l=bugtraq&m=109906660225051&w=2 http://secunia.com/advisories/12898 http://secunia.com/advisories/19073 http://securitytracker.com/id?1011783 http://sunsolve.sun.com/search/document.do?assetkey=1-26-102197-1 http://support.avaya.com/elmodocs2/security/ASA-2006-081.htm http://www.apacheweek.com/features/security-13 http://www.debian.org/security/2004/dsa-594 http:/& • CWE-131: Incorrect Calculation of Buffer Size •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified PATH when executing certain commands, which allows local users to execute arbitrary code by modifying the PATH environment variable to point to malicious programs. • http://marc.info/?l=bugtraq&m=109837243713696&w=2 http://www.nsfocus.com/english/homepage/research/0402.htm http://www.securityfocus.com/advisories/7351 http://www.securityfocus.com/bid/11493 https://exchange.xforce.ibmcloud.com/vulnerabilities/17813 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5538 •