CVE-2011-3172 – unix2_chkpwd do not check for a valid account
https://notcve.org/view.php?id=CVE-2011-3172
A vulnerability in pam_modules of SUSE Linux Enterprise allows attackers to log into accounts that should have been disabled. Affected releases are SUSE Linux Enterprise: versions prior to 12. Una vulnerabilidad en pam_modules de SUSE Linux Enterprise permite a los atacantes iniciar sesión en cuentas que deberían haberse desactivado. Las versiones afectadas son SUSE Linux Enterprise: versiones anteriores a la 12. • https://bugzilla.suse.com/show_bug.cgi?id=707645 https://build.opensuse.org/request/show/80346 • CWE-264: Permissions, Privileges, and Access Controls CWE-304: Missing Critical Step in Authentication •
CVE-2008-5422
https://notcve.org/view.php?id=CVE-2008-5422
Sun Sun Ray Server Software 3.1 through 4.0 does not properly restrict access, which allows remote attackers to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors. Sun Sun Ray Server Software v3.1 a v4.0 no restringe el acceso apropiadamente, lo que permite a atacantes remotos descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y la Administration GUI, mediante vectores no especificados. • http://secunia.com/advisories/33108 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240365-1 http://support.avaya.com/elmodocs2/security/ASA-2008-502.htm http://www.securityfocus.com/bid/32769 http://www.securitytracker.com/id?1021383 http://www.vupen.com/english/advisories/2008/3406 https://exchange.xforce.ibmcloud.com/vulnerabilities/47253 • CWE-264: Permissions, Privileges, and Access Controls •
CVE-2008-5423
https://notcve.org/view.php?id=CVE-2008-5423
Sun Sun Ray Server Software 3.x and 4.0 and Sun Ray Windows Connector 1.1 and 2.0 expose the LDAP password during a configuration step, which allows local users to discover the Sun Ray administration password, and obtain admin access to the Data Store and Administration GUI, via unspecified vectors related to the utconfig component of the Server Software and the uttscadm component of the Windows Connector. Sun Ray Server Software v3.x y v4.0 y Sun Ray Windows Connector v1.1 y v2.0 exponen la contraseña LDAP durante un paso de configuración, lo que permite a usuarios locales descubrir la contraseña de administración de Sun Ray y obtener acceso admin a el Data Store y el Administration GUI, mediante vectores no especificados relacionados con el componente utconfig de el Server Software y el componente uttscadm de el Windows Connector. • http://secunia.com/advisories/33108 http://secunia.com/advisories/33119 http://securitytracker.com/id?1021379 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127553-04-1 http://sunsolve.sun.com/search/document.do?assetkey=1-21-127556-03-1 http://sunsolve.sun.com/search/document.do?assetkey=1-26-240506-1 http://support.avaya.com/elmodocs2/security/ASA-2008-500.htm http://www.securityfocus.com/bid/32772 http://www.vupen.com/english/advisories/2008/3406 http:/ • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2008-4636
https://notcve.org/view.php?id=CVE-2008-4636
yast2-backup 2.14.2 through 2.16.6 on SUSE Linux and Novell Linux allows local users to gain privileges via shell metacharacters in filenames used by the backup process. yast2-backup de 2.14.2 a 2.16.6 en SUSE Linux y Novell Linux permite a usuarios locales obtener privilegios a través de metacaracteres de consola en nombres de archivos usados por el proceso de copia de respaldo. • http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00003.html http://osvdb.org/50284 http://secunia.com/advisories/32832 http://www.securityfocus.com/bid/32464 https://exchange.xforce.ibmcloud.com/vulnerabilities/46879 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVE-2007-1285 – PHP 3/4/5 - ZendEngine Variable Destruction Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1285
The Zend Engine in PHP 4.x before 4.4.7, and 5.x before 5.2.2, allows remote attackers to cause a denial of service (stack exhaustion and PHP crash) via deeply nested arrays, which trigger deep recursion in the variable destruction routines. El motor Zend en PHP versión 4.x anterior a 4.4.7, y versión 5.x anterior a 5.2.2, permite que los atacantes remotos causen una denegación de servicio (agotamiento de pila y bloqueo de PHP) por medio de matrices profundamente anidadas, que desencadenan una profunda recursión en la variable de rutinas de destrucción. • https://www.exploit-db.com/exploits/29692 http://lists.opensuse.org/opensuse-security-announce/2007-07/msg00006.html http://rhn.redhat.com/errata/RHSA-2007-0154.html http://rhn.redhat.com/errata/RHSA-2007-0155.html http://rhn.redhat.com/errata/RHSA-2007-0163.html http://secunia.com/advisories/24909 http://secunia.com/advisories/24910 http://secunia.com/advisories/24924 http://secunia.com/advisories/24941 http://secunia.com/advisories/24945 http://secunia.com/advisories • CWE-674: Uncontrolled Recursion •