[CLOSE] OSVDB ID : 83566 - Disclosed: 1997-05-16

Description:

IRIX contains a flaw that may allow a malicious user to execute arbitrary commands as the root user. The issue is triggered when a malicious user creates a trojan horse with the same name as the 'cp' binary and manipulates the PATH environment variable to include the directory containing the trojaned copy. The day5notifier CGI script will execute the alternate binary because it does not use an absolute path in its call, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8559 - Disclosed: 1997-05-16

Description:

IRIX contains a flaw that may allow a malicious user to execute arbitrary commands as the root user. The issue is triggered when a malicious user creates a trojan horse with the same name as the system program cp and manipulates the PATH environment variable to include the directory containing the trojan. The day5datacopier CGI script will execute the trojan horse because it does not use an absolute path in its call, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 45580 - Disclosed: 1997-05-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 1009 - Disclosed: 1997-05-14

Description:

IRIX contains a flaw related to the runpriv program of the Indigo Magic System Administration subsystem that may allow unprivileged users to run selected privileged commands. No further details have been provided.

[CLOSE] OSVDB ID : 8560 - Disclosed: 1997-05-09

Description:

IRIX contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the addnetpr program creating temporary files insecurely. It is possible for a user to use a symlink style attack to corrupt arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 2928 - Disclosed: 1997-05-08

Description:

Adobe Acrobat contains a flaw that allows a malicious user to inject arbitrary commands into a PDF document via hotlinks. A victim who receives a trojaned PDF file need only open the document for the commands to be executed in some cases.

[CLOSE] OSVDB ID : 83517 - Disclosed: 1997-05-08

Description:

IRIX contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the /usr/etc/fsr creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against the /usr/tmp/.fsrlast file to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 83516 - Disclosed: 1997-05-07

Description:

Irix contains a flaw that may allow an attacker to gain access to unauthorized privileges. This issue is triggered in rmail when the LOGNAME environment variable is set to an arbitrary command, which causes the program to execute that command. This may allow a local attacker to gain escalated privileges.

[CLOSE] OSVDB ID : 1666 - Disclosed: 1997-05-07

Description:

Microsoft Windows and SCO Open Server contain a flaw that may allow a remote denial of service. The issue is triggered when an out-of-band packet is sent to port 139, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 8562 - Disclosed: 1997-05-07

Description:

(Description Provided by CVE) : Vulnerability in xfsdump in SGI IRIX may allow local users to obtain root privileges via the bck.log log file, possibly via a symlink attack.

[CLOSE] OSVDB ID : 59290 - Disclosed: 1997-05-07

Description:

(Description Provided by CVE) : inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH environmental variable to find and execute the ttsession program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse ttsession program.

[CLOSE] OSVDB ID : 899 - Disclosed: 1997-05-07

Description:

(Description Provided by CVE) : SGI syserr program allows local users to corrupt files.

[CLOSE] OSVDB ID : 932 - Disclosed: 1997-05-07

Description:

(Description Provided by CVE) : Buffer overflow in ffbconfig in Solaris 2.5.1.

[CLOSE] OSVDB ID : 84073 - Disclosed: 1997-05-07

Description:

IRIX contains a flaw related to cvpcsd in the WorkShop Debugger Suite that may lead to an unauthorized information disclosure. The issue is triggered due to the way cvpcsd logs information to the /usr/tmp/cvpcsd.log file. This will disclose potentially sensitive information to a local attacker. This vulnerability may also be leveraged to cause an unspecified denial of service.

[CLOSE] OSVDB ID : 2999 - Disclosed: 1997-05-07

Description:

Microsoft Internet Explorer contains a flaw that allows an attacker to execute commands via malicious HTML documents. The flaw is exploited by crafting custom Powerpoint Text that is triggered when a user mouses over the link. No warning or dialog is given before launching the hostile executable.

[CLOSE] OSVDB ID : 83515 - Disclosed: 1997-05-07

Description:

IRIX contains a flaw that may allow an attacker to gain access to unauthorized privileges. This issue may allow an attacker to gain root privileges via an unspecified attack leveraging /usr/etc/lpd.

[CLOSE] OSVDB ID : 235 - Disclosed: 1997-05-06

Description:

IRIX contains a flaw that may allow remote command execution. The issue is triggered when a malicious attacker utilizes the Webdist script (webdist.cgi) of the Out Box Environment Subsystem. The remote command execution occurs with the privileges of the httpd daemon. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11491 - Disclosed: 1997-05-05

Description:

lynx contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is due to lynx creating temporary files in the world-writeable /tmp directory. It is possible that the flaw may allow a local attacker to overwrite files with downloaded files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12157 - Disclosed: 1997-05-05

Description:

The Windows application contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to a plaintext password when a password disclosure tool, such as Snadboy's "Revelation", is used on the masked password display. This may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 12979 - Disclosed: 1997-05-05

Description:

(Description Provided by CVE) : KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.

[CLOSE] OSVDB ID : 4719 - Disclosed: 1997-05-04

Description:

Symantec Norton Utilities for Windows contains a flaw that may allow an attacker to execute arbitrary code. The issue is due to the TUNEOCX.OCX ActiveX control, part of the "System Genie" component, not properly handling user input. With a crafted web page, an attacker could trick a victim into browsing the page and executing arbitrary code on the victim's system.

[CLOSE] OSVDB ID : 61590 - Disclosed: 1997-05-03

Description:

Solaris contains a flaw that may allow a malicious local user to create arbitrary files on the system. The issue is due to lp creating temporary files insecurely. It is possible for an attacker to use a symlink attack to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 941 - Disclosed: 1997-05-02

Description:

(Description Provided by CVE) : Buffer overflow in xlock program allows local users to execute commands as root.

[CLOSE] OSVDB ID : 10870 - Disclosed: 1997-05-01

Description:

(Description Provided by CVE) : Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

[CLOSE] OSVDB ID : 11733 - Disclosed: 1997-05-01

Description:

(Description Provided by CVE) : Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

[CLOSE] OSVDB ID : 29234 - Disclosed: 1997-04-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8217 - Disclosed: 1997-04-27

Description:

(Description Provided by CVE) : Buffer overflow in (1) pluggable authentication module (PAM) on Solaris 2.5.1 and 2.5 and (2) unix_scheme in Solaris 2.4 and 2.3 allows local users to gain root privileges via programs that use these modules such as passwd, yppasswd, and nispasswd.

[CLOSE] OSVDB ID : 4894 - Disclosed: 1997-04-27

Description:

A local overflow exists in MIT Kerberos 5 when utilizing the Kerberos 4 compatibility libraries. Several Kerberos related programs fail to perform proper boundry checking on the KRB_CONF environment variable. With a specially crafted request, an attacker can gain unauthorized root access to vulnerable systems. This compromise would result in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 83 - Disclosed: 1997-04-24

Description:

Guestbook CGI contains a flaw that may allow a remote attacker to arbitrary execute commands. The problem is that the script does not validate user-supplied input, which may allow a remote attacker to execute arbitrary commands with the privileges of the Web server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 1110 - Disclosed: 1997-04-17

Description:

(Description Provided by CVE) : Buffer overflow in PHP cgi program, php.cgi allows shell access.

[CLOSE] OSVDB ID : 6787 - Disclosed: 1997-04-17

Description:

(Description Provided by CVE) : Buffer overflow in Solaris fdformat command gives root access to local users.

[CLOSE] OSVDB ID : 11018 - Disclosed: 1997-04-17

Description:

(Description Provided by CVE) : An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.

[CLOSE] OSVDB ID : 88696 - Disclosed: 1997-04-09

Description:

By default, Kentrox Pacesetter Router is distrubited with default user credentials (username/password combination). The supervisor account has a password of 'SECRET', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 83672 - Disclosed: 1997-04-09

Description:

Microsoft Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. During NTLM authentication a remote attacker can set the negotiation between the NTLM authentication server and the client to a constant. This will allow an attacker to gain access to username, domain name, or workgroup and hostname information via a specially crafted request.

[CLOSE] OSVDB ID : 83797 - Disclosed: 1997-04-08

Description:

Microsoft Internet Explorer on Windows NT contains a flaw that is triggered when the program sends a hashed versions of the user's password during the authentication negotiation. This may allow a remote attacker to gain access to password information via a man-in-the-middle-attack.

[CLOSE] OSVDB ID : 2953 - Disclosed: 1997-04-08

Description:

Norton Utilities contains a flaw that allows a remote attacker to send commands from a remote machine that will be executed on the target server. The issue is due to a flaw in the Active-X implementation in Internet Explorer and the way Norton Utilities uses it.

[CLOSE] OSVDB ID : 6087 - Disclosed: 1997-04-07

Description:

FreeBSD contains a flaw that may allow a malicious user to access the platform. The issue is triggered when a malicious user logs onto the victim system using a passwordless account "ftp" that is automatically created by sysinstall, while an authorized user is running the sysinstall utility. It is possible that the flaw may allow shell access (via /bin/date) resulting in a loss of integrity.

[CLOSE] OSVDB ID : 82929 - Disclosed: 1997-04-06

Description:

Digital Unix contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to SUID binaries creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against a core dump to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 3543 - Disclosed: 1997-04-06

Description:

WebScripts WebBBS contains a non-descript flaw that allows users to include SSI in messages.

[CLOSE] OSVDB ID : 83141 - Disclosed: 1997-04-04

Description:

A local overflow exists in IBM AIX. The C Library (libc) fails to properly handle long values in the LC_MESSAGES environment variable resulting in a buffer overflow. With a specially crafted request, a local attacker can gain root access resulting in a loss of integrity. This can be exploited through binaries that use the library, such as /bin/host and /usr/sbin/mount.