It is possible to spoof a JDBC class request to make it appear as though it came from an authorized applet. This could allow execution of any DLL on the system by a remote attacker.
The HP Tru64/OSF1 dxterm utility is prone to a locally exploitable buffer overflow condition. This issue is due to insufficient checking of command line input supplied via the "-xrm" parameter. This parameter serves the same purpose as the "-customization" command line parameter, which is also not sufficiently checked. Since this utility is installed setuid root, code execution that results from successful exploitation of this issue will yield root privileges on the system.
Buffer overrun vulnerabilities have been reported in the Cisco VPN 5000 UNIX clients available for Linux and Solaris systems. The condition affects the binaries 'close_tunnel' and 'open_tunnel', both installed setuid root by default. Malicious local users may exploit these vulnerabilities to gain superuser privileges on the affected host.
When the ident server receives a malformed request that is 418 bytes or more in length, the client crashes and memory is corrupted. It may be possible for an attacker to exploit the resulting memory corruption to execute arbitrary instructions with the privileges of the ident server.
By requesting a specially crafted URL, it is possible to initiate a TCP connect from the vulnerable server to a remote IP address and arbitrary port. The server will then produce a debug page, which can be used to determine port status on the scanned host.
A directory traversal bug exists in DB4Web. By passing a maliciously crafted query to the application, an attacker can potentially gain access to arbitrary system files. This is due to the application insufficiently validating the user supplied input.
It has been reported that wmnet2 is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmnet2. The program that is executed can be specified by the attacker at the command line.
It has been reported that wmmon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through wmmon. The program that is executed can be specified by the attacker at the command line.
It has been reported that ascpu is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through ascpu. The program that is executed can be specified by the attacker at the command line.
It has been reported that BubbleMon is vulnerable to a leakage of open file descriptors that may result in unauthorized disclosure of kernel memory. It is allegedly possible for attackers to inherit the open file descriptors for /dev/mem and /dev/kmem by executing a malicious program through BubbleMon. The program that is executed can be specified by the attacker at the command line.