Naked Security

Security Bulletins

2013-10-18 - [slackware-security] hplip (SSA:2013-291-01)

10/19/2013

2013-10-18 - [slackware-security] libtiff (SSA:2013-290-01)

10/18/2013

2013-10-14 - [slackware-security] xorg-server (SSA:2013-287-05)

10/15/2013

2013-10-14 - [slackware-security] libgpg-error (SSA:2013-287-04)

10/15/2013

2013-10-14 - [slackware-security] gnutls (SSA:2013-287-03)

10/15/2013

Latest Malware Updates

CVE-1999-0067

phf CGI program allows remote command execution through shell metacharacters.

03/20/1996

CVE-1999-0142

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

03/01/1996

CVE-1999-0233

IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.

02/25/1996

CVE-1999-0143

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

02/21/1996

CVE-1999-0103

Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.

02/08/1996

CVE-1999-1491

abuse.console in Red Hat 2.1 uses relative pathnames to find and execute the undrv program, which allows local users to execute arbitrary commands via a path that points to a Trojan horse program.

02/02/1996

CVE-1999-1319

Vulnerability in object server program in SGI IRIX 5.2 through 6.1 allows remote attackers to gain root privileges in certain configurations.

01/03/1996

rxvt, when compiled with the PRINT_PIPE option in various Linux operating systems including Linux Slackware 3.0 and RedHat 2.1, allows local users to gain root privileges by specifying a malicious program using the -print-pipe command line parameter.

01/02/1996

CVE-1999-0208

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

12/12/1995

CVE-1999-0325

vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.

12/01/1995

CVE-1999-0316

Buffer overflow in Linux splitvt command gives root access to local users.

12/01/1995

CVE-1999-0123

Race condition in Linux mailx command allows local users to read user files.

12/01/1995

CVE-1999-0080

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

11/30/1995

CVE-1999-0241

Guessable magic cookies in X Windows allows remote attackers to execute commands, e.g. through xterm.

11/01/1995

CVE-1999-0099

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

10/19/1995

CVE-1999-0073

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

10/13/1995

CVE-1999-0218

Livingston portmaster machines could be rebooted via a series of commands.

10/01/1995

CVE-1999-0245

Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".

09/07/1995

CVE-1999-0155

The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

08/31/1995

CVE-1999-0164

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

08/29/1995

Security Advisories Database