Secunia Research has discovered a vulnerability in Spy Sweeper Enterprise, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Spy Sweeper Enterprise Client SpySweeperTray.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary commands on a system with escalated privileges.
Secunia Research has discovered a vulnerability in My Firewall Plus, which can be exploited by malicious, local users to gain escalated privileges. The vulnerability is caused due to the Smc.exe process invoking the help functionality with SYSTEM privileges. This can be exploited to execute arbitrary programs on a system with escalated privileges.
Multiple vulnerabilies have been found in the Singapore Image Gallery Web Application version 0.9.10 including arbitrary file download, directory deletion, and cross site scripting flaws.
Secure Network Operations Advisory SRT2004-12-14-0322 - Symantec LiveUpdate versions prior to 2.5 are susceptible to a flaw that may allow for local privilege escalation to SYSTEM.
STG Security Advisory: JSBoard is one of widely used web BBS applications in Korea. However, an input validation flaw can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
STG Security Advisory: phpBB Attachment Mod is file upload module for phpBB. However, an input validation flaw can cause malicious attackers to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user. Attachment module 2.3.10 and below is susceptible.
STG Security Advisory: MediaWiki versions 1.3.8 and below have an input validation flaw that can allow malicious attackers the ability to run arbitrary commands with the privilege of the HTTPD process, which is typically run as the nobody user.
HP Security Bulletin - A potential vulnerability has been identified with the HP-UX newgrp(1) command that may allow authorized users to elevate privileges. Affected versions are HP-UX B.11.00, B.11.04, B.11.11.
HP Security Bulletin - A potential security vulnerability has been identified with System Administration Manager (SAM) running on HP-UX that may allow local unauthorized privileges. Affected Versions: HP-UX B.11.00, B.11.11, B.11.22, and B.11.23.
SUSE Security Announcement - Due to missing argument checking in the 32 bit compatibility system call handler in the 2.4 Linux Kernel on the AMD64 platform a local attacker can gain root access using a simple program. This is a 2.4 Kernel and AMD64 specific problem, other architectures and the 2.6 Kernel are not affected.
Technical Cyber Security Alert TA04-356A - The software phpBB contains an input validation problem in how it processes a parameter contained in URLs. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. Systems Affected: phpBB versions 2.0.10 and prior.
A flaw in tnftp exists where it fails to properly validate file names provided by the server. Successful exploitation allows overwriting local files, but requires that a user connects to a malicious ftp server and downloads files.
uml-utilities version 20030903 is susceptible to a denial of service vulnerability via the uml-net utility running setuid root and being able to take down the system's ethernet connection.
Ubuntu Security Notice USN-44-1 - A race condition and possible information leak has been discovered in Perl's File::Path::rmtree(). This function changes the permission of files and directories before removing them to avoid problems with wrong permissions. However, they were made readable and writable not only for the owner, but for the entire world, which opened a race condition and a possible information leak (if the actual removal of a file/directory failed for some reason).