Trusted Execution in IBM AIX 6.1 uses an incorrect pathname argument in a call to the trustchk_block_write function, which might allow local users to modify trusted files, related to an error in the support for links in the TSD_FILES_LOCK policy.
CVSS Score
2.1
EPSS Score
0.001
Published
2008-01-10
Cross-site scripting (XSS) vulnerability in index.php in FTP Admin 0.1.0 allows remote attackers to inject arbitrary web script or HTML via the error parameter in an error page action.
CVSS Score
4.3
EPSS Score
0.035
Published
2007-12-04
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create or overwrite an arbitrary file, and enable world writability of this file, by using the file's name as the argument.
CVSS Score
6.9
EPSS Score
0.001
Published
2007-11-05
cfgcon in IBM AIX 5.2 and 5.3 does not properly validate the argument to the "-p" option to swcons, which allows local users in the system group to create an arbitrary file, and enable world writability of this file, via a symlink attack involving use of the file's name as the argument. NOTE: this issue is due to an incomplete fix for CVE-2007-5804.
CVSS Score
6.9
EPSS Score
0.0
Published
2007-11-05
Stack-based buffer overflow in the domacro function in ftp in IBM AIX 5.2 and 5.3 allows local users to gain privileges via a long parameter to a macro, as demonstrated by executing a macro via the '$' command.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Multiple stack-based buffer overflows in IBM AIX 5.2 and 5.3 allow local users to gain privileges via a long argument to the (1) "-p" option to lqueryvg or (2) the "-V" option to lquerypv.
CVSS Score
7.2
EPSS Score
0.002
Published
2007-11-05
Buffer overflow in crontab in IBM AIX 5.2 allows local users to gain privileges via long command line arguments.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Integer underflow in the dns_name_fromtext function in (1) libdns_nonsecure.a and (2) libdns_secure.a in IBM AIX 5.2 allows local users to gain privileges via a crafted "-y" (TSIG key) command line argument to dig.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Stack-based buffer overflow in the sendrmt function in bellmail in IBM AIX 5.2 and 5.3 allows local users to execute arbitrary code via a long parameter to the m command.
CVSS Score
7.2
EPSS Score
0.001
Published
2007-11-05
Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.
CVSS Score
7.6
EPSS Score
0.1
Published
2007-09-18