Vulnerabilities > Unix > Medium

DATE CVE VULNERABILITY TITLE RISK
2008-01-31 CVE-2008-0525 Link Following vulnerability in multiple products
PatchLink Update client for Unix, as used by Novell ZENworks Patch Management Update Agent for Linux/Unix/Mac (LUM) 6.2094 through 6.4102 and other products, allows local users to (1) truncate arbitrary files via a symlink attack on the /tmp/patchlink.tmp file used by the logtrimmer script, and (2) execute arbitrary code via a symlink attack on the /tmp/plshutdown file used by the rebootTask script.
local
low complexity
unix lumension-security novell CWE-59
4.6
2007-12-10 CVE-2007-6305 Buffer Errors vulnerability in IBM Hardware Management Console 7.3.2.0
Multiple unspecified vulnerabilities in IBM Hardware Management Console (HMC) 7 R3.2.0 allow attackers to gain privileges via "some HMC commands."
local
low complexity
linux unix ibm CWE-119
4.6
2007-03-20 CVE-2006-7164 Information Disclosure vulnerability in Websphere Application Server
SimpleFileServlet in IBM WebSphere Application Server 5.0.1 through 5.0.2.7 on Linux and UNIX does not block certain invalid URIs and does not issue a security challenge, which allows remote attackers to read secure files and obtain sensitive information via certain requests.
network
linux unix ibm
4.3
2007-03-02 CVE-2007-1228 Improper Authentication vulnerability in IBM DB2 8.2/9.0
IBM DB2 UDB 8.2 before Fixpak 7 (aka fixpack 14), and DB2 9 before Fix Pack 2, on UNIX allows the "fenced" user to access certain unauthorized directories.
local
ibm unix CWE-287
4.4
2003-12-31 CVE-2003-1467 Cross-Site Scripting vulnerability in Phorum
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
4.3
2003-12-31 CVE-2003-1454 Unspecified vulnerability in Invision Power Services Invision Board 1.0/1.0.1/1.1.1
Invision Power Services Invision Board 1.0 through 1.1.1, when a forum is password protected, stores the administrator password in a cookie in plaintext, which could allow remote attackers to gain access.
network
low complexity
linux microsoft unix invision-power-services
5.0
2003-12-31 CVE-2003-1423 Permissions, Privileges, and Access Controls vulnerability in Petitforum
Petitforum stores the liste.txt data file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as e-mail addresses and encrypted passwords.
network
low complexity
linux microsoft unix petitforum CWE-264
5.0
2003-12-31 CVE-2003-1372 Cross-Site Scripting vulnerability in Myphpnuke 1.8.8
Cross-site scripting (XSS) vulnerability in links.php script in myPHPNuke 1.8.8, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the (1) ratenum or (2) query parameters.
4.3
1999-02-22 CVE-1999-0377 Denial-Of-Service vulnerability in Unix
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
network
low complexity
unix
5.0