Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144441.
Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.
IBM Informix Dynamic Server Enterprise Edition 12.1 could allow a local user logged in with database administrator user to gain root privileges through a symbolic link vulnerability in .infxdirs. IBM X-Force ID: 144432.
Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.
Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.
Stack-based buffer overflow in oninit in IBM Informix Dynamic Server Enterprise Edition 12.1 allows an authenticated user to execute predefined code with root privileges, such as escalating to a root shell. IBM X-Force ID: 144439.
IBM Notes Diagnostics (IBM Client Application Access and IBM Notes) could allow a local user to execute commands on the system. By crafting a command line sent via the shared memory IPC, which could be tricked into executing an executable chosen by the attacker. IBM X-Force ID: 138710.
Unspecified vulnerability in Oracle Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Kernel/VM
IBM WebSphere Application Server (WAS) 8.5 through 8.5.0.2 on UNIX allows local users to gain privileges by leveraging improper process initialization. IBM X-Force ID: 84362.
Multiple integer overflows in the IP_MSFILTER and IPV6_MSFILTER features in (1) sys/netinet/in_mcast.c and (2) sys/netinet6/in6_mcast.c in the multicast implementation in the kernel in FreeBSD 8.3 through 9.2-PRERELEASE allow local users to bypass intended restrictions on kernel-memory read and write operations, and consequently gain privileges, via vectors involving a large number of source-filter entries.
IBM Netezza Platform Software (IBM PureData System for Analytics 1.0.0) could allow a local user to modify a world writable file, which could be used to execute commands as root. IBM X-Force ID: 140211.
Unspecified "absolute path vulnerability" in umountall in IBM AIX 5.1 through 5.3 allows local users to cause unknown impact via unknown vectors.
Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to execute arbitrary code via unknown vectors.
IBM Security AppScan Enterprise 5.6 and 8.x before 8.7 and IBM Rational Policy Tester 5.6 and 8.x before 8.5.0.4 create a service that lacks " (double quote) characters in the service path, which allows local users to gain privileges via a Trojan horse program, related to an "Unquoted Service Path Enumeration" vulnerability.
A Command Execution Vulnerability exists in IBM Sterling External Authentication Server 2.2.0, 2.3.01, 2.4.0, and 2.4.1 via an unspecified OS command, which could let a local malicious user execute arbitrary code.
Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
Unspecified vulnerability in HP Storage Data Protector 6.20, 6.21, 7.00, and 7.01 allows local users to gain privileges via unknown vectors.
VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.
The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions on a jailed process.
Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments.
FreeBSD: Input Validation Flaw allows local users to gain elevated privileges
Unspecified vulnerability in IBM InfoSphere Guardium S-TAP 8.1 for DB2 on z/OS allows local users to gain privileges via unknown vectors.
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.
A remote execution of arbitrary code vulnerability has been identified in HPE RESTful Interface Tool 1.5, 2.0 (hprest-1.5-79.x86_64.rpm, ilorest-2.0-403.x86_64.rpm). The issue is resolved in iLOREST v2.1 or subsequent versions.
Multiple symlink vulnerabilities in portupgrade before 20041226_2 in FreeBSD allow local users to (1) overwrite arbitrary files and possibly replace packages to execute arbitrary code via pkg_fetch, (2) overwrite arbitrary files via temporary files when portupgrade upgrades a port or package, or (3) create arbitrary zero-byte files via the pkgdb.fixme temporary file.
Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.
Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.
Unspecified vulnerability in Oracle Sun Solaris 11 allows local users to affect confidentiality, integrity, and availability via unknown vectors related to Power Management.
ntmulti.exe in the Multi User Profile Cleanup service in IBM Notes 8.0, 8.0.1, 8.0.2, 8.5, 8.5.1, 8.5.2, 8.5.3 before FP5, and 9.0 before IF2 allows local users to gain privileges via vectors that arrange for code to be executed during the next login session of a different user, aka SPR PJOK959J24.
EMC Avamar Client 4.x, 5.x, and 6.x on HP-UX and Mac OS X, and the EMC Avamar plugin 4.x, 5.x, and 6.x for Oracle, uses world-writable permissions for cache directories, which allows local users to gain privileges via an unspecified symlink attack.
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.
Directory traversal vulnerability in the vfs_getvfssw function in Solaris 2.6, 7, 8, and 9 allows local users to load arbitrary kernel modules via crafted (1) mount or (2) sysfs system calls. NOTE: this might be the same issue as CVE-2004-1767, but there are insufficient details to be sure.
inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.
HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installed uses insecure directory permissions, which allows local users to gain privileges via files in /opt/gnome/src/GLib/.
Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, allows local users to gain privileges via a long CC argument.
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
IBM Power Hardware Management Console (HMC) 7R3.5.0 before SP4, 7R7.1.0 and 7R7.2.0 before 7R7.2.0 SP3, and 7R7.3.0 before SP2, and Systems Director Management Console (SDMC) 6R7.3.0 before SP2, does not properly restrict the VIOS viosrvcmd command, which allows local users to gain privileges via vectors involving a (1) $ (dollar sign) or (2) & (ampersand) character.
The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain privileges by loading arbitrary loadable kernel modules (LKM), possibly involving the modload function.
Unspecified vulnerability in IBM Tivoli Storage Manager for Space Management (aka TSM HSM) before 6.2.5.0 and 6.3.x before 6.3.1.0 allows local users to read or modify file system objects via unknown vectors.
Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, and B.11.22 allows local users to gain root privileges via unknown vectors.
Stack-based buffer overflow in ontape for IBM Informix Dynamic Server (IDS) 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable.
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
Unspecified vulnerability in Role-Based Access Control (RBAC) in HP HP-UX B.11.23 and B.11.31 allows local users to bypass intended access restrictions via unknown vectors.
Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 allows attackers to execute arbitrary commands as root via unknown vectors in the sample code.
A potential vulnerability in AMD System Management Mode (SMM) interrupt handler may allow an attacker with high privileges to access the SMM resulting in arbitrary code execution which could be used by malicious actors to bypass security mechanisms provided in the UEFI firmware.
Potential vulnerabilities have been identified in UEFI firmware (BIOS) for some PC products which may allow escalation of privilege and arbitrary code execution.
A potential security vulnerability has been identified with the command line shell of the HP ThinPro operating system 6.1, 5.2.1, 5.2, 5.1, 5.0, and 4.4. The vulnerability could result in a local unauthorized elevation of privilege on an HP thin client device.
Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allow local users to execute arbitrary code.