Mandrakesoft ≫ Mandrake Linux

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.

Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.

kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library fro...

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.