CVE-2000-0721
published 2000-10-20CVE-2000-0721: The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan…
PriorityP411medium6.2CVSS 2.0
AVLACHAuNCCICAC
EXPLOIT
EPSS
0.75%
50.2th percentile
The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip package are installed world-writeable, which allows local users to replace them with Trojan horses.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| multisoft | flagship | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
exploitdb·2002-08-15
CVE-2002-0721 Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
Microsoft SQL 2000/7.0 - Agent Jobs Privilege Escalation
---
source: https://www.securityfocus.com/bid/5483/info
Microsoft SQL Server 2000 uses an Agent which is responsible for restarting the SQL Server service, replication, and running scheduled jobs.
Some of the jobs that the Agent executes have weak permissions, which could allow a user with low permissions to perform actions on the database in the context of the SQL Server Service Account when used in conjunction with the Microsoft SQL Server Extended Stored Procedure Privilege Elevation Vulnerability
-- GetSystemOnSQL
-- For this to work the SQL Agent should be running.
-- Further, you'll need to change SERVER_NAME in
-- sp_add_jobserver to the SQL Server of your choice
--
-- David Litchfield
-- ([email protected])
-- 18th J
Exploit-DB
Multisoft FlagShip 4.4 - Installation Permission
exploitdb·2000-08-10
CVE-2000-0721 Multisoft FlagShip 4.4 - Installation Permission
Multisoft FlagShip 4.4 - Installation Permission
---
source: https://www.securityfocus.com/bid/1586/info
A vulnerability exists in the installation of Multisoft's FlagShip 4.4 product. Some binaries are installed with world writable permissions. This may allow an attacker to alter a binary and cause other users to execute arbitrary code.
The files:
/usr/bin/FSserial
/usr/bin/FlagShip_c
/usr/bin/FlagShip_p
are world writable.
No writeups or analysis indexed.
2000-10-20
Published