4884 matches found
FreeBSD Ports: ja-uim
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
DEBIAN-CVE-2008-1033
The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information credentials by reading the log data, related to "authentication environment variables."...
CVE-2005-4875
TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
Authentication flaw
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
Apache-SSL Environment Variables Manipulation
Binary data 4460.prm...
CVE-2008-0555
The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...
Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation
According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...
CVE-2008-1599
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...
Authentication flaw
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...
CVE-2008-1600
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...
Code injection
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...
CVE-2008-1599
The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...
CVE-2008-1600
The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...
CVE-2008-0306
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...
CVE-2008-0306
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...
CVE-2008-0306
sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...
iDefense Security Advisory 03.10.08: SAP MaxDB sdbstarter Privilege Escalation Vulnerability
iDefense Security Advisory 03.10.08 http://labs.idefense.com/intelligence/vulnerabilities/ Mar 10, 2008 I. BACKGROUND SAP's MaxDB is a database software product. MaxDB was released as open source from version 7.5 up to version 7.6.00. Later versions are no longer open source but are available for...
CVE-2008-1054
Stack-based buffer overflow in the libspawnusergetpid function in 1 swatch.exe and 2 surgemail.exe in NetWin SurgeMail 38k4 and earlier, and beta 39a, allows remote attackers to cause a denial of service daemon crash and possibly execute arbitrary code via an HTTP request with multiple long heade...
Debian Security Advisory DSA 091-1 (ssh)
The remote host is missing an update to ssh announced via advisory DSA 091-1. OpenVAS Vulnerability Test $Id: deb0911.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 091-1 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...