Lucene search
+L

27 matches found

RedHat Linux
RedHat Linux
added 2020/05/19 10:43 p.m.7 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
Oracle linux
Oracle linux
added 2020/02/18 12:0 a.m.74 views

ksh security update

20120801-38 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790542...

7.8CVSS2.5AI score0.01385EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2020/02/18 12:0 a.m.24 views

Fedora 30 : 1:ksh (2020-a0f0eb8500)

Do not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...

7.8CVSS7.2AI score0.01385EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2020/02/17 9:3 a.m.14 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2020/02/05 12:15 p.m.6 views

ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection

A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...

7.8CVSS6AI score0.01385EPSS
Exploits0References4
Prion
Prion
added 2007/07/05 8:30 p.m.16 views

Code injection

PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...

4.3CVSS7AI score0.01083EPSS
Exploits0References5
Cvelist
Cvelist
added 2007/07/05 8:0 p.m.17 views

CVE-2007-3578

PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...

6.7AI score0.01083EPSS
Exploits0References5
Rows per page
Query Builder