27 matches found
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh security update
20120801-38 - Do not evaluate arithmetic expressions from environment variables at startup Resolves: 1790542...
Fedora 30 : 1:ksh (2020-a0f0eb8500)
Do not evaluate arithmetic expressions from environment variables at startup Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
ksh: certain environment variables interpreted as arithmetic expressions on startup, leading to code injection
A flaw was found in the way ksh evaluates certain environment variables. An attacker could use this flaw to override or bypass environment restrictions to execute shell commands. Services and applications that allow remote unauthenticated attackers to provide one of those environment variables...
Code injection
PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...
CVE-2007-3578
PHPIDS before 20070703 does not properly handle 1 arithmetic expressions and 2 unclosed comments, which allows remote attackers to inject arbitrary web script...