security flaw

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size...

CVE-2003-1078

The FTP client for Solaris 2.6, 7, and 8 with the debug -d flag enabled displays the user password on the screen during login...

DEBIAN-CVE-2005-0156

Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support sperl, allows local users to execute arbitrary code by setting the PERLIODEBUG variable and executing a Perl script whose full pathname contains a long directory tree...

Setuid perl PerlIO_Debug() overflow

No description provided by source. / Copyright Kevin Finisterre Setuid perl PerlIODebug overflow Tested on Debian 3.1 perl-suid 5.8.4-5 11:07:20 corezion: who is tha man with tha masta plan? 11:07:36 corezion: a nigga with a buffer overrun 11:07:39 corezion: heh of course that is to the tune of...

perl PERLIO_DEBUG privilege escalation

By using PERLIODEBUG variable it's possible to redirect debug output of suid application to any file. Oversized PERLIODEBUG causes buffer overflow...

[SA14120] Perl "PERLIO_DEBUG" Privilege Escalation Vulnerabilities

TITLE: Perl "PERLIODEBUG" Privilege Escalation Vulnerabilities SECUNIA ADVISORY ID: SA14120 VERIFY ADVISORY: http://secunia.com/advisories/14120/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Perl 5.x http://secunia.com/product/2647/ DESCRIPTION: Kevin...

ngIRCd 0.8.2 - Remote Format String

/ ngircdfsexp.c ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET address from 0x0806b000 + offset -l targets list root@servidor:/home/coki/audit...

ngIRCd <= 0.8.2 Remote Format String Exploit

No description provided by source. / ngircdfsexp.c ngIRCd = 0.8.2 remote format string exploit Note: To obtain a successful exploitation, we need that ngIRCd has been compiled with IDENT, logging to SYSLOG and DEBUG enabled. Original Reference: http://www.nosystem.com.ar/advisories/advisory-11.tx...

perl -- vulnerabilities in PERLIO_DEBUG handling

Kevin Finisterre discovered bugs in perl's I/O debug support: The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 A buffer overflow may occur in...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version...

PuTTY for Symbian OS "SSH2_MSG_DEBUG" Buffer Overflow

No description provided...

CVE-2004-2498

Unspecified vulnerability in the error handler in Hitachi Web Page Generator and Web Page Generator Enterprise 4.01 and earlier, when using the default error template and debug mode is set to ON, allows remote attackers to determine internal directory structures via unknown attack vectors...

CVE-2004-2268

PimenGest2 before 1.1.1 allows remote attackers to obtain the database password via debug information in rowLatex.inc.php...

DEBIAN-CVE-2004-1453

GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, and 2.3.2 before 2.3.2-r10 does not restrict the use of LDDEBUG for a setuid program, which allows local users to gain sensitive information, such as the list of symbols used by the program...

PT-2004-3233 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Microsoft Windows versions 2000, XP, and possibly 2003 Description: The issue allows local users with the SeDebugPrivilege privilege to execute arbitrary code as kernel and read or write kernel memory via the NtSystemDebugControl function,...

PT-2004-2909 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux kernel versions 2.4.25 and earlier Description: The issue is related to an integer overflow in the SCTP SOCKOPT DEBUG NAME SCTP socket option in socket.c. This overflow allows local users to execute arbitrary code via an optlen value of...

iDEFENSE Security Advisory 12.21.04: Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability

Hewlett Packard HP-UX ftpd Remote Buffer Overflow Vulnerability iDEFENSE Security Advisory 12.21.04 www.idefense.com/application/poi/display?id=175&type=vulnerabilities December 21, 2004 I. BACKGROUND HP-UX FTP Daemon is a service included in HP-UX that implements the File Transfer Protocol. II...

CVE-2004-1103

MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to gain sensitive information via the debug parameter, which reveals information such as the path to the web root and the web server version...

CVE-2004-1100

Cross-site scripting XSS vulnerability in mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, when debug mode is enabled, allows remote attackers to execute arbitrary web script or HTML via the append parameter...