FreeBSD Ports: ja-uim

The remote host is missing an update to the system as announced in the referenced advisory. VID fb03b1c6-8a8a-11d9-81f7-02023f003c9f OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: apache

The remote host is missing an update to the system as announced in the referenced advisory. VID 4d49f4ba-071f-11d9-b45d-000c41e2cdad OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: sudo

The remote host is missing an update to the system as announced in the referenced advisory. VID 1b725079-9ef6-11da-b410-000e0c2e438a OpenVAS Vulnerability Test $ Description: Auto generated from vuxml or freebsd advisories Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc...

FreeBSD Ports: ja-uim

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

DEBIAN-CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information credentials by reading the log data, related to "authentication environment variables."...

CVE-2005-4875

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

Authentication flaw

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

Apache-SSL Environment Variables Manipulation

Binary data 4460.prm...

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation

According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

Authentication flaw

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

Code injection

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...