2629 matches found
CVE-2016-5387
It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...
CVE-2016-5388
Apache Tomcat 7.x through 7.0.70 and 8.x through 8.5.4, when the CGI Servlet is enabled, follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an...
UBUNTU-CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
CVE-2016-5385
PHP through 7.0.8 does not attempt to address RFC 3875 section 4.1.18 namespace conflicts and therefore does not protect applications from the presence of untrusted client data in the HTTPPROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP...
PT-2016-4503 · Twisted +4 · Twisted +4
Name of the Vulnerable Software and Affected Versions: Twisted versions prior to 16.3.1 Description: The issue arises from the software's failure to address RFC 3875 section 4.1.18 namespace conflicts, which leaves CGI applications unprotected from untrusted client data in the HTTP PROXY...
The vulnerability of the Cisco Unified Communications Manager software allows a malicious actor to execute arbitrary code.
The GNU Bash command shell, as of version 4.3 and later, incorrectly handles lines that follow the declaration of a function that is exported as a variable. This allows a malicious actor to execute arbitrary code by interfering with environment variables. Security researchers have confirmed that...
The vulnerability of the Linter Bastion database management system allows a malicious individual to execute arbitrary code with system privileges, as well as bypass the “closed environment” protection mechanism.
The dbcwnt.exe module contains a vulnerable function address 0x4017d4, which reads the value of the NETMBX environment variable into a buffer in the stack, without controlling the size of the copied data. This vulnerability allows a local attacker to execute arbitrary code. Additionally, this...
Apache Httpd < 2.4.25 : HTTP_PROXY environment variable "httpoxy" mitigation
HTTPPROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTPPROXY" variable from a "Proxy:" header, which h...
Apache Httpd < 2.2.32 : HTTP_PROXY environment variable "httpoxy" mitigation
HTTPPROXY is a well-defined environment variable in a CGI process, which collided with a number of libraries which failed to avoid colliding with this CGI namespace. A mitigation is provided for the httpd CGI environment to avoid populating the "HTTPPROXY" variable from a "Proxy:" header, which h...
Debian DLA-535-1 : xerces-c security update
Brandon Perry discovered that xerces-c, a validating XML parser library for C++, fails to successfully parse a DTD that is deeply nested, causing a stack overflow. A remote unauthenticated attacker can take advantage of this flaw to cause a denial of service against applications using the xerces-...
DSA-3610-1 xerces-c - security update
Bulletin has no description...
Foxit PDF Reader 1.0.1.0925 - CFX_BaseSegmentedArray::IterateIndex Memory Corruption
Foxit PDF Reader 1.0.1.0925 - CFXBaseSegmentedArray::IterateIndex Memory Corruption Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=742 We have identified the following memory corruption vulnerability in Foxit PDF Reader version 1.0.1.0925 for Linux 64-bit, when started with a...
lib32-gnutls: arbitrary file overwrite
Setuid programs using GnuTLS could potentially allow an attacker to overwrite and corrupt arbitrary files in the filesystem. This issue was introduced in GnuTLS 3.4.12 with the GNUTLSKEYLOGFILE environment variable handling via getenv and fixed in GnuTLS 3.4.13 by switching to securegetenv where...
4digits 1.1.4 - Local Buffer Overflow (PoC)
4digits 1.1.4 - Local Buffer Overflow PoC 4digits 1.1.4 Local Buffer Overflow Privilege Escalation if setuid/setgid Discoverd by NA , NA at tutanota.com Downloaded and tested upon Kali Linux Vendor has been notified. Description ------------- 4digits is a guess-the-number puzzle game. It's also...
CVE-2015-8325
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
CVE-2015-8325
The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...
CVE-2015-8325
CVE-2015-8325 affects OpenSSH sshd where, with UseLogin enabled and PAM reading user .pam_environment files, a local user can trigger a crafted environment for /bin/login (eg via LD_PRELOAD) to gain privileges. Affected context in the provided connected documents centers on OpenSSH scenarios in v...
Bash environment variable command injection in Cisco UCS Manager
Added: 03/24/2016 CVE: CVE-2014-6278 BID: 70166 Background GNU Bash Bourne Again SHell is a command shell commonly used on Linux and Unix systems. Cisco UCS Manager is a product for management of Cisco UCS and Cisco HyperFlex infrastructure. Problem The Bash shell executes commands injected after...
Cisco UCS Manager GNU Bash Environment Variable Command Injection Vulnerability (cisco-sa-20140926-bash, Shellshock) - Active Check
On September 24, 2014, a vulnerability in the Bash shell was publicly announced. The vulnerability is related to the way in which shell functions are passed though environment variables. The vulnerability may allow an attacker to inject commands into a Bash shell, depending on how the shell is...
Exim Local Privilege Escalation
============================================= - Advisory release date: 10.03.2016 - Created by: Dawid Golunski - Severity: High/Critical ============================================= I. VULNERABILITY ------------------------- Exim 4.86.2 Local Root Privilege Escalation Exploit II. BACKGROUND...