2626 matches found
CVE-2012-5382
CVE-2012-5382 describes an untrusted search path vulnerability in Zend Server 5.6.0 SP4 when installed in the top-level C:\ directory. A Trojan horse DLL placed in C:\Zend\ZendServer\share\ZendFramework\bin could be added to PATH by an administrator, enabling local privilege escalation via wlbsct...
PT-2012-5963 · Microsoft +1 · Windows 8 +4
Name of the Vulnerable Software and Affected Versions: PHP version 5.3.17 Description: The issue is related to an untrusted search path vulnerability in the installation functionality of PHP. This vulnerability might allow local users to gain privileges via a Trojan horse DLL in the C:PHP...
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
Code injection
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
DEBIAN-CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
CVE-2012-3524
CVE-2012-3524 affects libdbus 1.5.x and earlier when used in setuid/privileged programs; it permits local privilege escalation via the DBUS_SYSTEM_BUS_ADDRESS environment variable. Mitigation per the advisories is that the vulnerability lies in applications that fail to cleanse environment variab...
CVE-2012-4425
The CVE affects spice-gtk (and possibly other products) where libgio is used in setuid/privileged contexts. The root cause is inadequate sanitization of the DBUS_SYSTEM_BUS_ADDRESS environment variable, enabling a local attacker to gain escalated privileges and execute arbitrary code. Evidence in...
CVE-2012-4425
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...
spice-gtk/glib: Possible privilege escalation via un-sanitized environment variable
libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...
CVE-2012-3524
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
dbus: privilege escalation when libdbus is used in setuid/setgid application
libdbus 1.5.x and earlier, when used in setuid or other privileged programs in X.org and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: libdbus maintainers state that this is a vulnerability in the...
CVE-2011-3149
The expandarg function in the pamenv module modules/pamenv/pamenv.c in Linux-PAM aka pam before 1.1.5 does not properly handle when environment variable expansion can overflow, which allows local users to cause a denial of service CPU consumption...
SuSE 10 Security Update : Python (ZYPP Patch Number 8080) (BEAST)
The following issues have been fixed in this update : - hash randomization issues CVE-2012-115 see below - SimpleHTTPServer XSS. CVE-2011-1015 - SSL BEAST vulnerability CVE-2011-3389 The hash randomization fix is by default disabled to keep compatibility with existing python code when it extracts...
RHEL 5 : cups (RHSA-2012:0302)
Updated cups packages that fix one security issue and various bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity ratin...
CVE-2011-3628
Untrusted search path vulnerability in pammotd aka the MOTD module in libpam-modules before 1.1.3-2ubuntu2.1 on Ubuntu 11.10, before 1.1.2-2ubuntu8.4 on Ubuntu 11.04, before 1.1.1-4ubuntu2.4 on Ubuntu 10.10, before 1.1.1-2ubuntu5.4 on Ubuntu 10.04 LTS, and before 0.99.7.1-5ubuntu6.5 on Ubuntu 8.0...