Buffer overflow

Multiple buffer overflows in the 1 main function in a client.c, and the 2 serversetup and 3 serverclientconnect functions in b server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service daemon crash or gain privileges via a long HOME environment variable. NOTE: some of the...

CVE-2007-0406

Multiple buffer overflows in the 1 main function in a client.c, and the 2 serversetup and 3 serverclientconnect functions in b server.c in gxine 0.5.9 and earlier allow local users to cause a denial of service daemon crash or gain privileges via a long HOME environment variable. NOTE: some of the...

CVE-2007-0406

Removed by vendor...

MOAB-21-01-2007: System Preferences writeconfig Local Privilege Escalation Vulnerability

Summary Apple provides the following description in the The Preference Application documentation: System Preferences is the standard location for presenting system-level preferences on OSX. The preference panes shipped with Mac OS X include panes affecting hardware such as the Sound, Mouse, and...

CVE-2007-0368

Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSEROOT environment variable...

Stack overflow

Stack-based buffer overflow in mbse-bbs 0.70 and earlier allows local users to execute arbitrary code via a long string in the MBSEROOT environment variable...

CVE-2006-6418

Buffer overflow in the POSIX Threads library libpthread on HP Tru64 UNIX 4.0F PK8, 4.0G PK4, and 5.1A PK6 allows local users to gain root privileges via a long PTHREADCONFIG environment variable...

OpenBSD LD.SO本地环境变量清除漏洞

OpenBSD是一款开放源代码的操作系统。 OpenBSD ELF ld.so1不正确过滤环境变量，本地攻击者可以利用漏洞绕过安全设置或可能造成任意指令执行。 目前没有详细漏洞细节提供。 penBSD OpenBSD 4.0 OpenBSD OpenBSD 3.9 补丁下载： OpenBSD OpenBSD 4.0 OpenBSD 005ldso.patch ftp://ftp.openbsd.org/pub/OpenBSD/patches/4.0/common/005ldso.patch OpenBSD OpenBSD 3.9 OpenBSD 016ldso.patch...

GLSA-200611-15 : qmailAdmin: Buffer overflow

The remote host is affected by the vulnerability described in GLSA-200611-15 qmailAdmin: Buffer overflow qmailAdmin fails to properly handle the 'PATHINFO' variable in qmailadmin.c. The PATHINFO is a standard CGI environment variable filled with user-supplied data. Impact : A remote attacker coul...

HP Tru64 Unix libpthread buffer overflow

Buffer overflow on parsing PTHREADCONFIG environment variable...

Apple MacOS X Xcode OpenBase SQL privilege escalation

On executing tar from suid root application TAROPTIONS environment variable is not unset, making it possible to execute any application with root privileges. External application are executed with relative path. Dynamic libraries are loaded with relative path. Symbolic links problem...

CVE-2006-5466

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...

CVE-2006-5466

Heap-based buffer overflow in the showQueryPackage function in librpm in RPM Package Manager 4.4.8, when the LANG environment variable is set to ruRU.UTF-8, might allow user-assisted attackers to execute arbitrary code via crafted RPM packages...

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

DEBIAN-CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

CVE-2006-5397

The Xinput module modules/im/ximcp/imLcIm.c in X.Org libX11 1.0.2 and 1.0.3 opens a file for reading twice using the same file descriptor, which causes a file descriptor leak that allows local users to read files specified by the XCOMPOSEFILE environment variable via the duplicate file descriptor...

FreeBSD TOP Format String Vulnerability

No description provided by source. / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top using objdump , 'objdump -s -j .dtors /usr/bin/top' 2. divide it into four parts, and set it up into an environment variable like "XSEO=" ...

Resolv+ (RESOLV_HOST_CONF) Linux Library Local Exploit

No description provided by source. setenv RESOLVHOSTCONF /etc/shadow; ping adfas...

CVE-2006-5556

Buffer overflow in the localtimer function, and certain other functions, in libc in HP-UX B.11.11 and possibly other versions allows local users to execute arbitrary code via a long TZ environment variable...