HP-UX 11i - LIBC TZ Enviroment Variable Privilege Escalation

HP-UX 11i - LIBC TZ Enviroment Variable Privilege Escalation / HP-UX libc timezone environment overflow exploit ================================================ HP-UX libc contains an exploitable stack overflow in the handling of "TZ" environment variable. The problem occurs due to insufficient...

CVE-2006-5327

Untrusted search path vulnerability in OpenBase SQL 10.0 and earlier, as used in Apple Xcode 2.2 2.2 and earlier and possibly other products, allows local users to execute arbitrary code via a modified PATH that references a malicious gzip program, which is executed by gnutar with certain...

Debian DSA-1075-1 : awstats - programming error

Hendrik Weimer discovered that awstats can execute arbitrary commands under the user id the web-server runs when users are allowed to supply arbitrary configuration files. Even though, this bug was referenced in DSA 1058 accidentally, it was not fixed yet. The new default behaviour is not to acce...

Sun Solaris NSPR library privilege escalation

Environment variable is used for log filename...

AIX 5.1 : IY27322

The remote host is missing AIX Critical Security Patch number IY27322 SECURITY: Environment variable name string too short.. You should install this patch for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

X11R6 < 6.4 XKEYBOARD (Solaris/SPARC) - Local Buffer Overflow (2)

/ $Id: raptorxkb.c,v 1.1 2006/09/13 16:18:36 raptor Exp $ raptorxkb.c - XKEYBOARD Strcmp, Solaris/SPARC 8/9/10 Copyright c 2006 Marco Ivaldi Buffer overflow in the Strcmp function in the XKEYBOARD extension in X Window System X11R6.4 and earlier, as used in SCO UnixWare 7.1.3 and Sun Solaris 8...

X11R6 < 6.4 XKEYBOARD (Solaris/SPARC) - Local Buffer Overflow (1)

/ X11R6 XKEYBOARD extension Strcmp for Sun Solaris 8 9 10 SPARC Copyright 2006 RISE Security , Ramon de Carvalho Valle This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

CVE-2006-4124

The CVE-2006-4124 issue affects the libXm library in LessTif

CVE-2006-3862

Buffer overflow in IBM Informix Dynamic Server IDS 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable envariable...

CVE-2006-3862

Buffer overflow in IBM Informix Dynamic Server IDS 9.40.TC5 through 9.40.xC7 and 10.00.TC1 through 10.00.xC3 allows attackers to execute arbitrary code via the SQLIDEBUG environment variable envariable...

Solaris 8/9 ps - Environment Variable Information leak

Solaris 8/9 ps - Environment Variable Information leak. CVE-1999-1587. Local exploit for Solaris platform !/bin/sh $Id: raptorucbps,v 1.1 2006/07/26 12:15:42 raptor Exp $ raptorucbps - information leak with Solaris /usr/ucb/ps Copyright c 2006 Marco Ivaldi A security vulnerability in the...

DEBIAN-CVE-2006-3848

Cross-site scripting XSS vulnerability in CGI wrapper for IP Calculator IPCalc 0.40 allows remote attackers to inject arbitrary web script or HTML via the URI REQUESTURI environment variable, which is used in the actionurl variable...

CVE-2006-3159

pipemaster in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 built May 14 2003 allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message...

CVE-2006-3159

pipemaster in Sun ONE/iPlanet Messaging Server 5.2 HotFix 1.16 built May 14 2003 allows local users to read portions of restricted files via a symlink attack on msg.conf in a directory identified by the CONFIGROOT environment variable, which returns the first line of the file in an error message...

DSA-1075-1 awstats - programming error

Bulletin has no description...

CVE-2006-2547

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling...

Design/Logic Flaw

Unspecified vulnerability in the sapdba command in SAP with Informix before 700, and 700 up to patch 100, allows local users to execute arbitrary commands via unknown vectors related to "insecure environment variable" handling...