CVE-2002-2099

Buffer overflow in the GNU DataDisplay Debugger DDD 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE...

CVE-2002-2087

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling 1 gdsdrop, 2 gdslockmgr, or 3 gdsinetserver...

HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation

/ Program : xhpux11isw.c Use : HP-UX 11.11/11.0 exploit swxxx to get local root shell. Complie : cc xhpux11isw.c -o xsw;./xsw not use gcc for some system Usage : ./xsw off Tested : HP-UX B11.11 & HP-UX B11.0 Author : watercloud @ xfocus.org Date : 2002-12-11 Note : Use as your own risk !! / inclu...

CVE-2002-1247

Buffer overflow in LISa/LISa-derived resLISa (KDE LAN browsing) allows local users to exploit through an overly long LOGNAME environment variable, enabling control of the resLISa process or related access. The vulnerability is triggered during parsing of LOGNAME, and exposed both in LISa and its ...

CVE-2002-1247

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon...

KDE resLISa buffer overflow

Buffer overflow on oversized LOGNAME environment variable...

Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass

Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a 6-character string, inside telnet...

Solaris 2.678 - TTYPROMPT in.telnet Remote Authentication Bypass

Solaris 2.678 - TTYPROMPT in.telnet Remote Authentication Bypass Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the...

CVE-2002-0905

Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable...

solaris.login.txt

Hello, Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the environment variable TTYPROMPT. This vulnerability has already been reported to BugTraq and a patch has been released by Sun. However, a very simple exploit, which does not require any code to be compiled by an attacker,...

CVE-2002-1128

Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable...

HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (2)

source: https://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via a...

Buffer overflow in linuxconf

Buffer overflow in environment variable parsing...

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow (2)

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow 2 // source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. ...

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow (3)

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow 3 source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A...

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow (1)

Linuxconf 1.1.x1.2.x - Local Environment Variable Buffer Overflow 1 // source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. ...

Linuxconf 1.1.x/1.2.x - Local Environment Variable Buffer Overflow (3)

source: https://www.securityfocus.com/bid/5585/info Linuxconf is a Linux configuration utility from Solucorp. It is typically installed as a setuid root utility for the management and configuration of Linux operating systems. A buffer overflow vulnerability has been reported for Linuxconf. The...

qmailadmin SUID buffer overflow

qmailadmin is not part of qmail. It's from http://inter7.com/qmailadmin/ and I guess you can download from there and play with it, although the versions I am using were built from the FreeBSD ports tree and also from a Linux RPM I grabbed from:...

qmailadmin 1.0.x - Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on others. qmailadmin fails to...

HP Tru64 - NLSPATH Environment Variable Local Buffer Overflow (1)

source: https://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered in a number of Tru64 binaries. Attackers may exploit this via a...