Lucene search
+L

4892 matches found

Debian CVE
Debian CVE
added 2005/12/11 2:0 a.m.47 views

CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

4.6CVSS4.2AI score0.01077EPSS
Exploits1
CVE
CVE
added 2005/12/11 2:0 a.m.111 views

CVE-2005-4158

CVE-2005-4158 affects sudo prior to version 1.6.8p12, where with Perl taint off the variables PERLLIB, PERL5LIB and PERL5OPT are not cleared, enabling a limited local user to influence which libraries a Perl script loads and potentially execute arbitrary code. Public disclosures (e.g., Debian DSA...

4.6CVSS6.5AI score0.01077EPSS
Exploits1References19Affected Software1
exploitpack
exploitpack
added 2005/12/07 12:0 a.m.25 views

Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow

Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow / $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug...

0.5AI score
Exploits0
NVD
NVD
added 2005/11/20 9:3 p.m.34 views

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

7.2CVSS6.7AI score0.00847EPSS
Exploits0References9
CVE
CVE
added 2005/11/16 7:37 a.m.39 views

CVE-2003-1235

CVE-2003-1235 affects BRW WebWeaver 1.03. An attacker can remotely request testcgi.exe to cause the server to disclose environment variables and the current working directory, exposing sensitive server information. The description explicitly identifies the affected component and the data exposed ...

5CVSS6.6AI score0.02316EPSS
Exploits1References3
securityvulns
securityvulns
added 2005/11/14 12:0 a.m.32 views

VERITAS Cluster Server for UNIX buffer overflow

Buffer overflow in 'ha' suid utility on environment variables parsing...

5.4AI score
Exploits0References2Affected Software7
OSV
OSV
added 2005/11/14 12:0 a.m.9 views

DSA-895-1 uim - programming error

Bulletin has no description...

4.6CVSS6.3AI score0.0041EPSS
Exploits0
exploitpack
exploitpack
added 2005/11/11 12:0 a.m.25 views

Sudo Perl 1.6.x - Environment Variable Handling Security Bypass

Sudo Perl 1.6.x - Environment Variable Handling Security Bypass source: https://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB',...

0.1AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.17 views

FastCGI samples Cross Site Scripting

Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...

6.2AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.43 views

OpenSSH UseLogin Environment Variables

You are running a version of OpenSSH which is older than 3.0.2. Versions prior than 3.0.2 are vulnerable to an environment variables export that can allow a local user to execute command with root privileges. This problem affect only versions prior than 3.0.2, and when the UseLogin feature is...

7.2CVSS1.2AI score0.00871EPSS
Exploits0References1
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.17 views

'printenv' CGI Information Disclosure Vulnerability

The SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10188";...

5.9AI score
Exploits0
OpenVAS
OpenVAS
added 2005/11/03 12:0 a.m.42 views

OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability

OpenSSH is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2005 by EMAZE Networks S.p.A. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

7.2CVSS7.3AI score0.00871EPSS
Exploits0References1
NVD
NVD
added 2005/10/25 4:2 p.m.19 views

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

4.6CVSS6.2AI score0.00624EPSS
Exploits2References19
UbuntuCve
UbuntuCve
added 2005/10/25 4:2 p.m.22 views

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

4.6CVSS5.9AI score0.00624EPSS
Exploits2References2
OSV
OSV
added 2005/10/25 4:2 p.m.10 views

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

6.2AI score
Exploits0References21
OSV
OSV
added 2005/10/25 4:2 p.m.1 views

DEBIAN-CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

4.6CVSS6.6AI score0.00624EPSS
Exploits2References1
Cvelist
Cvelist
added 2005/10/25 4:0 a.m.24 views

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

7.9AI score0.00624EPSS
Exploits2References19
Debian CVE
Debian CVE
added 2005/10/25 4:0 a.m.24 views

CVE-2005-2959

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...

4.6CVSS5.9AI score0.00624EPSS
Exploits2
CVE
CVE
added 2005/10/25 4:0 a.m.76 views

CVE-2005-2959

CVE-2005-2959 concerns sudo 1.6.8 and earlier, where the SHELLOPTS and PS4 environment variables are not cleared during privilege-escalation prompts. The result is a local privilege escalation when a user with limited sudo privileges runs a bash script, as these variables can be passed through to...

4.6CVSS7.9AI score0.00624EPSS
Exploits2References19Affected Software1
OSV
OSV
added 2005/10/25 12:0 a.m.18 views

DSA-870-1 sudo - missing input sanitising

Bulletin has no description...

4.6CVSS6.3AI score0.00624EPSS
Exploits2
Rows per page
Query Builder