4892 matches found
CVE-2005-4158
Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...
CVE-2005-4158
CVE-2005-4158 affects sudo prior to version 1.6.8p12, where with Perl taint off the variables PERLLIB, PERL5LIB and PERL5OPT are not cleared, enabling a limited local user to influence which libraries a Perl script loads and potentially execute arbitrary code. Public disclosures (e.g., Debian DSA...
Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow
Appfluent Database IDS 2.1.0.103 - Environment Variable Local Overflow / $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug...
CVE-2005-3346
Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...
CVE-2003-1235
CVE-2003-1235 affects BRW WebWeaver 1.03. An attacker can remotely request testcgi.exe to cause the server to disclose environment variables and the current working directory, exposing sensitive server information. The description explicitly identifies the affected component and the data exposed ...
VERITAS Cluster Server for UNIX buffer overflow
Buffer overflow in 'ha' suid utility on environment variables parsing...
DSA-895-1 uim - programming error
Bulletin has no description...
Sudo Perl 1.6.x - Environment Variable Handling Security Bypass
Sudo Perl 1.6.x - Environment Variable Handling Security Bypass source: https://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB',...
FastCGI samples Cross Site Scripting
Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...
OpenSSH UseLogin Environment Variables
You are running a version of OpenSSH which is older than 3.0.2. Versions prior than 3.0.2 are vulnerable to an environment variables export that can allow a local user to execute command with root privileges. This problem affect only versions prior than 3.0.2, and when the UseLogin feature is...
'printenv' CGI Information Disclosure Vulnerability
The SPDX-FileCopyrightText: 2000 Hendrik Scholz Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10188";...
OpenSSH < 3.0.2 'UseLogin Environment Variables' RCE Vulnerability
OpenSSH is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2005 by EMAZE Networks S.p.A. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
DEBIAN-CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the 1 SHELLOPTS and 2 PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are...
CVE-2005-2959
CVE-2005-2959 concerns sudo 1.6.8 and earlier, where the SHELLOPTS and PS4 environment variables are not cleared during privilege-escalation prompts. The result is a local privilege escalation when a user with limited sudo privileges runs a bash script, as these variables can be passed through to...
DSA-870-1 sudo - missing input sanitising
Bulletin has no description...