Lucene search
+L

4892 matches found

securityvulns
securityvulns
added 2005/04/08 12:0 a.m.27 views

SCO OpenServer Unix multiple shells buffer overflow

termsh, atcronsh, auditsh buffer overflow during environment variables parsing...

4.9AI score
Exploits0References1Affected Software1
UbuntuCve
UbuntuCve
added 2005/03/01 5:0 a.m.33 views

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

7.2CVSS6.2AI score0.01374EPSS
Exploits0References1
OSV
OSV
added 2005/03/01 5:0 a.m.1 views

DEBIAN-CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

7.2CVSS7.4AI score0.01374EPSS
Exploits0References1
OSV
OSV
added 2005/03/01 5:0 a.m.7 views

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

6.9AI score
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2005/03/01 12:0 a.m.24 views

GLSA-200502-31 : uim: Privilege escalation vulnerability

The remote host is affected by the vulnerability described in GLSA-200502-31 uim: Privilege escalation vulnerability Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This...

4.6CVSS6AI score0.0036EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2005/02/21 5:0 a.m.41 views

CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

4.6CVSS5.7AI score0.0036EPSS
Exploits0
UbuntuCve
UbuntuCve
added 2005/02/21 5:0 a.m.29 views

CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

4.6CVSS5.9AI score0.0036EPSS
Exploits0References1
OSV
OSV
added 2005/02/21 5:0 a.m.8 views

CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

6.6AI score
Exploits0References6
OSV
OSV
added 2005/02/21 5:0 a.m.3 views

DEBIAN-CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

4.6CVSS6.5AI score0.0036EPSS
Exploits0References1
FreeBSD
FreeBSD
added 2005/02/21 12:0 a.m.23 views

uim -- privilege escalation vulnerability

The uim developers reports: Takumi ASAKI discovered that uim always trusts environment variables. But this is not correct behavior, sometimes environment variables shouldn't be trusted. This bug causes privilege escalation when libuim is linked against setuid/setgid application. Since GTK+...

4.6CVSS6.6AI score0.0036EPSS
Exploits0References2
seebug.org
seebug.org
added 2005/02/13 12:0 a.m.24 views

GNU a2ps ""Anything to PostScript"" Local Exploit (not suid)

No description provided by source. / Not added to Local Non Poc section /str0ke / include stdio.h include stdlib.h include errno.h // by lizard / lizstyleatgmail.com // greets go to slider/trog for helpin me // not suid by default ; define VULNTHING "/usr/bin/a2ps" define DEFRET 0xbffffffa -...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2005/01/19 5:0 a.m.31 views

CVE-2004-1363

Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed...

9.6AI score0.09095EPSS
Exploits0References8
NVD
NVD
added 2005/01/10 5:0 a.m.22 views

CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...

1.2CVSS5.7AI score0.00391EPSS
Exploits0References19
UbuntuCve
UbuntuCve
added 2005/01/10 5:0 a.m.31 views

CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...

1.2CVSS5.9AI score0.00391EPSS
Exploits0References2
0day.today
0day.today
added 2004/12/24 12:0 a.m.36 views

Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit

Exploit for solaris platform in category local exploits ========================================================= Solaris 7/8/9 CDE LibDTHelp Local Buffer Overflow Exploit ========================================================= / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $...

6.8AI score0.01219EPSS
Exploits13
Cvelist
Cvelist
added 2004/12/22 5:0 a.m.28 views

CVE-2004-1058

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...

7AI score0.00391EPSS
Exploits0References19
CVE
CVE
added 2004/12/22 5:0 a.m.76 views

CVE-2004-1058

CVE-2004-1058 is a race-condition vulnerability in the Linux kernel that can allow a local user to read environment variables of another process that is still spawning via /proc/.../cmdline. The initial description specifies Linux kernel 2.6 as affected. Connected advisories confirm this CVE is r...

1.2CVSS7AI score0.00391EPSS
Exploits0References19Affected Software2
OSV
OSV
added 2004/11/24 12:0 a.m.23 views

DSA-596-2 sudo - missing input sanitising

Bulletin has no description...

7.2CVSS6AI score0.01374EPSS
Exploits0
Debian CVE
Debian CVE
added 2004/11/18 5:0 a.m.38 views

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

7.2CVSS4.4AI score0.01374EPSS
Exploits0
Ubuntu
Ubuntu
added 2004/11/18 4:59 a.m.57 views

USN-28-1: sudo vulnerability

Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "". For each of these variables a function with the same name is created, with the function body filled in from the environment...

5.6AI score
Exploits0References1
Rows per page
Query Builder