Adobe Reader DC Nested Variables Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists with XS...

Httpoxy Vulnerability Through CGI Servlet

twisted is vulnerable to httpoxy. The vulnerability exists because it trusts the HTTPPROXY header, and allows the configuration of proxies by setting the environment variables HTTPPROXY and HTTPSPROXY without checking if CGI is in use...

Httpoxy Vulnerability Through CGI Servlet

web-core is vulnerable to a remotely exploitable vulnerability aka "httpoxy". The vulnerability exists when CGI Servlet is activated in the configuration by modifying the web.xml. It then allows the execution of a CGI script which may assign client request Proxy header values to internal HTTPPROX...

DNSControl - Synchronize your DNS to multiple providers from a simple DSL

DNSControl is a system for maintaining DNS zones. It has two parts: a domain specific language DSL for describing DNS zones plus software that processes the DSL and pushes the resulting zones to DNS providers such as Route53, CloudFlare, and Gandi. It can talk to Microsoft ActiveDirectory and it...

Linux Kernel (PonyOS 4.0) - fluttershy LD_LIBRARY_PATH Local Privilege Escalation

Linux Kernel PonyOS 4.0 - fluttershy LDLIBRARYPATH Local Privilege Escalation !/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running...

Linux Kernel (PonyOS 4.0) - 'fluttershy' LD_LIBRARY_PATH Local Privilege Escalation

!/usr/bin/python PonyOS 4.0 has added several improvements over previous releases including support for setuid binaries and dynamic libraries. The run-time linker does not sanitize environment variables when running setuid files allowing for local root exploitation through manipulated...

PT-2018-5036 · Red Hat +2 · Ansible +2

Name of the Vulnerable Software and Affected Versions: Ansible versions prior to 2.2.0 Description: The issue arises from improper sanitization of fact variables sent from the Ansible controller. An attacker who can create special variables on the controller may be able to execute arbitrary...

chromium-browser: information disclosure in xss auditor

XSS Auditor in Google Chrome prior to 57.0.2987.98 for Mac, Windows, and Linux and 57.0.2987.108 for Android allowed detection of a blocked iframe load, which allowed a remote attacker to brute force JavaScript variables via a crafted HTML page...

Browser-based GDB frontend: gdbGUI

A modern, browser-based frontend to gdb gnu debugger. Add breakpoints, view stack traces, and more in C, C++, Go, and Rust! Simply run gdbgui from the terminal and a new tab will open in your browse Features Debug a different program in each tab new gdb instance is spawned for each tab Set/remove...

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

Design/Logic Flaw

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

DEBIAN-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

UBUNTU-CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

CVE-2016-10151

The hesiodinit function in lib/hesiod.c in Hesiod 3.2.1 compares EUID with UID to determine whether to use configurations from environment variables, which allows local users to gain privileges via the 1 HESIODCONFIG or 2 HESDOMAIN environment variable and leveraging certain SUID/SGUID binary...

GLSA-201702-10 : NTFS-3G: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201702-10 NTFS-3G: Privilege escalation The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in GLSA-201701-19 and GLSA-201603-04...

NTFS-3G: Privilege escalation

Background NTFS-3G is a stable, full-featured, read-write NTFS driver for various operating systems. Description The NTFS-3G driver does not properly clear environment variables before invoking mount or umount. This flaw is similar to the vulnerability described in “GLSA-201701-19” and...

RVM automatically loads environment variables from files in $PWD

RVM, by default, hooks cd and automatically detects the presence of certain files in the directory being changed to. These files and their mechanics are detailed at . The code that parses these files is available at look for the rvmloadprojectconfig function. The code, as of a vulnerable commit, ...

RVM command injection when automatically loading environment variables from files in $PWD

RVM, by default, hooks cd and automatically detects the presence of certain files in the directory being changed to. These files and their mechanics are detailed at . The code that parses these files is available at look for the rvmloadprojectconfig function. The code, as of a vulnerable commit, ...