DEBIAN-CVE-2014-0475

Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other locale environment variable...

UBUNTU-CVE-2014-0475

Multiple directory traversal vulnerabilities in GNU C Library aka glibc or libc6 before 2.20 allow context-dependent attackers to bypass ForceCommand restrictions and possibly have other unspecified impact via a .. dot dot in a 1 LC, 2 LANG, or other locale environment variable...

UBUNTU-CVE-2014-4721

The phpinfo implementation in ext/standard/info.c in PHP before 5.4.30 and 5.5.x before 5.5.14 does not ensure use of the string data type for the PHPAUTHPW, PHPAUTHTYPE, PHPAUTHUSER, and PHPSELF variables, which might allow context-dependent attackers to obtain sensitive information from process...

CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program. Recent assessments: timb-machine ...

Oatmeal Studios Mail File 1.10 Arbitrary File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1807/info OatMeal studios' Mail-File is a cgi application that allows for sending of certain files to user-specified email addresses via a web interface. A vulnerability exists in this script that can be used to send the...

iziContents <= RC6 GLOBALS[] Remote Code Execution Exploit

No description provided by source. !/usr/bin/php -q -d shortopentag=on ? / vulnerable code = include/rssfunctions.php line 32-40: .... $GLOBALSrootdp = './'; requireonce $GLOBALSrootdp.include/config.php; requireonce $GLOBALSrootdp.include/db.php; requireonce $GLOBALSrootdp.include/session.php;...

Oracle OTRCREP Oracle 8/9 Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3139/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. A buffer overflow has been discovered in the handling of $ORACLEHOME ...

AIX 7.1 TL 2 : malloc (IV61314)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

ssldump 0.9 b1 Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2096/info ssldump is a traffic analyzer for monitoring network traffic in real time. It is written and maintained by Eric Rescorla. A problem exists which could allow the arbitrary execution of code. The problem exists in...

AIX 7.1 TL 3 : malloc (IV60940)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

AIX 6.1 TL 9 : malloc (IV60935)

It has been identified that the runtime linker allows privilege escalation via arbitrary file writes with elevated privileges programs. When MALLOCOPTIONS and MALLOCBUCKETS environment variables are set with bucket statistics options and by executing certain setuid programs, a non-privileged user...

Real Networks RealJukebox 1.0.2/RealOne 6.0.10 Player Gold Skinfile Buffer Overflow

No description provided by source. source: http://www.securityfocus.com/bid/5217/info Real Software has announced a vulnerability in RealJukebox2 and Real Player Gold. A buffer overflow condition exists due to insufficient bounds checking of fields in skinfiles. There is an unchecked buffer for t...

AN HTTPD CMDIS.DLL Remote Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13066/info AN HTTPD is reported prone to a remote buffer overflow vulnerability. Specifically, the issue presents itself in 'cmdIS.DLL' which calls the 'GetEnvironmentStrings' function to copy environment variables into a...

TutorialCMS <= 1.01 Authentication Bypass Vulnerability

No description provided by source. TutorialCMS = 1.01 Authentication Bypass Discovered by: Silentz Payload: Authentication Bypass Website: http://www.w4ck1ng.com Vulnerability: Variables $loggedIn & $activated are not predefined. Vulnerable Files: login.php headerLinks.php submit1.php myFav.php...

M-TECH P-Synch 6.2.5 nph-psa.exe css Parameter Remote File Inclusion

No description provided by source. source: http://www.securityfocus.com/bid/7747/info A remote file include vulnerability has been reported for P-Synch. Due to insufficient sanitization of some user-supplied URI variables, it is possible for a remote attacker to include a malicious file in a URL...

IBM AIX 4.3.x/5.1 ERRPT Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5885/info The IBM AIX errpt command is prone to a locally exploitable buffer overflow condition. It is possible to exploit this condition to execute arbitrary attacker-supplied instructions with root privileges...

Passlog Daemon 0.1 SL_Parse Remote Buffer Overflow Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/7261/info It has been reported that passlogd does not properly handle some types of input. Because of this, an attacker may be able to gain unauthorized access to hosts running the vulnerable software. / Title: Remote...

AutomatedShops WebC 2.0/5.0 Symbolic Link Following Configuration File Weakness

No description provided by source. source: http://www.securityfocus.com/bid/7272/info It has been reported that WebC will execute in the directory of a symbolic link from which it is invoked. Because of this, it may be possible for a local user to load a configuration file that enabled dangerous...

CGI-World Poll It 2.0 Internal Variable Override Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1431/info Poll It is a Perl CGI application used to create and maintain opinion polls on websites. The program relies on a number of internal variables. These variables can be overwritten by any remote user by specifying...

Ipswitch WS_FTP Server 1.0.x/2.0.x 'STAT' Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3507/info WSFTP Server, a popular FTP server for Microsoft Windows platforms, is vulnerable to a buffer overflow condition when a user submits a specially crafted legitimate FTP command. WSFTP Server by default runs as a...