DEBIAN-CVE-2008-1033

The scheduler in CUPS in Apple Mac OS X 10.5 before 10.5.3, when debug logging is enabled and a printer requires a password, allows attackers to obtain sensitive information credentials by reading the log data, related to "authentication environment variables."...

CVE-2005-4875

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables...

hordeturba-xss.txt

+==========================================================================+ + Horde & Turba Contact Manager & XSS Vulnerabilities + +==========================================================================+ Authors: Ivan Sanchez Product: Turba Contact Manager Web: http://www.horde.org Versions...

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

Authentication flaw

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

CVE-2008-0555

The ExpandCert function in Apache-SSL before apache1.3.41+ssl1.59 does not properly handle 1 '/' and 2 '=' characters in a Distinguished Name DN in a client certificate, which might allow remote attackers to bypass authentication via a crafted DN that triggers overwriting of environment variables...

Apache-SSL Environment Variables Manipulation

Binary data 4460.prm...

Apache-SSL ExpandCert() Function Certificate Handling Arbitrary Environment Variables Manipulation

According to its banner, the version of Apache-SSL running on the remote host is older than apache1.3.41+ssl1.59. Such versions fail to properly sanitize certificate data before using it to populate environment variables. By sending a client certificate with special characters for the subject, a...

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

Authentication flaw

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

Sql injection

The pnVarPrepForStore function in PostNuke 0.764 and earlier skips input sanitization when magicquotesruntime is enabled, which allows remote attackers to conduct SQL injection attacks and execute arbitrary SQL commands via input associated with server variables, as demonstrated by the CLIENTIP...

Code injection

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

CVE-2008-1600

The lsmcode program on IBM AIX 5.2, 5.3, and 6.1 does not properly handle environment variables, which allows local users to gain privileges, a different vulnerability than CVE-2004-1329...

CVE-2008-1599

The nddstat programs on IBM AIX 5.2, 5.3, and 6.1 do not properly handle environment variables, which allows local users to gain privileges by invoking 1 atmstat, 2 entstat, 3 fddistat, 4 hdlcstat, or 5 tokstat...

CVE-2003-1554

Cross-site scripting XSS vulnerability in scozbook/add.php in ScozNet ScozBook 1.1 BETA allows remote attackers to inject arbitrary web script or HTML via the 1 username, 2 useremail, 3 aim, 4 msn, 5 sitename and 6 siteaddy variables...

PHP 5.x < 5.2 Multiple Vulnerabilities

According to its banner, the version of PHP 5.x installed on the remote host is older than 5.2. Such versions may be affected by several buffer overflows. To exploit these issues, an attacker would need the ability to upload an arbitrary PHP script on the remote server or to manipulate several...

Adobe ColdFusion多个跨站脚本及无效日志漏洞

BUGTRAQ ID: 28205,28207 CVECAN ID: CVE-2008-0643,CVE-2008-0644,CVE-2008-1203 ColdFusion MX是一款高效的网络应用服务器开发环境，具有很高的易用性和开发效率，基于标准的Java技术，可以与XML、Web Services和Microsoft.NET环境相集成。 如果ColdFusion应用的Application.cfm或Application.cfc包含有setEncoding函数的话，远程攻击者就可以通过提交恶意请求执行跨站脚本攻击。...

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...

CVE-2008-0306

sdbstarter in SAP MaxDB 7.6.0.37, and possibly other versions, allows local users to execute arbitrary commands by using unspecified environment variables to modify configuration settings...