System V login argument array buffer overflow

Added: 03/30/2007 CVE: CVE-2001-0797 BID: 3681 OSVDB: 690 Background The login program is used by various applications for authentication to the system. Problem The login program dervied from System V is affected by a buffer overflow vulnerability when processing a long argument array. A remote...

PHP variables unset use after free vulnerability

There is no access counters for SESSION and HTTPSESSIONVARS variables, making it possible to trigger use-after-free conditions by unsetting these variables. In addition, it's possible to deserealize these variables...

[Full-disclosure] Mercur SP4 IMAPD

The attached exploits several signedness bugs in the NTLM implementation of Mercur IMAPD www.atrium-software.com to give the attacker complete control over a memcpy to a stack variable... non-authenticated In this case, memcpybuf, src+a, b with 'a', and 'b' being user controlled and buf 7208 byte...

GeBlog 0.1 GLOBALS[tplname] Local File Inclusion Exploit (win)

Exploit for unknown platform in category web applications ============================================================== GeBlog 0.1 GLOBALStplname Local File Inclusion Exploit win ============================================================== !/usr/bin/perl GeBlog 0.1GLOBALStplnameLocal File...

security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...

PHP import_request_variables internal variables overwrite

$GET $POST $COOKIE $FILES $SERVER $SESSION and another internal variables may be overwritten during import...

CVE-2007-1343

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

Remote file inclusion

includes/functions.php in Craig Knudsen WebCalendar before 1.0.5 does not protect the noSet variable from external modification, which allows remote attackers to set arbitrary global variables via a URL with modified values in the noSet parameter, which leads to resultant vulnerabilities that...

USN-424-2: PHP regression

USN-424-1 fixed vulnerabilities in PHP. However, some upstream changes were not included, which caused errors in the stream filters. This update fixes the problem. We apologize for the inconvenience. Original advisory details: Multiple buffer overflows have been discovered in various PHP modules...

DSA-1264-1 php4

Bulletin has no description...

MOPB-08-2007:PHP 4 phpinfo() XSS Vulnerability (Deja-vu)

Summary With PHP 4.4.3 a previously fixed bug that was disclosed at the end of October 2005 by the Hardened-PHP Project was reintroduced. Again phpinfo does not escape the content of user supplied arrays in GET, POST or COOKIE variables when it displays them which leads to an XSS vulnerability...

Fedora Core 5 : php-5.1.6-1.4 (2007-287)

This update fixes a number of security issues in PHP. A number of buffer overflow flaws were found in the PHP session extension, the strreplace function, and the imapmailcompose function. If very long strings under the control of an attacker are passed to the strreplace function then an integer...

Important: Red Hat Security Advisory: php security update for Stronghold

Updated PHP packages that fix multiple security issues are now available for Stronghold 4.0 for Enterprise Linux. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Web...

php session extension global variable clobber

PHP 4 before 4.4.5, and PHP 5 before 5.2.1, when registerglobals is enabled, allows context-dependent attackers to execute arbitrary code via deserialization of session data, which overwrites arbitrary global variables, as demonstrated by calling sessiondecode on a string beginning with...

security flaw

Unspecified vulnerability in PHP before 5.2.1 allows attackers to "clobber" certain super-global variables via unspecified vectors...

php security update

CentOS Errata and Security Advisory CESA-2007:0081-01 Updated PHP packages that fix several security issues are now available for Red Hat Enterprise Linux 2.1. This update has been rated as having important security impact by the Red Hat Security Response Team. PHP is an HTML-embedded scripting...

Design/Logic Flaw

Unspecified binaries in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allow local users to create or modify arbitrary files via unspecified environment variables related to "unsafe file access."...

Stack overflow

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables...

CVE-2007-1087

IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 does not properly terminate certain input strings, which allows local users to execute arbitrary code via unspecified environment variables that trigger a heap-based buffer overflow...

CVE-2007-1088

Stack-based buffer overflow in IBM DB2 8.x before 8.1 FixPak 15 and 9.1 before Fix Pack 2 allows local users to execute arbitrary code via a long string in unspecified environment variables...