Debian DSA-946-2 : sudo - missing input sanitising

The former correction to vulnerabilities in the sudo package worked fine but were too strict for some environments. Therefore we have reviewed the changes again and allowed some environment variables to go back into the privileged execution environment. Hence, this update. The configuration optio...

Debian DSA-898-1 : phpgroupware - programming errors

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application that is included in phpgroupware. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripti...

CentiPaid 1.4.2 - 'centipaid_class.php' Remote File Inclusion

--------------------------------------------------------------------------- CentiPaid = 1.4.2 absolutepath Remote File Include Vulnerability --------------------------------------------------------------------------- Discovered By Kw3RLn Romanian Security Team : hTTp://RST-CREW.net : Remote : Yes...

Debian DSA-925-1 : phpbb2 - several vulnerabilities

Several vulnerabilities have been discovered in phpBB, a fully featured and skinnable flat webforum. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-3310 Multiple interpretation errors allow remote authenticated users to inject arbitrary web script...

Debian DSA-897-1 : phpsysinfo - programming errors

Several vulnerabilities have been discovered in phpsysinfo, a PHP based host information application. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2005-0870 Maksymilian Arciemowicz discovered several cross site scripting problems, of which not all wer...

Debian DSA-1018-2 : kernel-source-2.4.27 - several vulnerabilities

The original update lacked recompiled ALSA modules against the new kernel ABI. Furthermore, kernel-latest-2.4-sparc now correctly depends on the updated packages. For completeness we're providing the original problem description : Several local and remote vulnerabilities have been discovered in t...

Debian DSA-918-1 : osh - programming error

Several security related problems have been discovered in osh, the operator's shell for executing defined programs in a privileged environment. The Common Vulnerabilities and Exposures project identifies the following vulnerabilities : - CVE-2005-3346 Charles Stevenson discovered a bug in the...

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation (1)

Sun Solaris Netscape Portable Runtime API 4.6.1 - Local Privilege Escalation 1 source: https://www.securityfocus.com/bid/20471/info The Netscape Portable Runtime API running on Sun Solaris 10 operating system is prone to a local privilege-escalation vulnerability. A successful exploit of this iss...

Solaris 10 (libnspr) Arbitrary File Creation Local Root Exploit

Exploit for solaris platform in category local exploits =============================================================== Solaris 10 libnspr Arbitrary File Creation Local Root Exploit =============================================================== !/bin/sh $Id: raptorlibnspr,v 1.1 2006/10/13 19:12:...

CVE-2006-4842

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...

CVE-2006-4842

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...

CVE-2006-4842

CVE-2006-4842 is documented as a local privilege-escalation in Netscape Portable Runtime (libnspr) where LIBNSPR prior to 4.6.3 allows the user to influence the log file via the NSPR_LOG_FILE environment variable. Evidence in connected docs shows Solaris-specific context: unpatched Solaris system...

EUVD-2006-4829

The Netscape Portable Runtime NSPR API 4.6.1 and 4.6.2, as used in Sun Solaris 10, trusts user-specified environment variables for specifying log files even when running from setuid programs, which allows local users to create or overwrite arbitrary files...

phpBB Import Tools Mod 0.1.4 - Remote File Inclusion

Title: phpBB Import Tools Mod = 0.1.4 phpbbrootpath Remote File Inclusion Author/Discovery: boecke Vulnerability Type: Remote File Inclusion Risk: High Risk Software Affected: phpBB Import Tools Mod = 0.1.4 Literally shouts to: str0ke and henrik Don't promote Google-ism! Vulnerable Code:...

FreeBSD : php -- _ecalloc Integer Overflow Vulnerability (e329550b-54f7-11db-a5ae-00508d6a62df)

Stefan Esser reports : The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overfl...

Advisory 09/2006: PHP unserialize() Array Creation Integer Overflow

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: PHP unserialize Array Creation Integer Overflow Release Date: 2006/10/09 Last Modified: 2006/10/09 Author: Stefan Esser [email protected] Application: PHP 5 = 5.1.6, PHP...

phpMyAdmin < 2.9.1 Multiple Vulnerabilities

The version of phpMyAdmin installed on the remote host allows an unauthenticated attacker to bypass variable blacklisting in its globalization routine and destroy, for example, the contents of session variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'...

cpexploit.txt

All cPanel versions which were released before August 23rd are vulnerable to a local root exploit. Exact version numbers are unclear. Doing a "ls -l /usr/local/cpanel/version" is a good way to determine the last time cPanel was updated. This exploit made the news when it was used to circulate an ...

php -- _ecalloc Integer Overflow Vulnerability

Stefan Esser reports: The PHP 5 branch of the PHP source code lacks the protection against possible integer overflows inside ecalloc that is present in the PHP 4 branch and also for several years part of our Hardening-Patch and our new Suhosin-Patch. It was discovered that such an integer overflo...

ZoomStats &lt;= 1.0.2 &#40;mysql.php&#41; Remote File Include Vulnerability

ToXiC BuG FounD by Drago84 Application Affect:ZoomStats Source Code: http://prdownloads.sourceforge.net/zoomstats/ZoomStats-v1.0.2.zip?usemirror=kent Problem: $GLOBALS'lib''db''path' array not declare Solution : $GLOBALS'lib''db''path' Page Vulnerable : mysql.php Dir Page: /libs/dbmax/ Exempe Of...