security flaw

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

Grep with web vulnerability discovery-vulnerability warning-the black bar safety net

Grep with web vulnerability mining Text/SuperHeiAtph4nt0m.org 2006-03-08 a. The following grephttp://www.interlog.com/tcharron/grep.htmldoes not support the-r parameter,you can use the following format: grep-in "\include|require\" C:\test\. php C:\test\admin\. php You can also use cygwin...

security flaw

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

security flaw

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

MyBB 1.1 - Global Variable Overwrite

MyBB 1.1 - Global Variable Overwrite source: https://www.securityfocus.com/bid/17564/info MyBB is prone to a vulnerability that permits an attacker to overwrite global variables. This issue is due to a design flaw in handling HTTP GET and POST variables. An attacker can exploit this issue to...

CVE-2006-1742

The JavaScript engine in Mozilla Firefox and Thunderbird 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 does not properly handle temporary variables that are not garbage collected, which might allow remote attackers to trigger operations on freed memo...

JavaScript garbage-collection hazard audit — Mozilla

Igor Bukanov has audited the JavaScript engine for routines that use temporary variables not protected against garbage-collection. If malicious content could cause garbage-collection to run during the lifetime of these temporaries then the original routine would end up operating on freed memory...

Cross site scripting

Cross-site scripting XSS vulnerability in phpinfo info.c in PHP 5.1.2 and 4.4.2 allows remote attackers to inject arbitrary web script or HTML via long array variables, including 1 a large number of dimensions or 2 long values, which prevents HTML tags from being removed...

PHPList <= 2.10.2 GLOBALS[] Remote Code Execution Exploit

Exploit for unknown platform in category web applications ========================================================= PHPList this works against registerglobals=On \r\n"; echo "a dork: inurl:"lists/?p=subscribe" | inurl:"lists/index.php?p=subscribe"\r\n"; echo " -ubbi phplist\r\n\r\n"; if $argc4...

[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 946-2 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...

[SECURITY] [DSA 946-2] New sudo packages fix privilege escalation

-------------------------------------------------------------------------- Debian Security Advisory DSA 946-2 [email protected] http://www.debian.org/security/ Martin Schulze April 8th, 2006 http://www.debian.org/security/faq -...

DSA-946-2 sudo - missing input sanitising

Bulletin has no description...

OpenVPN VPN client code execution

Server can transmit environment variables to the clients, including e.g. LDPRELOAD...

Code injection

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."...

CVE-2006-1604

Unspecified vulnerability in Exponent CMS before 0.96.5 RC 1 has unknown impact and remote attack vectors related to variables that are not "typecasted."...

Phpwebgallery &lt;= 1.4.1 SQL injection Vulnerability

Moroccan Security Team |ucif3r Greetz To All Freind Phpwebgallery 1.4.1 is vulnerable to SQL Injection Attacks The flaw is due to input validation errors in the "category.php" script when handling the "search"variables, which could be exploited by malicious people to conduct SQL injection attacks...

openvpn -- LD_PRELOAD code execution on client through malicious or compromised server

Hendrik Weimer reports: OpenVPN clients are a bit too generous when accepting configuration options from a server. It is possible to transmit environment variables to client-side shell scripts. There are some filters in place to prevent obvious nonsense, however they don't catch the good old...

CVE-1999-1587

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option...

CVE-1999-1587

Technical details for CVE-1999-1587 are not publicly provided in the supplied documents. Monitor for updates; the files here do not specify affected versions, impact, or fixes.

Sun Solaris ps information leak

ps -e allows to see environment variables for any process...