DEBIAN-CVE-2005-2978

pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack...

security flaw

pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap PNM images to Portable Network Graphics PNG, which might allow attackers to execute arbitrary code by modifying the stack...

Cyphor 0.19 SQL Injection / Board takeover / cross site scripting

Cyphor 0.19 SQL Injection / Board takeover / cross site scripting 1if magic quotes off - SQL Injection: by "Forgot your password?" feature you can send yourself a new admin password and reset it, poc: email: youremail nick: 'or'X'='X soon, you will receive an email like this: You have registered...

openssh security update

CentOS Errata and Security Advisory CESA-2005:550 Updated openssh packages that fix a potential security vulnerability and various other bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. OpenSSH is OpenBSD's SSH Secure SHell...

uim -- privilege escalation vulnerability

The uim developers reports: Masanari Yamamoto discovered that incorrect use of environment variables in uim. This bug causes privilege escalation if setuid/setgid applications was linked to libuim. This bug appears in 'immodule for Qt' enabled Qt. Normal Qt is also safe. In some distribution,...

SNMP settings

This script just sets global variables SNMP community string and SNMP port and does not perform any security checks. TRUSTED...

PHPNuke78.txt

NewAngels Advisory 7PHP Nuke sqlquery"SELECT active, view FROM ".$prefix."modules WHERE title='$name'"; The $name variable is not checked so you could inject malicious SQL Code. In an file which is included whe have the following code: $queryString = strtolower$SERVER'QUERYSTRING'; if...

Urban game buffer overflow

Bufer overflow during environment variables parsing allow to obtain egid games...

RunCMS <= 1.2 Multiple Vulnerabilities

The version of RunCMS installed on the remote host allows attackers to overwrite arbitrary variables by passing them via a POST method and may also suffer from several SQL injection vulnerabilities resulting in, for example, disclosure of the admin password hash. %NASLMINLEVEL 70300 C Tenable...

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

CVE-2005-2691

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTROVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code...

CVE-2005-2574

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as SERVERREMOTEADDR...

Sql injection and global variables poisoning in XMB Forum 1.9.1

Vendor notified at and partial patch: http://forums.xmbforum.com/viewthread.php?tid=754523 firstly the input validation at xmb.php: foreach $global as $num = $array if isarray$array extract$array, EXTROVERWRITE; this should put to not overwrite any variables cause it overwrite server set variable...

dvbbsXSS.txt

DVBBS Multiple variable Cross site scripting vendor url:http://down.dvbbs.net/ SoftView/SoftView2455.html Advisory:http://lostmon.blogspot.com/2005/08/ dvbbs-multiple-variable-cross-site.html vendor notify:yes exploit available:yes OSVDB ID:18512 DVBBS contains a flaw that allows a remote cross...

CVE-2005-2482

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option defanged mode, allows attackers to modify temporary environment variables before the "Defanged" environment option is checked when processing the Exploit command...

CVE-2005-2482

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option defanged mode, allows attackers to modify temporary environment variables before the "Defanged" environment option is checked when processing the Exploit command...

Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass

Ragnarok Online Control Panel 4.3.4 a - Authentication Bypass source: https://www.securityfocus.com/bid/14429/info Ragnarok Online Control Panel ROCP is prone to a vulnerability that may let remote attackers bypass user authentication. This issue is related to how PHP variables are handled, letti...

CVE-2002-2002

Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long 1 LANG and 2 LOCPATH environment variables...

CVE-2002-1988

Resin 2.1.1 allows remote attackers to cause a denial of service memory consumption and hang via a URL with long variables for non-existent resources...

CVE-2002-2002

CVE-2002-2002 : The vulnerability is a buffer overflow in libc of Compaq Tru64 releases 4.0F, 5.0, 5.1 and 5.1A triggered by unusually long environment variables (LANG, LOCPATH). This can allow an attacker to execute arbitrary code. The issue is rooted in the Tru64 libc handling of environment va...