phpATM arbitrary PHP code inclusion

Affected product: phpATM Version vulnerable: 1.21, and probably earlier. Risk: High, execution of arbitrary PHP Vendor informed: Not possible mail bounces with 550, tried twice Vendor URL: http://phpatm.free.fr/ phpATM seems to be some up-/downloadscript for web environments. The discussed...

CVE-2004-1980

Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. dot dot in 1 module or 2 format variables...

NukeET 3.03.1 - Base64 Codigo Variable Cross-Site Scripting

NukeET 3.03.1 - Base64 Codigo Variable Cross-Site Scripting source: https://www.securityfocus.com/bid/13570/info NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a...

CVE-2005-0805

SQL injection vulnerability in index.php in Subdreamer Light, when magicquotesgpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by...

Convert-UUlib 1.04/1.05 Perl Module - Remote Buffer Overflow

source: https://www.securityfocus.com/bid/13401/info Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability. A remote attacker may leverage this condition to overwrite sensitive program control variables and thus gain control of the process's execution flow. Th...

Convert-UUlib 1.041.05 Perl Module - Remote Buffer Overflow

Convert-UUlib 1.041.05 Perl Module - Remote Buffer Overflow source: https://www.securityfocus.com/bid/13401/info Convert-UUlib Perl module is prone to a remotely exploitable buffer-overflow vulnerability. A remote attacker may leverage this condition to overwrite sensitive program control variabl...

security flaw

Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...

coppermine -- IP spoofing and XSS vulnerability

GHC team reports about coppermine The lack of sanitizing of user defined variables may result in undesirable consequences such as IP spoofing or XSS attack. Generally users of Coppermine Gallery can post comments. Remote address & x-forwarded-for variables are logged for admin's eyes...

DEBIAN-CVE-2005-0129

The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected...

SCO OpenServer Unix multiple shells buffer overflow

termsh, atcronsh, auditsh buffer overflow during environment variables parsing...

subdreamerSQL.txt

//==========================================// \ GHC - Subdreamer - ADVISORY // Product: Subdreamer \ Version: Subdreamer Light // URL: www.subdreamer.com \ VULNERABILITY CLASS: SQL injection //==========================================// Product Description "Powered by PHP and MySQL, Subdreamer...

CVE-2005-0616

Multiple cross-site scripting XSS vulnerabilities in the Download module for PostNuke 0.750 and 0.760-RC2 allow remote attackers to inject arbitrary web script or HTML via the 1 Program name, 2 File link, 3 Author name 4 Author e-mail address, 5 File size, 6 Version, or 7 Home page variables...

DEBIAN-CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...

GLSA-200502-31 : uim: Privilege escalation vulnerability

The remote host is affected by the vulnerability described in GLSA-200502-31 uim: Privilege escalation vulnerability Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. This...

CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...

DEBIAN-CVE-2005-0503

uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges...