7689 matches found
CVE-2004-1058
Race condition in Linux kernel 2.6 allows local users to read the environment variables of another process that is still spawning via /proc/.../cmdline...
CVE-2004-1058
CVE-2004-1058 is a race-condition vulnerability in the Linux kernel that can allow a local user to read environment variables of another process that is still spawning via /proc/.../cmdline. The initial description specifies Linux kernel 2.6 as affected. Connected advisories confirm this CVE is r...
security flaw
phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...
DSA-596-2 sudo - missing input sanitising
Bulletin has no description...
CVE-2004-1051
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname...
USN-28-1: sudo vulnerability
Liam Helmer discovered an input validation flaw in sudo. When the standard shell "bash" starts up, it searches the environment for variables with a value beginning with "". For each of these variables a function with the same name is created, with the function body filled in from the environment...
[SA13031] haserl Manipulation of Critical Environment Variables Vulnerability
TITLE: haserl Manipulation of Critical Environment Variables Vulnerability SECUNIA ADVISORY ID: SA13031 VERIFY ADVISORY: http://secunia.com/advisories/13031/ CRITICAL: Moderately critical IMPACT: Manipulation of data WHERE: From remote SOFTWARE: Haserl 0.x http://secunia.com/product/4191/...
CVE-2004-0747
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...
DEBIAN-CVE-2004-0747
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...
CVE-2004-0958
phpvariables.c in PHP before 5.0.2 allows remote attackers to read sensitive memory contents via 1 GET, 2 POST, or 3 COOKIE GPC variables that end in an open bracket character, which causes PHP to calculate an incorrect string length...
Debian DSA-091-1 : ssh - influencing login
If the UseLogin feature is enabled in ssh local users could pass environment variables including variables like LDPRELOAD to the login process. This has been fixed by not copying the environment if UseLogin is enabled. Please note that the default configuration for Debian does not have UseLogin...
Debian DSA-329-1 : osh - buffer overflows
Steve Kemp discovered that osh, a shell intended to restrict the actions of the user, contains two buffer overflows, in processing environment variables and file redirections. These vulnerabilities could be used to execute arbitrary code, overriding any restrictions placed on the shell...
CVE-2004-0747
Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...
CVE-2004-0747
CVE-2004-0747 describes a local buffer overflow in Apache HTTP Server versions 2.0.50 and earlier, triggered by expansion of environment variables in .htaccess or server configuration files. The underlying issue involves copying environment data into a fixed-size buffer (ap_resolve_env) via strin...
PT-2004-1826 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions 2.0.50 and earlier Description: A buffer overflow occurs during the expansion of environment variables in configuration file parsing, allowing a local user to gain the privileges of an httpd child by forcing the server to pars...
php -- php_variables memory disclosure
Stefano Di Paola reports: Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables...
CVE-2004-0263
Technical details (affected product/version, root cause, impact, and remediation) are not publicly provided in the supplied connected documents. Monitor for updates.
OpenSSH < 3.0.2 UseLogin Environment Variable Local Command Execution
Binary data 1992.prm...
CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed...
PT-2004-2280 · Oracle · Oracle 10G
Name of the Vulnerable Software and Affected Versions: Oracle 10g Description: A buffer overflow issue exists in the extproc component, allowing remote attackers to execute arbitrary code. This is achieved by manipulating environment variables in the library name, which are expanded after the...