7696 matches found
CVE-2004-0747
CVE-2004-0747 describes a local buffer overflow in Apache HTTP Server versions 2.0.50 and earlier, triggered by expansion of environment variables in .htaccess or server configuration files. The underlying issue involves copying environment data into a fixed-size buffer (ap_resolve_env) via strin...
PT-2004-1826 · Apache · Apache +1
Name of the Vulnerable Software and Affected Versions: Apache versions 2.0.50 and earlier Description: A buffer overflow occurs during the expansion of environment variables in configuration file parsing, allowing a local user to gain the privileges of an httpd child by forcing the server to pars...
php -- php_variables memory disclosure
Stefano Di Paola reports: Bad array parsing in phpvariables.c could lead to show arbitrary memory content such as pieces of php code and other data. This affects all GET, POST or COOKIES variables...
CVE-2004-0263
Technical details (affected product/version, root cause, impact, and remediation) are not publicly provided in the supplied connected documents. Monitor for updates.
OpenSSH < 3.0.2 UseLogin Environment Variable Local Command Execution
Binary data 1992.prm...
CVE-2004-1363
Buffer overflow in extproc in Oracle 10g allows remote attackers to execute arbitrary code via environment variables in the library name, which are expanded after the length check is performed...
PT-2004-2280 · Oracle · Oracle 10G
Name of the Vulnerable Software and Affected Versions: Oracle 10g Description: A buffer overflow issue exists in the extproc component, allowing remote attackers to execute arbitrary code. This is achieved by manipulating environment variables in the library name, which are expanded after the...
SUSE-SA:2002:038: postgresql
The remote host is missing the patch for the advisory SUSE-SA:2002:038 postgresql. The PostgreSQL Object-Relational DBMS was found vulnerable to several security related buffer overflow problems. The buffer overflows are located in: handling long datetime input lpad and rpad function with multiby...
php codes injection in phpMyAdmin version 2.5.7.
Software : phpMyAdmin Version : 2.5.7 Vulnerability : php codes injection Problem-Type : remote user phpMyAdmin is web-based mysql administration written in PHP. There is a vulnerability in phpMyAdmin version 2.5.7. This vulnerability would allow remote user to inject php codes to be executed by...
Unprivilegued settings for FreeBSD kernel variables
CATEGORY: kern INTRODUCTION: i have found security threat in basic security facility in BSD systems that allows to lower sysctl variable in this case to bypass security settings, root privilegues are needed DESCRIPTION: sysctl8 ... The sysctl utility retrieves kernel state and allows processes wi...
Network Administrator protection bypass
It's possible to access protected directory by using environment variables...
FTE fails to properly validate environment variables
Overview FTE contains a vulnerability in the processing of certain environment variables that could allow an attacker to execute arbitrary code. Description FTE is a text editor available for a variety of operating systems. There is a buffer overflow vulnerability in the way FTE performs bounds...
Interchange 4.8.x/5.0 - Remote Information Disclosure
source: https://www.securityfocus.com/bid/10005/info It has been reported that Interchange may be prone to a remote information disclosure vulnerability allowing attackers to disclose contents of arbitrary variables via URI requests. This issue may allow an attacker to gain access to sensitive...
DEBIAN-CVE-2003-0828
Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables...
CVE-2003-0828
Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables...
CVE-2003-0607
Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the 1 USER or 2 DISPLAY environment variables...
CVE-2003-0607
Buffer overflow in xconq 7.4.1 allows local users to become part of the "games" group via the 1 USER or 2 DISPLAY environment variables...
CVE-2003-0607
CVE-2003-0607 affects the xconq package (version 7.4.1) via a local buffer overflow in the USER and DISPLAY environment variable handling, enabling a local attacker to gain the gid 'games'. Connected sources confirm the issue in Debian advisory DSA-354 for xconq and note that a fix was released (...
CVE-2003-0828
Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local users to gain "games" group privileges when processing environment variables...
DSA-445 lbreakout2 - buffer overflow
Bulletin has no description...