Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage

source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the...

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage

Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user withou...

PT-2000-1324 · Gossamer Threads · Gossamer Threads Dbman

Name of the Vulnerable Software and Affected Versions: Gossamer Threads DBMan version db.cgi Description: The issue allows remote attackers to view environmental variables and setup information. This is achieved by referencing a non-existing database in the db parameter. Recommendations: For...

Cart32 3.0 - 'expdate' Administrative Information Disclosure

source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging page containing the server variables, the Cart32...

Cart32 3.0 - expdate Administrative Information Disclosure

Cart32 3.0 - expdate Administrative Information Disclosure source: https://www.securityfocus.com/bid/1358/info By appending the string "/expdate" to a request for the cart32.exe executable, http: //target/cgi-bin/cart32.exe/expdate an attacker can access an error message followed by a debugging...

CVE-1999-1587

/usr/ucb/ps in Sun Microsystems Solaris 8 and 9, and certain earlier releases, allows local users to view the environment variables and values of arbitrary processes via the -e option...

PT-1999-1002 · Sun Microsystems · Solaris

Name of the Vulnerable Software and Affected Versions: Sun Microsystems Solaris versions 8 and 9, and certain earlier releases Description: The issue is related to insufficient protection of sensitive data in the /usr/ucb/ps component of the Solaris operating system. This allows local users to vi...

PT-1999-1427 · Washington University · Wu-Ftpd

Name of the Vulnerable Software and Affected Versions: WU-FTPD affected versions not specified Description: A buffer overflow issue in WU-FTPD and related FTP servers allows remote attackers to gain root privileges. This is achieved by exploiting macro variables in a message file. Recommendations...

CVE-1999-0073

Telnet allows a remote client to specify environment variables including LDLIBRARYPATH, allowing an attacker to bypass the normal system libraries and gain root access...

CVE-1999-0073

CVE-1999-0073 describes a vulnerability where a remote Telnet client can specify environment variables, including LD_LIBRARY_PATH, allowing an attacker to bypass normal system libraries and gain root access. The connected Red Hat, CVE, EUVD, and CVE list entries corroborate this description. The ...

unsetenv.txt

o unsetenv off-by-one error: The unsetenv function in glibc 2.1.1 suffers from a problem whereby when running through the environment variables, if the name of the variable being unset is present twice consecutively, the second is not destroyed. unsetenv is sometimes used by programs that depend ...

aass_patch.txt

--- aass-old.c Mon Jul 26 20:45:46 1999 +++ aass.c Mon Jul 26 21:54:47 1999 @@ -1,5 +1,5 @@ / - The AntiAntiSniffer Sniffer by Mike Perry + The AntiAntiSniffer Sniffer v0.2 by Mike Perry To all my friends, coworkers, and associates who thought I knew better than to do something like this, please...

cron_bof.txt

Subject: Re: RHSA-1999:030-01 Buffer overflow in cron daemon To: [email protected] On Wed, 25 Aug 1999, Bill Nottingham wrote: To the best of our knowledge, no known exploits exist at this time. Also, it was possible to use specially formatted 'MAILTO' environment variables to send comman...

Hughes Technologies Mini SQL (mSQL) 2.02.0.10 - Information Disclosure

Hughes Technologies Mini SQL mSQL 2.02.0.10 - Information Disclosure source: https://www.securityfocus.com/bid/591/info Under certain versions of Mini SQL, the w3-msql CGI script allows users to view directories which are set for private access via .htaccess files. W3-mSQL converts any form data...

netscape-cache-exploit.txt

Below is source code for the two versions of the Netscape Cache exploit that was recently discovered by Dan Brumleve , as found on his web site at http://www.shout.net/nothing/cache-cow/index.html First version , and then second version listed. -----snip----- !/usr/bin/perl cache-cow.cgi -- Dan...

coldfusion.fixes.txt

Date: Mon, 24 May 1999 15:00:52 -0700 From: [email protected] To: [email protected] Subject: New Allaire Security Zone Bulletins and KB Articles Dear ColdFusion Customer- Several new security issues that may affect ColdFusion customers have come to our attention recently. Please visit the...

Greg Matthews - 'Classifieds.cgi' 1.0 Hidden Variable

source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute any command on the host machine, with the privileges ...

Greg Matthews - Classifieds.cgi 1.0 Hidden Variable

Greg Matthews - Classifieds.cgi 1.0 Hidden Variable source: https://www.securityfocus.com/bid/2019/info Classifieds.cgi is a perl script part of the classifieds package by Greg Matthews which provides simple classified ads to web sites. Due to improper input validation it can be used to execute a...

CVE-1999-1435

Buffer overflow in libsocks5 library of Socks 5 socks5 1.0r5 allows local users to gain privileges via long environmental variables...

NCSA httpd-campas 1.2 - sample script

NCSA httpd-campas 1.2 - sample script source: https://www.securityfocus.com/bid/1975/info Campas is a sample CGI script shipped with some older versions of NCSA HTTPd, an obsolete web server package. The versions that included the script could not be determined as the server is no longer...