NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability

NSFOCUS Security AdvisorySA2001-05 Topic: Solaris Xlock Heap Overflow Vulnerability Release DateЈє 2001-08-10 CVE CAN ID : CAN-2001-0652 BUGTRAQ ID : 3160 Affected system: ================ Sun Solaris 2.6 SPARC/x86 Sun Solaris 7 SPARC/x86 Sun Solaris 8 SPARC/x86 Impact: ========= NSFOCUS Security...

Неинициализированные PHP-переменные в Mambo Site Server (unauthorized access)

Классическая ошибка PHP позволяет неавторизованный административный доступ...

Дырка в Horde IMP (code execution)

Неинициализированные PHP-переменные позволяют выполнение скрипта заданного атакующим. Кроме того есть другие уязвимости...

CVE-2000-0892

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL...

CVE-2001-1076

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long 1 SOR or 2 CFIME environment variable...

CVE-2001-1159

loadprefs.php and supporting include files in SquirrelMail 1.0.4 and earlier do not properly initialize certain PHP variables, which allows remote attackers to 1 view sensitive files via the configphp and datadir options, and 2 execute arbitrary code by using optionsorder.php to upload a message...

CVE-2001-0482

Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl...

glibc unsetenv fails to properly handle environment variables passed more than once to a program

Overview The glibc implementation of unsetenv fails to properly remove one of two successive occurrences of the same environment variable if the variable is redundently passed to a program. Description The glibc implementation of unsetenv, if called to remove an environment variable that occurs t...

CVE-2001-0012

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables...

CVE-2000-1124

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables...

processit CGI Environment Variable Remote Information Disclosure

The 'processit' CGI is installed. processit normally returns all environment variables. This gives an attacker valuable information about the configuration of your web server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if descriptio...

Solaris 7.0/8 - IPCS Timezone Buffer Overflow

source: https://www.securityfocus.com/bid/2581/info Solaris is the variant of the UNIX Operating System distributed by Sun Microsystems. Solaris is designed as a scalable operating system for the Intel x86 and Sun Sparc platforms, and operates on machines varying from desktop to enterprise server...

Solaris /usr/bin/tip Vulnerability

Vulnerability in Solaris tip1 Date Published: March 27, 2001 Advisory ID: N/A Bugtraq ID: N/A CVE CAN: Non currently assigned. Title: Solaris tip1 Buffer Overflow Vulnerability Class: Boundary Error Condition Remotely Exploitable: No Locally Exploitable: Yes Vulnerability Description: The tip...

Solaris 2.52.67.08 tip - Local Buffer Overflow

Solaris 2.52.67.08 tip - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2475/info tip is a utility included with Sun Microsystems Solaris Operating Environment. tip allows a user to establish a full duplex terminal connection with a remote host. A problem with tip could lead t...

FreeBSD-SA-01:25.kerberosIV

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:25 Security Advisory FreeBSD, Inc. Topic: Local and remote vulnerabilities in Kerberos IV Category: core Module: libkrb, telnetd Announced: 2001-02-14 Credits: Jouko...

CVE-2001-0012

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables...

CVE-2001-1357

Multiple vulnerabilities in phpMyChat before 0.14.5 exist in 1 input.php3, 2 handleinputH.php3, or 3 index.lib.php3 with unknown consequences, possibly related to user spoofing or improperly initialized variables...

CVE-2001-0093

Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd...

FreeBSD-SA-01:18.bind

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:18 Security Advisory FreeBSD, Inc. Topic: BIND remotely exploitable buffer overflow Category: core, ports Module: bind Announced: 2001-01-31 Credits: COVERT Labs Claudio...

Дырка в NewsDaemon

Стандартная ошибка PHP-приложений, неинициализированный локальные переменные...