7683 matches found
CVE-2000-0860
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables...
CVE-2000-0786
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERVGROUPS and USERVGIDS environmental variables and allow local users to bypass some access restrictions...
CVE-2000-1207
userhelper in the usermode package on Red Hat Linux executes non-setuid programs as root, which does not activate the security measures in glibc and allows the programs to be exploited via format string vulnerabilities in glibc via the LANG or LCALL environment variables CVE-2000-0844...
[SECURITY] New version of glibc released
Package: glibc Vulnerability: local exploit Debian-specific: no Recently two problems have been found in the glibc suite, which could be used to trick setuid applications to run arbitrary code. The first problem is the way ld.so handles environment variables: in order to provide a safe environmen...
[SECURITY] New version of glibc released
------------------------------------------------------------------------ Debian Security Advisory [email protected] http://www.debian.org/security/ Wichert Akkerman September 2, 2000 - ------------------------------------------------------------------------ Package: glibc Vulnerability: local...
cmctl_exp
! /usr/bin/ksh cmctl is installed setuid to Oracle by default. See BugTraq ID 170 and Oracle bug id 701297 and 714293. This script will create a setuid Oracle shell, /tmp/.sh redirect environment variables export ORACLEHOME=/tmp export ORAHOME=/tmp mkdir /tmp/bin chmod a+rx /tmp/bin create cmadmi...
[SECURITY] New version of mailx released
Package : mailx Problem type : local exploit Debian-specific: no mailx is a often used by other programs to send email. Unfortunately mailx as distributed in Debian GNU/Linux 2.1 has some features that made it possible to execute system commands if a user can trick a privileged program to send...
CVE-2000-0381
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter...
CVE-2000-0411
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the envreport parameter...
IRIX 5.2/5.3/6.x - TelnetD Environment Variable Format String
// source: https://www.securityfocus.com/bid/1572/info A vulnerability exists in the telnet daemon shipped with Irix versions 6.2 through 6.5.8, and in patched versions of the telnet daemon in Irix 5.2 through 6.1, from Silicon Graphics SGI. The telnetd will blindly use data passed by the user in...
CVE-2000-0411
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the envreport parameter...
Matt Wright FormMail 1.61.71.8 - Environmental Variables Disclosure
Matt Wright FormMail 1.61.71.8 - Environmental Variables Disclosure source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL th...
PT-2000-1353 · Matt Wright · Matt Wright'S Formmail Cgi Script
Name of the Vulnerable Software and Affected Versions: Matt Wright's FormMail CGI script affected versions not specified Description: The issue allows remote attackers to obtain environmental variables via the env report parameter. This could potentially expose sensitive information about the...
Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure
source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...
Дырка в DBMAN
db.cgi позволяет получить атакующему некоторые переменные окружения...
Black Watch Labs Vulnerability Alert
Dear Security Professional, The following vulnerability: "Environment and Setup Variables Can Be Viewed Through DBMan db.cgi Script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch...
CVE-2000-0381
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter...
Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage
source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user without any authorization. The parameters displayed include the...
Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage
Gossamer Threads DBMan 2.0.4 - DBMan Information Leakage source: https://www.securityfocus.com/bid/1178/info Requesting an invalid database file from a web server implementing Gossamer Threads DBMan scripts will return a CGI error message containing environmental variables to a remote user withou...
PT-2000-1324 · Gossamer Threads · Gossamer Threads Dbman
Name of the Vulnerable Software and Affected Versions: Gossamer Threads DBMan version db.cgi Description: The issue allows remote attackers to view environmental variables and setup information. This is achieved by referencing a non-existing database in the db parameter. Recommendations: For...