CVE-2006-3848

The CVE-2006-3848 entry describes a Cross-site Scripting (XSS) vulnerability in the CGI wrapper for IP Calculator (IPCalc) version 0.40. The flaw arises because the attacker can inject arbitrary web script or HTML through the URI (REQUEST_URI environment variable), which is used in the actionurl ...

Design/Logic Flaw

artswrapper in aRts, when running setuid root on Linux 2.6.0 or later versions, does not check the return value of the setuid function call, which allows local users to gain root privileges by causing setuid to fail, which prevents artsd from dropping privileges...

FreeBSD : opera -- command line URL shell command injection (dfc1daa8-61de-11da-b64c-0001020eed82)

An Opera Advisory reports : Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...

Fedora Core 5 : beagle-0.2.3-4 (2006-188)

Some of the wrapper scripts including beagle-status looked in the current directory for files with a specific name and ran that instead of the binary in the path. All such cases have been fixed in this release. Note that Tenable Network Security has extracted the preceding description block...

Opera may execute command line embedded in URLs – Opera Security Advisories

Opera may execute command line embedded in URLs – Opera Security Advisories OPCOM Team | November 23, 2005 Summary Opera will execute command lines embedded in the URL when anotherprogram uses Opera to open a link. This affects UNIX versions ofOpera Linux/FreeBSD/Solaris. Severity: High Problem...

Opera may execute command line embedded in URLs

Opera for UNIX uses a wrapper shell script to start up Opera.This shell script reads the input arguments, like the file namesor URLs that Opera is to open. It also performs some environmentchecks, for example whether Java is available and if so, where itis located.This wrapper script can also run...

opera -- command line URL shell command injection

An Opera Advisory reports: Opera for UNIX uses a wrapper shell script to start up Opera. This shell script reads the input arguments, like the file names or URLs that Opera is to open. It also performs some environment checks, for example whether Java is available and if so, where it is located...

Nikto (NASL wrapper)

This VT is deprecated. Copyright C 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it under th...

Nmap (NASL wrapper)

This plugin runs nmap to find open ports. SPDX-FileCopyrightText: 2005 Michel Arboi Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.14259";...

DEBIAN-CVE-2004-1471

Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service application crash and possibly execute arbitrary code via format string specifiers in a wrapper line...

Nikto (NASL wrapper)

This plugin runs Nikto2, an open source GPL web server scanner used to perform comprehensive tests for multiple issues, such as outdated server versions, potentially dangerous files or programs, version specific problems, various configuration items, etc. See the section 'plugins options' to...

phpMyAdmin 2.5.7 - Remote code Injection

/ phpmy-explt.c written by Nasir Simbolon eagle kecapi com Jakarta, Indonesia June, 10 2004 A phpMyAdmin-2.5.7 exploite program. This is a kind of mysql server wrapper acts like a proxy except that it will sends a fake table name, when client query "SHOW TABLES", by replacing the real table name...

Important: Red Hat Security Advisory: stunnel security update

Updated stunnel packages are now available. These updates address problems stemming from improper use of non-reentrant functions in signal handlers. Stunnel is a wrapper for network connections. It can be used to tunnel an unencrypted network connection over an encrypted connection encrypted usin...

CVE-2001-0762

Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument...

CVE-2001-0762

CVE-2001-0762 describes a buffer overflow in su-wrapper 1.1.1 that allows local users to execute arbitrary code by providing a long first argument. The vulnerability is consistent with a local-exploit scenario and a potential impact on confidentiality, integrity, and availability as per the CVSS ...

CVE-2001-0762

Buffer overflow in su-wrapper 1.1.1 allows local users to execute arbitrary code via a long first argument...

su-wrapper 1.1.1 Local root exploit.

/ - su-wrapper.c - / // / /usr/sbin/su-wrappersu-wrapper 1.1.1 local root exploit. / / / / Package Description: / / su-wrapper is an little util which lets special users execute / / processes under another uid/gid. / / / / Vulnerability Description: / / If a long line on the first argument is...

Переполнение буфера в su-wrapper (buffer overflow)

Переполнение буфера в агрументе командной строки...

kosch suid wrapper 1.1.1 - Local Buffer Overflow

kosch suid wrapper 1.1.1 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/2837/info A boundary condition error exists in suid wrapper or 'su-wrapper.' The overflow occurs when a string exceeding approximately 1032 characters is given as the first argument when the program is...

kosch suid wrapper 1.1.1 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/2837/info A boundary condition error exists in suid wrapper or 'su-wrapper.' The overflow occurs when a string exceeding approximately 1032 characters is given as the first argument when the program is run. Because the program is installed setuid root,...