CVE-2017-2802

An exploitable dll hijacking vulnerability exists in the poaService.exe service component of the Dell Precision Optimizer software version 3.5.5.0. A specifically named malicious dll file located in one of directories pointed to by the PATH environment variable will lead to privilege escalation. ...

The vulnerability of the dynamic loader ld.so, which is responsible for system calls and core functions of glibc, allows a attacker to trigger a memory corruption.

The vulnerability of the dynamic loader ld.so, which provides system calls and core functions of the glibc library, is related to resource management errors. Exploiting this vulnerability allows an attacker to trigger a memory leak by using the environment variable LDHWCAPMASK...

CVE-2014-10070

Mode C: CVE-2014-10070 affects zsh prior to 5.0.7, where environment-imported initial values of integer variables may be evaluated instead of literals when zsh is invoked in privilege-elevation contexts with unsanitized env (e.g., sudo with env_reset disabled). This can enable local privilege esc...

shibboleth-sp -- vulnerable to forged user attribute data

Shibboleth consortium reports: Shibboleth SP software vulnerable to additional data forgery flaws The XML processing performed by the Service Provider software has been found to be vulnerable to new flaws similar in nature to the one addressed in an advisory last month. These bugs involve the use...

Security update for lame (important)

This update for lame fixes the following issues: Lame was updated to version 3.100: Improved detection of MPEG audio data in RIFF WAVE files. sf3545112 Invalid sampling detection New switch --gain decibel, range -20.0 to +12.0, a more convenient way to apply Gain adjustment in decibels, than the...

glibc $ORIGIN Expansion Privilege Escalation Exploit

This Metasploit module attempts to gain root privileges on Linux systems by abusing a vulnerability in the GNU C Library glibc dynamic linker. glibc ld.so in versions before 2.11.3, and 2.12.x before 2.12.2 does not properly restrict use of the LDAUDIT environment variable when loading setuid...

web2py environment variable value vulnerability

web2py is a set of open source Web framework written in Python , it supports the rapid development of database-driven Web-based applications . A security vulnerability exists in web2py versions prior to 2.14.1. When a user uses the standalone version, an attacker can exploit the vulnerability by...

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

CVE-2016-3952

web2py before 2.14.1, when using the standalone version, allows remote attackers to obtain environment variable values via a direct request to examples/templateexamples/beautify. NOTE: this issue can be leveraged by remote attackers to gain administrative access...

CVE-2016-3952

web2py (standalone) before 2.14.1 is affected by CVE-2016-3952: an attacker can request examples/template_examples/beautify to obtain environment variable values, which can be leveraged to gain administrative access. The issue aligns with documented exposure of sensitive information in web2py-rel...

Twisted: sets environmental variable based on user supplied Proxy request header

It was discovered that python-twisted-web used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

CVE-2017-3160

After the Android platform is added to Cordova the first time, or after a project is created using the build scripts, the scripts will fetch Gradle on the first build. However, since the default URI is not using https, it is vulnerable to a MiTM and the Gradle executable is not safe. The severity...

CVE-2017-1000408

A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...

CVE-2017-1000408

A memory leak in glibc 2.1.1 released on May 24, 1999 can be reached and amplified through the LDHWCAPMASK environment variable. Please note that many versions of glibc are not vulnerable to this issue if patched for CVE-2017-1000366...

ownCloud: OS Command Injection via tainted PATH environment variable in findBinaryPath

The PATH environment variable is passed to the find command in owncloud/core/blob/master/lib/private/legacy/helper.php on line 543 is not sanitized for input. If an adversary is able to taint the PATH environment variable, OS command execution is possible utilizing the find command's execute -exe...

F5 Networks BIG-IP : OpenSSH vulnerability (K20911042)

The dosetupenv function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pamenvironment files in user home directories, allows local users to gain privileges by triggering a crafted environment for the /bin/login program, as...

KildClient Parameter Injection Vulnerability

KildClient is a MUD client written in GTK+ Window Toolkit. A parameter injection vulnerability exists in KildClient 3.1.0. The vulnerability arises because KildClient does not validate strings before starting a program specified by the BROWSER environment variable. A remote attacker can exploit...

nip2 Parameter Injection Vulnerability

nip2 is a GUI for the VIPS image processing library. A parameter injection vulnerability exists in nip2 8.4.0. The vulnerability arises because boxes.c in nip2 does not validate strings before starting a program specified by the BROWSER environment variable. A remote attacker could exploit this...

CVE-2017-17522

DISPUTED Lib/webbrowser.py in Python through 3.6.3 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that...