Firebird: Data disclosure

Background Firebird is a multi-platform, open source relational database. Description Viesturs reported that the default configuration for Gentoo's init script "/etc/conf.d/firebird" sets the "ISCPASSWORD" environment variable when starting Firebird. It will be used when no password is supplied b...

CVE-2008-1994

Multiple stack-based buffer overflows in a acon.c, b menu.c, and c child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via 1 a long HOME environment variable or 2 a large number of terminal columns...

Stack overflow

Multiple stack-based buffer overflows in a acon.c, b menu.c, and c child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via 1 a long HOME environment variable or 2 a large number of terminal columns...

CVE-2008-1994

Multiple stack-based buffer overflows in a acon.c, b menu.c, and c child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via 1 a long HOME environment variable or 2 a large number of terminal columns...

CVE-2008-1994

Multiple stack-based buffer overflows in a acon.c, b menu.c, and c child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via 1 a long HOME environment variable or 2 a large number of terminal columns...

CVE-2007-5758

Stack-based buffer overflow in db2dasrrm in the DB2 Administration Server DAS in IBM DB2 Universal Database 9.5 before Fix Pack 1, 9.1 before Fix Pack 4a, and 8 before FixPak 16 allows local users to execute arbitrary code via a long DASPROF environment variable...

CVE-2008-1710

Untrusted search path vulnerability in chnfsmnt in IBM AIX 6.1 allows local users to gain privileges via a modified PATH environment variable...

Code injection

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...

CVE-2008-1142

rxvt 2.6.4 opens a terminal window on :0 if the DISPLAY environment variable is not set, which might allow local users to hijack X11 connections. NOTE: it was later reported that rxvt-unicode, mrxvt, aterm, multi-aterm, and wterm are also affected. NOTE: realistic attack scenarios require that th...

Apache-SSL multiple security vulnerabilities

Multiple vulnerabilities on environment variable initialization from client certificates data...

CVE-2008-0369

IBM Informix Dynamic Server (IDS) 10.x prior to 10.00.xC8 is affected by a local file-creation vulnerability involving the SQLIDEBUG environment variable. When set, several set-UID binaries log to the specified file and change the file’s ownership to the invoking user, enabling local privilege es...

Debian: Security Advisory (DSA-354)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian Security Advisory DSA 563-2 (cyrus-sasl)

The remote host is missing an update to cyrus-sasl announced via advisory DSA 563-2. OpenVAS Vulnerability Test $Id: deb5632.nasl 6616 2017-07-07 12:10:49Z cfischer $ Description: Auto-generated from advisory DSA 563-2 Authors: Thomas Reinke Copyright: Copyright c 2007 E-Soft Inc...

Directory traversal

Directory traversal vulnerability in IBM Informix Dynamic Server IDS before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable...

CVE-2007-5956

Directory traversal vulnerability in IBM Informix Dynamic Server IDS before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable...

CVE-2007-5956

Directory traversal vulnerability in IBM Informix Dynamic Server IDS before 10.00.xC7W1 allows local users to gain privileges by referencing modified NLS message files through directory traversal sequences in the DBLANG environment variable...

CVE-2003-1473

Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 and earlier allows local users to execute arbitrary code with gid "games" permission via a long HOME environment variable...

CVE-2003-1446

Buffer overflow in the saveintofile function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a tilde...

CVE-2003-1452

Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4.05 allows local users to execute arbitrary code by modifying the PATH environment variable to reference a malicious smbpasswd program...

CVE-2003-1358

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program...