10 matches found
PT-2026-22413
Name of the Vulnerable Software and Affected Versions WeGIA versions prior to 3.6.5 Description WeGIA is a web manager for charitable institutions. Prior to version 3.6.5, an unsafe use of the extract function on the $ REQUEST superglobal allows an unauthenticated attacker to overwrite local...
The parse_str function in (1) PHP, (2) Hardened-PHP, and (3) Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the function or a bug in PHP, although it is likely to be regarded as a bug in Hardened-PHP and Suhosin.
...
SUSE CVE-2005-4079
The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...
SUSE CVE-2006-4019
Dynamic variable evaluation vulnerability in compose.php in SquirrelMail 1.4.0 to 1.4.7 allows remote attackers to overwrite arbitrary program variables and read or write the attachments and preferences of other users...
postgresql: psql's \gset allows overwriting specially treated variables
A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...
CVE-2007-3205
The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...
Input validation
The parsestr function in 1 PHP, 2 Hardened-PHP, and 3 Suhosin, when called without a second parameter, might allow remote attackers to overwrite arbitrary variables by specifying variable names and values in the string to be parsed. NOTE: it is not clear whether this is a design limitation of the...
CVE-2006-3798
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the 1 GET, 2 POST, 3 ENV, and 4 SERVER variables via the COOKIE aka COOKIE variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the...
CVE-2006-3798
DeluxeBB 1.07 and earlier allows remote attackers to overwrite the 1 GET, 2 POST, 3 ENV, and 4 SERVER variables via the COOKIE aka COOKIE variable, which can overwrite the other variables during an extract function call, probably leading to multiple security vulnerabilities, aka "pollution of the...
CVE-2005-4079
The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...