1292 matches found
CVE-2002-2024
Horde IMP 2.2.7 allows remote attackers to obtain the full web root pathname via an HTTP request for 1 poppassd.php3, 2 login.php3?reason=chpass2, 3 spelling.php3, and 4 ldap.search.php3?ldapserv=nonsense which leaks the information in error messages...
CVE-2002-2024
Horde IMP 2.2.7 is affected. The issue allows remote attackers to obtain the full web root pathname by requesting specific files (poppassd.php3, login.php3?reason=chpass2, spelling.php3, ldap.search.php3?ldap_serv=nonsense), with error messages leaking the information. Impact is information discl...
FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)
Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...
[SECURITY] [DSA 735-2] New sudo packages fix pathname validation race
------------------------------------------------------------------------ Debian Security Advisory DSA 735-2 [email protected] http://www.debian.org/security/ Michael Stone July 07, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 735-2] New sudo packages fix pathname validation race
------------------------------------------------------------------------ Debian Security Advisory DSA 735-2 [email protected] http://www.debian.org/security/ Michael Stone July 07, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
DSA-735-2 sudo - pathname validation race
Bulletin has no description...
DEBIAN-CVE-2005-2147
Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the 1 upload or 2 attachment viewer scripts...
Debian DSA-735-1 : sudo - pathname validation race
A local user who has been granted permission to run commands via sudo could run arbitrary commands as a privileged user due to a flaw in sudo's pathname validation. This bug only affects configurations which have restricted user configurations prior to an ALL directive in the configuration file. ...
Sudo 1.3.1 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation
Sudo 1.3.1 1.6.8p OpenBSD - Pathname Validation Privilege Escalation include include include include include define SUDO "/usr/bin/sudo" ifdef BUFSIZ undef BUFSIZ define BUFSIZ 128 endif / ANY MODIFIED REPUBLISHING IS RESTRICTED OpenBSD sudo 1.3.1 - 1.6.8p local root exploit Tested under OpenBSD...
Sudo 1.3.1 - 1.6.8p Pathname Validation Local Root Exploit (openbsd)
Exploit for bsd platform in category local exploits ==================================================================== Sudo 1.3.1 - 1.6.8p Pathname Validation Local Root Exploit openbsd ==================================================================== include include include include include...
Sudo 1.3.1 < 1.6.8p (OpenBSD) - Pathname Validation Privilege Escalation
include include include include include define SUDO "/usr/bin/sudo" ifdef BUFSIZ undef BUFSIZ define BUFSIZ 128 endif / ANY MODIFIED REPUBLISHING IS RESTRICTED OpenBSD sudo 1.3.1 - 1.6.8p local root exploit Tested under OpenBSD 3.6 sudo 1.6.7p5 Vuln by OpenBSD errata,...
[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race
------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
[SECURITY] [DSA 735-1] New sudo packages fix pathname validation race
------------------------------------------------------------------------ Debian Security Advisory 735-1 [email protected] http://www.debian.org/security/ Michael Stone July 01, 2005 http://www.debian.org/security/faq - ------------------------------------------------------------------------...
DSA-735-1 sudo - pathname validation race
Bulletin has no description...
CVE-2002-1913
phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable...
sudo -- local race condition vulnerability
Todd C. Miller reports: A race condition in Sudo's command pathname handling prior to Sudo version 1.6.8p9 that could allow a user with Sudo privileges to run arbitrary commands. Exploitation of the bug requires that the user be allowed to run one or more commands via Sudo and be able to create...
CVE-2005-1420
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" hex-encoded space...
CVE-2005-1420
CVE-2005-1420 affects Raysoft/Raybase Video Cam Server 1.0.0 beta. The vulnerability is an information disclosure where remote attackers can determine the full server pathname by requesting an invalid page using a hex-encoded space ("%20"). The provided documents do not specify exploit details be...
CVE-2005-1420
Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" hex-encoded space...
CVE-2005-1355
includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801...