Astra Linux - уязвимость в glibc

A vulnerable environment variable in the Untrusted LDLIBRARYPATH setting in the GNU C Library, versions 2.27 to 2.38, allows attackers to control the loading of dynamically shared libraries in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or...

EUVD-2006-4242

Malware in sbrugna...

EUVD-1999-0945

Malware in sbrugna...

EUVD-2002-1459

Malware in sbrugna...

UBUNTU-CVE-2025-4802

Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library in statically compiled setuid binaries that call dlopen including internal dlopen calls after setlocale or calls to NSS functions...

UBUNTU-CVE-2025-22145

Carbon is an international PHP extension for DateTime. Application passing unsanitized user input to Carbon::setLocale are at risk of arbitrary file include, if the application allows users to upload files with .php extension in an folder that allows include or require to read it, then they are a...

PHP Remote File Inclusion

Overview Affected versions of this package are vulnerable to PHP Remote File Inclusion via the setLocale method. An attacker can include arbitrary files and execute code by passing unvalidated input that leads to file inclusion. Note: This is only exploitable if the application allows file upload...

SUSE CVE-2007-4784

The setlocale function in PHP before 5.2.4 allows context-dependent attackers to cause a denial of service application crash via a long string in the locale parameter. NOTE: this might not be a vulnerability in most web server environments that support multiple threads, unless this issue can be...

Fedora 20 : glibc-2.18-14.fc20 (2014-9824)

Locale names, including those obtained from environment variables LANG and the LC variables, are more tightly checked for proper syntax. setlocale will now fail with EINVAL for locale names that are overly long, contain slashes without starting with a slash, or contain '..' path components...

IBM AIX <= 5.3.0 - setlocale() Local Privilege Escalation Exploit

No description provided by source. setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof=a580+bbbbccccdddd\x2f\xf2\x28\x2f egg=\x602350 shellcode= by intropy at caughq.org \x7c\xa5\x2a\x79 xor. r5,r5,r5 \x40\x82\xff\xfd bnel shellcode \x7f\xe8\x02\xa6 mflr...

GNU glibc - strcoll() Routine Integer Overflow

GNU glibc - strcoll Routine Integer Overflow // source: https://www.securityfocus.com/bid/55462/info GNU glibc is prone to a remote integer-overflow vulnerability which leads to buffer overflow vulnerability. Successful exploits may allow an attacker to execute arbitrary code in the context of a...

SuSE9 Security Update : PHP4 (YOU Patch Number 12049)

This update fixes multiple bugs in php : - several problems in pcre CVE-2007-1660, CVE-2006-7225, CVE-2006-7224, CVE-2006-7226 CVE-2007-1659, CVE-2006-7230 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars. CVE-2007-5898 - overly long arguments to the dl function could...

openSUSE 10 Security Update : apache2-mod_php5 (apache2-mod_php5-4810)

This update fixes multiple bugs in php : - use system pcre library to fix several pcre vulnerabilities CVE-2007-1659, CVE-2006-7230, CVE-2007-1660, CVE-2006-7227 CVE-2005-4872, CVE-2006-7228 - Flaws in processing multi byte sequences in htmlentities/htmlspecialchars CVE-2007-5898 - overly long...

FreeBSD : php -- multiple security vulnerabilities (392b5b1d-9471-11dc-9db7-001c2514716c)

PHP project reports : Security Enhancements and Fixes in PHP 5.2.5 : - Fixed dl to only accept filenames. Reported by Laurent Gaffie. - Fixed dl to limit argument size to MAXPATHLEN CVE-2007-4887. Reported by Laurent Gaffie. - Fixed htmlentities/htmlspecialchars not to accept partial multibyte...

IBM AIX &lt;= 5.3.0 setlocale() Local Privilege Escalation Exploit

No description provided by source. setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccddddx2fxf2x28x2f" egg="x60"2350 shellcode= by intropy at caughq.org "x7cxa5x2ax79" xor. r5,r5,r5 "x40x82xffxfd" bnel shellcode "x7fxe8x02xa6" mflr r31...

IBM AIX <= 5.3.0 setlocale() Local Privilege Escalation Exploit

Exploit for aix platform in category local exploits =============================================================== IBM AIX caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel "\x7f\xe8\x02\xa6" mflr r31 "\x3b\xff\x01\x20" cal r31,0x120r31 "\x38\x7f\xff\x08" cal r3,-248r31...

IBM AIX 5.3.0 - setlocale() Local Privilege Escalation

IBM AIX 5.3.0 - setlocale Local Privilege Escalation setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccdddd\x2f\xf2\x28\x2f" egg="\x60"2350 shellcode= by intropy caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel...

IBM AIX 5.3.0 - &#039;setlocale()&#039; Local Privilege Escalation

setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccdddd\x2f\xf2\x28\x2f" egg="\x60"2350 shellcode= by intropy caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel "\x7f\xe8\x02\xa6" mflr r31 "\x3b\xff\x01\x20" cal...

setlocate-local.txt

setlocale exploit for aix 5.2 CVE-2006-4254 [email protected] from os import execve bof="a"580+"bbbbccccdddd\x2f\xf2\x28\x2f" egg="\x60"2350 shellcode= by intropy caughq.org "\x7c\xa5\x2a\x79" xor. r5,r5,r5 "\x40\x82\xff\xfd" bnel "\x7f\xe8\x02\xa6" mflr r31 "\x3b\xff\x01\x20" cal...

PHP: Multiple vulnerabilities

Background PHP is a widely-used general-purpose scripting language that is especially suited for Web development and can be embedded into HTML. Description Several vulnerabilities were found in PHP. Mattias Bengtsson and Philip Olausson reported integer overflows in the gdImageCreate and...