RechnungsZentrale V2 - SQL injection and Remote PHP inclusion vulnerabilities

---------------------------------------------------------------------------------- - GroundZero Security Research and Software Development 2006 - ---------------------------------------------------------------------------------- - - - Security Advisory regarding RechnungsZentrale v2. - - SQL...

CVE-2006-1079

htpasswd, as used in Acme thttpd 2.25b and possibly other products such as Apache, might allow local users to gain privileges via shell metacharacters in a command line argument, which is used in a call to the system function. NOTE: since htpasswd is normally installed as a non-setuid program, an...

QNX RTOS 6.3.0 (phgrafx) Local Buffer Overflow Exploit (x86)

Exploit for QNX platform in category local exploits ============================================================ QNX RTOS 6.3.0 phgrafx Local Buffer Overflow Exploit x86 ============================================================ / email protected c 2005, all rights reserved. sample exploit for...

Trillian Basic 3.0 PNG Image Processing Buffer Overflow Exploit

No description provided by source. See-security Technologies ltd. http://www.see-security.com Trillian 3.0 PNG Image Processing Buffer overflow Exploit Discovered and coded by: Tal zeltzer import sys import struct Addresses are compatible with Windows XP Service Pack 1 ReturnAddress = 0x77D7A145...

ActivePerl 5.x / Cygwin 1.5.x - System Function Call Buffer Overflow

source: https://www.securityfocus.com/bid/10375/info ActiveState Perl and Perl for cygwin are both reported to be prone to a buffer overflow vulnerability. The issue is reported to exist due to a lack of sufficient bounds checking that is performed on data that is passed to a Perl system function...

kpopup 0.9.x - Privileged Command Execution

// source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3 C-library function insecurely to run other...

kpopup 0.9.x - Privileged Command Execution

kpopup 0.9.x - Privileged Command Execution // source: https://www.securityfocus.com/bid/8915/info It has been alleged that it is possible for local attackers to gain root privileges through kpopup, which is is installed setuid root by default. According to the report, kpopup uses the system3...

HP-UX 10.x - rs.F3000 Unauthorized Access

HP-UX 10.x - rs.F3000 Unauthorized Access source: https://www.securityfocus.com/bid/6837/info The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. A denial of service attack is also possible. This is due to multiple instances of t...

HP-UX 10.x - rs.F3000 Unauthorized Access

source: https://www.securityfocus.com/bid/6837/info The rs.F3000 binary is prone to an issue that may allow attackers to obtain unauthorized access to a vulnerable system. A denial of service attack is also possible. This is due to multiple instances of the system function being used in an unsafe...

dvips uses system() function insecurely thereby allowing arbitrary command execution

Overview A vulnerability in the dvips utility can allow a remote attacker to execute arbitrary code on a vulnerable system. Description The dvips utility is used to convert DVI files to PostScriptTM. Typically the output is sent to the printer.RHSA-2002:194-18 states the vulnerability occurs...

QNX RTOS 4.256.1 - phgrafx Local Privilege Escalation

QNX RTOS 4.256.1 - phgrafx Local Privilege Escalation source: https://www.securityfocus.com/bid/4915/info The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other...

QNX RTOS 4.256.1 - phgrafx-startup Local Privilege Escalation

QNX RTOS 4.256.1 - phgrafx-startup Local Privilege Escalation source: https://www.securityfocus.com/bid/4916/info The QNX phgrafx-startup utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to...

QNX RTOS 4.25/6.1 - 'phgrafx' Local Privilege Escalation

source: https://www.securityfocus.com/bid/4915/info The QNX phgrafx utility is prone to an issue which may make it possible for local attackers to escalate privileges. This issue is due to unsafe use of the system function to invoke other programs. This vulnerability may be trivially exploited to...

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution

Itetris 1.6.11.6.2 - Privileged Arbitrary Command Execution // source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video...

IBM AIX 3.2.5 - 'IFS' Local Privilege Escalation

source: https://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2 rmail gives egid=mail. Apr. 1994 Setup needed...