TerminatorX 3.8 - Multiple Command-Line and Environment Buffer Overrun Vulnerabilities (1)

// source: https://www.securityfocus.com/bid/8993/info It has been reported that TerminatorX may be prone to multiple vulnerabilities when handling command-line and environment variable data. As a result, an attacker may be capable of exploiting the application in a variety of ways to execute...

CVE-2003-0704

KisMAC before 0.05d trusts user-supplied variables when chown'ing files or directories, which allows local users to gain privileges via the $DRIVERKEXT environment variable in 1 vihadriver.sh, 2 macjackload.sh, 3 airojackload.sh, 4 setuidenable.sh, 5 setuiddisable.sh, and using a "similar...

GNU GNATS 3.113 - Environment Variable Buffer Overflow

GNU GNATS 3.113 - Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/8005/info It has been reported that GNATS is prone to a buffer overflow condition when parsing certain environment variables. An attacker can exploit this vulnerability by setting an overly long...

CVE-2003-0337

The ckconfig command in lsadmin for Load Sharing Facility LSF 5.1 allows local users to execute arbitrary programs by modifying the LSFENVDIR environment variable to reference an alternate lsf.conf file, then modifying LSFSERVERDIR to point to a malicious lim program, which lsadmin then executes...

CVE-2002-1506

Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONFLANG environment variable, which overflows an error string that is generated...

XFree86 4.2 - 'XLOCALEDIR' Local Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment variable. A local attacker can exploi...

CVE-2002-2167

Directory traversal vulnerability in functionfoot1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. dot dot sequences terminated by a null character in the $designNo variable, which is part of an "include" function call...

Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass

Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a 6-character string, inside telnet...

memberlist.php of vBulletin

vBulletin ALL versions Vendor status: notified 3/18/2; no response Within the first few lines of code in memberlist.php, the variable $letterbits is evaled. Because of the way PHP initializes variables, we can inject HTML, or JavaScript into the document. So by directing a user to, for example:...

CVE-2001-0848

join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon ; in a form variable...

SuSE Linux 6.47.07.17.2 Berkeley Parallel Make - Local Buffer Overflow

SuSE Linux 6.47.07.17.2 Berkeley Parallel Make - Local Buffer Overflow // source: https://www.securityfocus.com/bid/3573/info Parallel Make pmake is a freely available version of the make program, originally distributed with Berkeley Unix. It is designed to execute Makefiles and build programs...

CVE-1999-1399

spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed...

CVE-2001-1025

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable e.g., by including mainfile.php, such as article.php...

BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation

/ BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define DEFAULTOFFSET -7000 / generalized offset. / static char exec=...

Libc locale - Local Privilege Escalation (2)

Libc locale - Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...

IRIX 6.5.x - '/usr/sbin/dmplay' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/1528/info Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the way the program handles the DISPLAY variable for th...

CVE-1999-0318

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable...

Oracle 8 8.1.5 - Intelligent Agent (1)

Oracle 8 8.1.5 - Intelligent Agent 1 source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...

Oracle 8 8.1.5 - Intelligent Agent (2)

// source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in $ORACLEHOME/bin . This setuid roo...

Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow

Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence o...