Lucene search
K

62 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 9:0 a.m.18 views

CVE-2024-38811

VMware Fusion 13.x before 13.6 contains a code-execution vulnerability due to the usage of an insecure environment variable. A malicious actor with standard user privileges may exploit this vulnerability to execute code in the context of the Fusion application...

8.8CVSS7.2AI score0.0028EPSS
Exploits0
The Hacker News
The Hacker News
added 2024/11/15 6:40 a.m.10 views

High-Severity Flaw in PostgreSQL Allows Hackers to Exploit Environment Variables

Cybersecurity researchers have disclosed a high-severity security flaw in the PostgreSQL open-source database system that could allow unprivileged users to alter environment variables, and potentially lead to code execution or information disclosure. The vulnerability, tracked as CVE-2024-10979 ,...

8.8CVSS9.5AI score0.04422EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2023/06/23 12:0 a.m.5 views

PT-2023-20369 · Dell · Dell Bios

Name of the Vulnerable Software and Affected Versions: Dell BIOS affected versions not specified Description: The issue is related to an improper input validation vulnerability. A local authenticated malicious user with administrator privileges may potentially exploit this vulnerability to modify...

6.7CVSS6.2AI score0.00168EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2023/06/02 12:0 a.m.7 views

CVE-2023-28163

When downloading files through the Save As dialog on Windows with suggested filenames containing environment variable names, Windows would have resolved those in the context of the current user. This bug only affects Firefox on Windows. Other versions of Firefox are unaffected.. This vulnerabilit...

5.9AI score0.00798EPSS
Exploits0References4
securityvulns
securityvulns
added 2015/03/08 12:0 a.m.56 views

[SECURITY] [DSA 3167-1] sudo security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3167-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso February 22, 2015 http://www.debian.org/security/faq -...

2.1CVSS0.6AI score0.0047EPSS
Exploits1
seebug.org
seebug.org
added 2014/05/19 12:0 a.m.26 views

Anymacro 邮件系统任意文件下载漏洞(需登陆)

简要描述: 详细说明: 在mailattrFw.php中 其中$Fcid可控,从客户端获取,可以通过../跳转字符,跳转到相应目录进行读取。。 如默认状态下$SESSION'maildir'为:/mail/xxx.com/xxx/Maildir/ $Fcid可设置为:../../../../../etc/passwd 即可读取passwd内容 漏洞证明:...

7.1AI score
Exploits0
OSV
OSV
added 2012/09/18 5:55 p.m.7 views

CVE-2012-4425

libgio, when used in setuid or other privileged programs in spice-gtk and possibly other products, allows local users to gain privileges and execute arbitrary code via the DBUSSYSTEMBUSADDRESS environment variable. NOTE: it could be argued that this is a vulnerability in the applications that do...

7.1AI score
Exploits0References9
seebug.org
seebug.org
added 2008/12/10 12:0 a.m.21 views

CFMBLOG (index.cfm categorynbr) Blind SQL Injection Vulnerability

No description provided by source. -------------------------------AlpHaNiX---------------------------------- Found By : AlpHaNiX website : www.offensivetrack.org contact : AlpHaATHACKERDOTBZ script : CFMBLOG download : null Demo : http://www.cfmblog.com Exploits : --=BLIND SQL INJECTION=--...

7.1AI score
Exploits0
exploitpack
exploitpack
added 2006/05/25 12:0 a.m.23 views

APC ActionApps CMS 2.8.1 - Remote File Inclusion

APC ActionApps CMS 2.8.1 - Remote File Inclusion DEVIL TEAM THE BEST POLISH TEAM APC ActionApps CMS 2.8.1 - Remote File Include Vulnerabilities Find by Kacper Rahim. Greetings For ALL DEVIL TEAM members, Special DragonHeart : Contact: [email protected] or http://www.devilteam.yum.pl site:...

0.1AI score
Exploits0
OSV
OSV
added 2006/04/06 10:4 p.m.7 views

CVE-2006-1629

OpenVPN 2.0 through 2.0.5 allows remote malicious servers to execute arbitrary code on the client by using setenv with the LDPRELOAD environment variable...

7.4AI score
Exploits0References15
Packet Storm
Packet Storm
added 2005/04/17 12:0 a.m.20 views

dlmanphpBB.txt

SQL Injection was found in the Variable $fileid in : DLMan Pro' Mod vulnerable system : phpBB 2.0.x exploit : dlman.php?func=fileinfo&fileid='SQL Injection Bug Found by : LovER BOY SecurityGurus Team www.securitygurusd0tNet...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2005/03/25 12:0 a.m.24 views

phpMyDirectory1013.txt

Talte Security Advisory 3 Product: phpMyDirectory 10.1.3-rel Homepage: http://www.phpmydirectory.com/ Risk: low Type: Cross Site Scripting Bug Found by: "Talte Security - mircia" phpMyDirectory is a multi-purpose script, this script can be successfully implemented for Proffesional Yellow pages,...

7.4AI score
Exploits0
exploitpack
exploitpack
added 2005/02/07 12:0 a.m.13 views

Exim 4.42 - Local Privilege Escalation

Exim 4.42 - Local Privilege Escalation !/bin/sh Local Lame R00T sploit for exim include int mainint argc, char argv char addrptr; addrptr = getenvargv1; printf"%s @ %p\n", argv1, addrptr; return 0; gcc @env.c -o @env cp @env /usr/bin cd /usr/exim/bin CODE=perl -e 'print...

0.8AI score
Exploits0
Exploit DB
Exploit DB
added 2004/12/24 12:0 a.m.73 views

Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow (1)

/ $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer overflow in CDE libDtHelp library allows local users to execute arbitrary code via a modified DTHELPUSERSEARCHPATH environment...

7.2CVSS7AI score0.01219EPSS
Exploits13
Cvelist
Cvelist
added 2004/12/15 5:0 a.m.21 views

CVE-2004-1210

Cross-site scripting XSS vulnerability in proxylog.dat in IPCop 1.4.1 and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the 1 url or 2 part variables...

5.8AI score0.0199EPSS
Exploits1References4
Exploit DB
Exploit DB
added 2004/12/04 12:0 a.m.34 views

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation

Solaris 7/8/9 CDE libDtHelp - Buffer Overflow dtprintinfo Privilege Escalation. CVE-2003-0834. Local exploit for Solaris platform / $Id: raptorlibdthelp.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi Buffer...

7.2CVSS0.5AI score0.01219EPSS
Exploits13
Cvelist
Cvelist
added 2004/09/01 4:0 a.m.21 views

CVE-2002-1469

scponly does not properly verify the path when finding the 1 scp or 2 sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs...

6.3AI score0.02865EPSS
Exploits1References4
NVD
NVD
added 2004/04/15 4:0 a.m.20 views

CVE-2003-1033

The 1 instdbmsrv and 2 instlserver programs in SAP DB Development Tools 7.x trust the user-provided INSTROOT environment variable as a path when assigning setuid permissions to the lserver program, which allows local users to gain root privileges via a modified INSTROOT that points to a malicious...

7.2CVSS6.6AI score0.00349EPSS
Exploits0References5
OSV
OSV
added 2004/03/29 5:0 a.m.6 views

CVE-2004-0158

Buffer overflow in lbreakout2 allows local users to gain 'games' group privileges via a large HOME environment variable to 1 editor.c, 2 theme.c, 3 manager.c, 4 config.c, 5 game.c, 6 levels.c, or 7 main.c...

6.5AI score
Exploits0References8
NVD
NVD
added 2004/02/17 5:0 a.m.14 views

CVE-2004-0074

Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via 1 a long LANG environment variable, or 2 a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949...

4.6CVSS6.6AI score0.00993EPSS
Exploits1References6
Rows per page
Query Builder