PT-2024-38933 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 17.2 through 17.2.4 GitLab EE versions 17.3 through 17.3.1 Description: An issue was discovered with pipeline execution policies in GitLab EE, allowing authenticated users to bypass variable overwrite protection via inclusi...

K000140901: glibc vulnerability CVE-2024-2961

Security Advisory Description The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

CVE-2024-2961

The iconv function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable...

CVE-2024-2961

CVE-2024-2961 affects the GNU C Library (glibc) versions 2.39 and older. The iconv() implementation may overflow the output buffer by up to 4 bytes when converting strings to ISO-2022-CN-EXT, potentially crashing the application or overwriting adjacent memory. Publicly documented in glibc advisor...

Admin account TakeOver

Description The endpoint api/system/update-env allows any authenticated users to change env variables of the back-end process : js process.envenvKey = value; The envKey value comes from here : js const envKey, checks = KEYMAPPINGkey; One of the value in the KEYMAPPING dictionnary is : js JWTSecre...

Design/Logic Flaw

An issue was discovered in Insyde InsydeH2O with kernel 5.0 through 5.5. UEFI implementations do not correctly protect and validate information contained in the 'MeSetup' UEFI variable. On some systems, this variable can be overwritten using operating system APIs. Exploitation of this vulnerabili...

CVE-2023-27471

CVE-2023-27471 affects Insyde InsydeH2O BIOS/UEFI (kernel 5.0–5.5). The vulnerability arises from improper protection/validation of the MeSetup UEFI variable, which on some systems can be overwritten via OS APIs. Exploitation could lead to a platform denial of service, according to the available ...

SUSE CVE-2006-3758

inc/init.php in Archive Mode Light in MyBB aka MyBulletinBoard 1.1.4 calls the extract function with EXTROVERWRITE on HTTP POST and GET variables, which allows remote attackers to overwrite arbitrary variables, as demonstrated via an SQL injection using the SERVERHTTPCLIENTIP parameter in...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

RHEL 8 : postgresql:10 (RHSA-2020:5567)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2020:5567 advisory. PostgreSQL is an advanced object-relational database management system DBMS. The following packages have been upgraded to a later upstream...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

postgresql: psql's \gset allows overwriting specially treated variables

A flaw was found in the psql interactive terminal of PostgreSQL. If an interactive psql session uses \gset when querying a compromised server, this flaw allows an attacker to execute arbitrary code as the operating system account running psql. The highest threat from this vulnerability is to...

Information Disclosure

catalina is vulnerable to information disclosure attacks. The vulnerability exists as an instance-variable overwrite can occur when two requests in different threads are processed concurrently, causing information disclosure attacks...

duomicms前台全局变量覆盖导致getshell

...

SquirrelMail < 1.4.7 - Arbitrary Variable Overwrite Vulnerability

Exploit for php platform in category web applications SquirrelMail Arbitrary Variable Overwrite Vendor: SquirrelMail Product: SquirrelMail Version: = 1.4.7 Website: http://www.squirrelmail.org BID: 19486 CVE: CVE-2006-4019 OSVDB: 27917 SECUNIA: 21354 Description: SquirrelMail is a standards-based...

X-Cart &lt; 4.1.3 - Arbitrary Variable Overwrite

X-Cart Arbitrary Variable Overwrite Vendor: Qualiteam Product: X-Cart Version: $value $$var = $value; As we can see every single post variable is dynamically evaluated. This is especially dangerous because register globals and magic quotes gpc settings do not affect an attackers ability to...