CVE-2006-0097

Stack-based buffer overflow in the createnamedpipe function in libmysql.c in PHP 4.3.10 and 4.4.x before 4.4.3 for Windows allows attackers to execute arbitrary code via a long 1 arghost or 2 argunixsocket argument, as demonstrated by a long named pipe variable in the host argument to the...

CVE-2006-4124

The libXm library in LessTif 0.95.0 and earlier allows local users to gain privileges via the DEBUGFILE environment variable, which is used to create world-writable files when libXm is run from a setuid program...

DLA-335-1 ntp - security update

Bulletin has no description...

OpenEMR globals.php Authentication Bypass (CVE-2015-4453)

An authentication weakness vulnerability exists in OpenEMR, specifically in the globals.php script. The vulnerability is due to variable name collision during HTTP parameter extraction. Successful exploitation will bypass authentication and allow the attacker to gain unauthorized access to the...

Kentico CMS 8.2 Cross Site Scripting / Open Redirect

Web application Kentico CMS 8.2 XSS / Open Redirection The CVE-2015-7823 reference is still waiting my disclosure. The exploit works on 8.2 to 8.2.41 I've contacted the vendor and he fixed the vulnerability in the next major version Vulnerability type: Reflected XSS High The elementguid variable ...

Mageia: Security Advisory (MGASA-2015-0364)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

The Address Book framework in Apple OS X before 10.11 allows local users to gain privileges by using an environment variable to inject code into processes that rely on this framework...

PHP 5.4.x < 5.4.43 / 5.5.x < 5.5.27 / 5.6.x < 5.6.11 Multiple Vulnerabilities (BACKRONYM)

Binary data 8953.prm...

Oracle: Security Advisory (ELSA-2013-0587)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apple OS X Address Book Handling Vulnerability

Apple OS X is an operating system developed by Apple Inc. A security vulnerability in the Apple OS X address book handling environment variable allows local users to exploit the vulnerability to inject arbitrary code into the jinx to load the address book architecture...

LFI with PHPInfo the local test process-bug warning-the black bar safety net

LFI with PHPInfo foreign researchers in 2 0 0 1 published in a local file comprising the use of the method, as a novice in the domestic but can not find complete study materials, after several days of research to learn and put their learning process, summarize, and share. Basics The local file...

Gentoo Security Advisory GLSA 201309-21

Gentoo Linux Local Security Checks GLSA 201309-21 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Gentoo Security Advisory GLSA 201406-29

Gentoo Linux Local Security Checks GLSA 201406-29 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

Gentoo Security Advisory GLSA 201504-02

Gentoo Linux Local Security Checks GLSA 201504-02 SPDX-FileCopyrightText: 2015 Eero Volotinen Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later ifdescription...

The vulnerability of the libvdpau library, which allows a hacker to elevate their privileges

The vulnerability of the libvdpau library exists due to an incorrect limitation on the path name to the restricted access directory. Exploiting this vulnerability could allow a local attacker to increase their privileges by manipulating the VDPAUDRIVER variable...

Linux Memory Scanner: scanmem

Linux Memory Scanner scanmem is a debugging utility designed to isolate the address of an arbitrary variable in an executing process. scanmem simply needs to be told the pid of the process, and the value of the variable at several different times. After several scans of the process, scanmem...

SQL Injection Vulnerability in Qibo Blog System

Zibo Blog System is a multi-user blog system. There is a SQL injection leak in the Qibo Blog System. The SQL injection vulnerability is caused due to uninitialized $TBpre in the '/blog/template/space/file/listbbs.php' function, which is registered according to a pseudo-global variable in the Qibo...

Android Shellcode Telnetd with Parameters

/ Title: Android/ARM - telnetd with three parameters and an environment variable Date: 2015-07-31 Tested on: Android Emulator and Samsung Note 10.1 Android version 4.1.2 Author: Steven Padilla - email: email protected Organization: Tresys LLC Vendor HomePage: www.tresys.com Version: 1.0 Android A...

MGASA-2015-0364 Updated libvdpau packages fix security vulnerabilities

Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...

Updated libvdpau packages fix security vulnerabilities

Updated libvdpau packages fix security vulnerabilities: libvdpau versions 1.1 and earlier, when used in setuid or setgid applications, contain vulnerabilities related to environment variable handling that could allow an attacker to execute arbitrary code or overwrite arbitrary files CVE-2015-5198...