c99 2.0 登录绕过漏洞

@extract$REQUEST"c99shcook";这行代码导致变量覆盖可以使得$login=0，直接登陆if $login if empty$md5pass $md5pass = md5$pass; if $SERVER"PHPAUTHUSER" != $login or md5$SERVER"PHPAUTHPW" != $md5pass if $logintxt === false $logintxt = ""; elseif empty$logintxt $logintxt = striptagseregreplace"nbsp;|br", " ", $donatedhtml;...

DSA-2984-1 acpi-support - security update

Bulletin has no description...

Debian: Security Advisory (DSA-2984-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Microsoft Internet Explorer Uninitialized Variable Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

CVE-2014-3074

The runtime linker in IBM AIX 6.1 and 7.1 and VIOS 2.2.x allows local users to create a mode-666 root-owned file, and consequently gain privileges, by setting crafted MALLOCOPTIONS and MALLOCBUCKETS environment-variable values and then executing a setuid program...

Irokez CMS <= 0.7.1 - Multiple Remote File Include Vulnerabilities

No description provided by source. +------------------------------------------------------------------------------------------- + Irokez CMS = 0.7.1 Multiple Remote File Include Vulnerabilities +------------------------------------------------------------------------------------------- + Vendor...

XBlast 2.6.1 HOME Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8296/info XBlast is contains a locally exploitable buffer overflow vulnerability due to insufficient bounds checking of data supplied via the HOME environment variable. Successful exploitation would allow a local user to...

Solaris 7/8/9 CDE LibDTHelp - Local Buffer Overflow Exploit (2)

No description provided by source. / $Id: raptorlibdthelp2.c,v 1.1 2004/12/04 14:44:38 raptor Exp $ raptorlibdthelp2.c - libDtHelp.so local, Solaris/SPARC 7/8/9 Copyright c 2003-2004 Marco Ivaldi [email protected] Buffer overflow in CDE libDtHelp library allows local users to execute arbitra...

newsPHP 216 Remote File Include Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8488/info A file include vulnerability has been reported in the nphpd.php module of newsPHP that may permit an attacker to include and execute malicious script code on a vulnerable host. The issue is reported to exist in...

Solaris <= 7.0 chkperm Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/295/info Solaris 2.4, 2.5, and 2.5.1 possibly other versions have a package called FACE Framed Access Command Environment installed. Included in the package is a program called chkperm which checks a file to see if the us...

qmailadmin 1.0.x Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5404/info The qmailadmin utility, developed by Inter7, is vulnerable to a buffer overflow condition. It is meant to run as a CGI program and is typically installed setuid owned by root on some systems, regular users on...

QNX PPPoEd 2.4/4.25/6.2 Path Environment Variable Local Command Execution Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/11105/info QNX PPoEd is reported prone to a problem that exists in the handling of paths to external executables that are employed by PPPoEd. Because of this, an attacker may be able to gain elevated privileges on a host...

XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...

Caldera UnixWare 7.1.1 Message Catalog Environment Variable Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/4060/info UnixWare is a commercially available Unix Operating System. It was originally developed by SCO, and is now distributed and maintained by Caldera. A format string vulnerability in the locale subsystem could lead ...

OpenBSD 3.9/4.0 LD.SO Local Environment Variable Clearing Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/21188/info OpenBSD is prone to a local vulnerability that may allow attackers to pass malicious environment variables to applications, bypassing expected security restrictions. Attackers may be able to exploit this issue ...

Platform Load Sharing Facility 4/5/6 EAuth Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/9724/info Load Sharing Facility eauth component has been reported prone to privilege escalation vulnerability. The eauth component is responsible for controlling authentication procedures within Load Sharing Facility. An...

MyBB 1.1 Global Variable Overwrite Vulnerability

No description provided by source...

Rational ClearCase 3.2/4.x DB Loader TERM Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3523/info ClearCase is a commercially available software change management package. It is maintained and distributed by Rational. A problem with the package could lead to a local user gaining elevated privileges. The...

Elm 2.3/2.4 - Local TERM Environment Variable Buffer Overrun Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8030/info A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer. Specifically, a TERM environment...

HP-UX 11 CDE DTPrintInfo Display Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8795/info It has been reported that dtprintinfo, installed setuid root by default, is susceptible to a locally exploitable buffer overflow vulnerability. The condition is triggered when the value of the DISPLAY environmen...