PHP 4.x < 4.4.0 / 5.x < 5.0.6 GLOBAL Variable Overwrite

Binary data 3273.prm...

PHP 4.x/5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite the GLOBAL variable. This may allow attackers to further exploit...

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite th...

CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...

CVE-2005-2926

Stack-based buffer overflow in 1 backupsh and 2 authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-2926

Stack-based buffer overflow in 1 backupsh and 2 authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...

CVE-2004-2489

Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...

sudo -- arbitrary command execution

Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...

CVE-2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIMVANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges...

CVE-2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIMVANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

security flaw

The NAT code 1 ipnatprototcp.c and 2 ipnatprotoudp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service memory corruption by causing two packets for the same protocol to be NATed at t...

security flaw

snmpapi.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service crash by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

CVE-2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIMVANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges...

CVE-2005-0023

CVE-2005-0023 affects gnome-pty-helper within GNOME libzvt2 and libvte4. The root cause is a vulnerability where a modified DISPLAY environment variable allows local users to spoof the logon hostname. Implications are limited to local access with partial confidentiality/availability impact as des...

Gnome libzvt information spoofing

DISPLAY environment variable is used as a utmp hostname...