Uim: Privilege escalation vulnerability

Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...

mantis-poc.txt

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...

CVE-2005-3097

Directory traversal vulnerability in Avi Alkalay contribute.cgi aka contribute.pl, dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable...

[Full-disclosure] Mac OS X - malloc() local privilege escalation vulnerability.

Suresec Security Advisory - 00007 25/09/2005 Mac OS X - malloc insecure use of environment variable. Advisory: http://www.suresec.org/advisories/adv7.pdf Description: The malloc function on Mac OS X insecurely trusts a debug variable, regardless of the fact that the calling application may be sui...

Fedora Core 3 : mysql-3.23.58-16.FC3.1 (2005-304)

Sat Apr 2 2005 Tom Lane 3.23.58-16.FC3.1 - Repair uninitialized variable in security2 patch. - Enable testing on 64-bit arches; continue to exclude s390x which still has issues. - Sat Mar 19 2005 Tom Lane 3.23.58-15.FC3.1 - Backpatch repair for CVE-2005-0709, CVE-2005-0710, CVE-2005-0711...

[NewAngels Advisory #5] Stylemotion WEB//NEWS 1.4 Vulnerabilities

NewAngels Advisory 5 Stylemotion WEB//NEWS 1.4 ============================================================================= Software: WEB//NEWS 1.4 Type: SQL Injections, Path Disclosure Risk: High Date: Sep. 1 2005 Vendor: Stylemotion Credit: ======= Robin 'onkelfisch' Verton...

stylemotion.txt

NewAngels Advisory 5 Stylemotion WEB//NEWS 1.4 ============================================================================= Software: WEB//NEWS 1.4 Type: SQL Injections, Path Disclosure Risk: High Date: Sep. 1 2005 Vendor: Stylemotion Credit: ======= Robin 'onkelfisch' Verton...

CVE-2005-2678

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVERNAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost...

Remote IIS 5.x and IIS 6.0 Server Name Spoof

Remote IIS 5.x and IIS 6.0 Server Name Spoof It is possible to remotely spoof the "SERVERNAME" Microsoft® Internet Information Server® 5.0, 5.1 and 6.0 server variable by doing a modified HTTP request. Thus potentially revealing sensitive ASP code through the IIS 500-100.asp error page, the spoof...

Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities

source: https://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in the application to properly sanitize user-supplied input. An attacker ma...

Mantis Bug Tracker 0.x1.0 - Multiple Input Validation Vulnerabilities

Mantis Bug Tracker 0.x1.0 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in th...

CVE-2005-2574

xmb.php in XMB Forum 1.9.1 extracts and defines all provided variables, which allows remote attackers to modify arbitrary server variables such as SERVERREMOTEADDR...

CVE-2004-2352

Cross-site scripting XSS vulnerability in GBook for PHP-Nuke 1.0 allows remote attackers to inject arbitrary web script or HTML via cookies that are stored in the $COOKIE PHP variable, which is not cleansed by PHP-Nuke...

CVE-2004-2352

The CVE-2004-2352 entry documents a Cross-site Scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0. Affected component: GBook for PHP-Nuke 1.0; vulnerability type: XSS via cookies stored in the $_COOKIE variable that are not cleansed by PHP-Nuke. Impact: remote attackers could inject arbitrar...

x_aix5_bellmail.pl.txt

-bash-2.05b$ -bash-2.05b$ cat xaix5bellmail.pl !/usr/bin/perl FileName: xaix5bellmail.pl Exploit "Race condition vulnerability BUGTRAQ ID: 8805" of /usr/bin/bellmail command on Aix5 to change any file owner to current user. Usage : xaix5bellmail.pl aimfile aimfile : then file wich you want to cho...

quickCart.txt

Quick.cart 'sWord' variable XSS and 'iCategory' SQL injection vendor url:http://qc.dotgeek.org/os/index.php?p=productsQuickCart advisore:http://lostmon.blogspot.com/2005/05/quickcart-sword-variable-xss-and.html vendor notify: yes exploit available: yes Quick.cart contais a flaw which can be...

CVE-2002-2087

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling 1 gdsdrop, 2 gdslockmgr, or 3 gdsinetserver...

CVE-2002-2099

Buffer overflow in the GNU DataDisplay Debugger DDD 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE...

CVE-2002-2099

Buffer overflow in the GNU DataDisplay Debugger DDD 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE...

Easyxp41.txt

XSS flaws and data disclosure in Easyxp41 XSS flaws and data dliclosure in Easyxp41 vendor url: http://www.easypx41.be/ advisory: http://falcondeoro.blogspot.com/2005/07/ xss-flaws-and-data-disclosure-in.html vendor notify: Yes exploit available: Yes Easyxp41 es a free script to make web portal.Y...