Apple Mac OS X Foundation Framework vulnerable to buffer overflow via incorrect handling of an environmental variable

Overview A buffer overflow in Mac OS X Foundation Framework's processing of environment variables may lead to elevated privileges. Description A vulnerability is present Mac OS X Foundation Framework shipped in version 10.3.9 of Mac OS X and Mac OSX Server. There is a flaw in the handling of...

e107 search.php search_info Parameter Traversal Arbitrary File Inclusion

The version of e107 installed on the remote host is affected by a remote file inclusion vulnerability because it fails to properly sanitize user-supplied input to the 'searchinfo' parameter of the 'search.php' script. This vulnerability could allow a remote, unauthenticated attacker to view...

CVE-2003-1167

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program...

CVE-2003-1167

KPopup 0.9.1 exposes two local-privilege/vulnerability issues. First, a format-string vulnerability in main.cpp (kpopup 0.9.1–0.9.5pre2) can allow local users to cause a denial of service (segmentation fault) and potentially execute arbitrary code via crafted format specifiers in command line arg...

CVE-2002-1659

CVE-2002-1659 affects PortalApp 2.2 where user_profile.asp allows local users to gain privileges by modifying the user_id variable. The root cause is manipulating a user_id parameter in the profile page, enabling local privilege escalation with complete impact on confidentiality, integrity, and a...

CVE-2004-1937

Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in 1 the userlangue parameter to index.php or 2 the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be...

NukeET 3.0/3.1 - Base64 Codigo Variable Cross-Site Scripting

source: https://www.securityfocus.com/bid/13570/info NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigge...

Multiple vulnearabilities in e107 cms

Software: http://www.e107.org Author: Heintz Advisory origin: http://www.waraxe.us Software bugtracker: http://e107.org/e107plugins/bugtracker2/bugtracker2.php?0.bug.558 e107 v 0.617 search.php line 142 if$POST'searchquery' echo "div...

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable...

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable...

CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to 1 wservice or 2 lockmgr...

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

CVE-2005-1395

CVE-2005-1395 affects Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier. The vulnerability is a buffer overflow that can allow local users to gain privileges when a long environment variable (XAPPLRESLANGPATH or XAPPLRESDIR) is set or via a long command line argument. The Red Hat and NVD entries confirm...

CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to 1 wservice or 2 lockmgr...

CVE-2005-1019

Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable...

CVE-2005-0497

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory...

CVE-2005-1395

Buffer overflow in Ce/Ceterm aka ARPUS/Ce 2.5.4 and earlier may allow local users to gain privileges via a long 1 XAPPLRESLANGPATH or 2 XAPPLRESDIR environment variable, or 3 command line argument...

PT-2005-2391 · Esri · Esri Arcinfo Workstation

Name of the Vulnerable Software and Affected Versions: ESRI ArcInfo Workstation version 9.0 Description: The issue allows local users to gain privileges via format string specifiers in the ARCHOME environment variable, affecting components such as wservice or lockmgr. Recommendations: For ESRI...

ARPUSCe - Local Overflow (setuid) (Perl)

ARPUSCe - Local Overflow setuid Perl !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright Kevin Finisterre kfinisterre@threat:/tmp$ ./ceex.pl sh-2.05b id uid=0root gid=1000kfinisterre groups=20dialout,24cdrom,25floppy,29audio,44video,1000kfinisterre...

WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05)

WoltLab Burning Board = 2.3.1 PL2 - XSS Vulnerability Vendor: WoltLab URL: http://www.woltlab.de/ Version: = 2.3.1 PL 2 Type: XSS Discovered by R and deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every kind of use. See 1...