9470 matches found
CVE-2004-0089
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable...
CVE-2002-1239
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program...
CVE-2002-1239
The CVE-2002-1239 issue affects QNX Neutrino RTOS 6.2.0 where a setuid root packager uses external commands without full paths, causing local privilege escalation by manipulating PATH to point to a malicious cp. The underlying problem is unvalidated PATH-based execution of external binaries, enab...
CVE-2001-0423
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ timezone environmental variable, a different vulnerability than CAN-2002-0093...
CDE libDtHelp buffer overflow
Buffer overflow on DTHELPUSERSEARCHPATH/LOGNAME variable parsing...
GLSA-200408-11 : Nessus: 'adduser' race condition vulnerability
The remote host is affected by the vulnerability described in GLSA-200408-11 Nessus: 'adduser' race condition vulnerability A race condition can occur in 'nessus-adduser' if the user has not configured their TMPDIR variable. Impact : A malicious user could exploit this bug to escalate privileges ...
GLSA-200408-24 : Linux Kernel: Multiple information leaks
The remote host is affected by the vulnerability described in GLSA-200408-24 Linux Kernel: Multiple information leaks The Linux kernel allows a local attacker to obtain sensitive kernel information by gaining access to kernel memory via several leaks in the /proc interfaces. These vulnerabilities...
Linux Kernel: Multiple information leaks
Background The Linux kernel is responsible for managing the core aspects of a GNU/Linux system, providing an interface for core system applications as well as providing the essential structure and capability to access hardware that is needed for a running system. Description The Linux kernel allo...
Mantis Bugtracker Remote PHP Code Execution Vulnerability
--------------------------------------------------------------------------- Mantis Bugtracker Remote PHP Code Execution Vulnerability --------------------------------------------------------------------------- Author: Joxean Koret Date: 08-01-2004 Location: Basque Country...
bslist.cgi Email Address Variable Arbitrary Command Execution
Binary data 1645.prm...
bsguest.cgi Guestbook Email Address Variable Arbitrary Command Execution
Binary data 1644.prm...
MyBB < 1.1.1 Multiple Script Variable Overwrite
Binary data 3519.prm...
AWStats < 6.6 migrate Variable Command Execution
Binary data 3536.prm...
xss in moodle (post.php)
+--------------------------------+ | | | XSS in Moodle 1.3 post.php | | | +--------------------------------+ Autor: Javier Ubilla Brenni javierubillaatspymac.com Date: 02/08/04 Software Description: "Moodle is a course management system CMS - a software package designed to help educators create...
Apache Httpd < 2.0.51 : Environment variable expansion flaw
A buffer overflow was found in the expansion of environment variables during configuration file parsing. This issue could allow a local user to gain the privileges of a httpd child if a server can be forced to parse a carefully crafted .htaccess file written by a local user...
Mandrake Linux Security Advisory : webmin (MDKSA-2001:059)
Recently, Caldera found that when webmin starts a system daemon from the web frontend it does not clear its environment variables. Since these variables contain the authorization of the administrator, any daemon would also get these variables. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
FreeBSD : lbreakout2 vulnerability in environment variable handling (87)
The following package needs to be updated: lbreakout2 %NASLMINLEVEL 999999 @DEPRECATED@ This script has been deprecated by freebsdpkgad4f6ca4672011d89fb5000a95bc6fae.nasl. Disabled on 2011/10/02. C Tenable Network Security, Inc. This script contains information extracted from VuXML : Copyright...
Global variable settings
This plugin configures miscellaneous global variables for Nessus plugins. It does not perform any security checks but may disable or change the behavior of others. TRUSTED...
[ GLSA 200405-18 ] Buffer Overflow in Firebird
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200405-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - -...
DSA-506 neon - buffer overflow
Bulletin has no description...