VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion

VisualShapers EZContents 1.x2.0 - db.php Arbitrary File Inclusion source: https://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the...

CVE-2004-2093

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service crash and possibly execute arbitrary code via a long RSYNCPROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional...

DEBIAN-CVE-2004-2093

Buffer overflow in the opensocketout function in socket.c for rsync 2.5.7 and earlier allows local users to cause a denial of service crash and possibly execute arbitrary code via a long RSYNCPROXY environment variable. NOTE: since rsync is not setuid, this issue does not provide any additional...

Les Commentaires (PHP) Include file

Informations : °°°°°°°°°°°°°° Website : http://www.phpscripts-fr.net Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° config/fonctions.lib.php dernierscommentaires.php admin.php ------------------------------------------------------------------ if !isset$rep $rep = './...

phpscripts.txt

Informations : °°°°°°°°°°°°°° Website : http://www.phpscripts-fr.net Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° config/fonctions.lib.php dernierscommentaires.php admin.php ------------------------------------------------------------------ if !isset$rep $rep = './...

CVE-2004-2131

Stack-based buffer overflow in ontape for IBM Informix Dynamic Server IDS 9.40.xC3 and earlier allows local users, with DSA privileges, to execute arbitrary code via a long ONCONFIG environment variable...

Gallery 1.3.x/1.4 - Remote Global Variable Injection

source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs due to improper simulation of the behaviour of...

Gallery 1.3.x1.4 - Remote Global Variable Injection

Gallery 1.3.x1.4 - Remote Global Variable Injection source: https://www.securityfocus.com/bid/9490/info It has been reported that Gallery is prone to a vulnerability that may allow a remote attacker to gain unauthorized access by overwriting various values for global variables. The issue occurs d...

HP-UX shar utility creates files with predictable names in "/tmp" directory

Overview The shar program distributed with some versions of the HP-UX operating system creates files insecurely. This vulnerability could allow local users to gain escalated privilege on the system. Description shar is a program commonly available on UNIX systems to create a shell script that wil...

CVE-2004-0074

Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via 1 a long LANG environment variable, or 2 a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949...

CVE-2003-1446

Buffer overflow in the saveintofile function in save.c for Rogue 5.2-2 allows local users to execute arbitrary code with games group privileges by setting a long HOME environment variable and invoking the save game function with a tilde...

CVE-2003-1516

The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug-in 1.4.201 allows signed and unsigned applets to share variables, which violates the Java security model and could allow remote attackers to read or write data belonging to a signed applet...

CVE-2003-1358

rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variable to find and execute programs such as rm while operating at raised privileges, which allows local users to gain privileges by modifying the path to point to a malicious rm program...

CVE-2003-1167

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program...

XSOK 1.0 2 - 'LANG Environment' Local Buffer Overrun

// source: https://www.securityfocus.com/bid/9341/info xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute arbitrary code with elevated privileges. The progr...

XSOK 1.0 2 - LANG Environment Local Buffer Overrun

XSOK 1.0 2 - LANG Environment Local Buffer Overrun // source: https://www.securityfocus.com/bid/9341/info xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute...

Subscribe Me Pro/Enterprise - Remote Code Execution via Backticked Perl Variable Injection.

Pimp industries. "Its all about the Bling, Bitches and Fame!" Subscribe Me Pro/Enterprise All recent versions of Pro/Enterprise Remote Code Execution via Backticked Perl Variable Injection. C Paul Craig Pimp Industries 2003 This advisory is also online at:...

CVE-2003-0932

Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long 1 command line or 2 environment variable...

CVE-2003-0089

Buffer overflow in the Software Distributor utilities for HP-UX B.11.00 and B.11.11 allows local users to execute arbitrary code via a long LANG environment variable to setuid programs such as 1 swinstall and 2 swmodify...

DEBIAN-CVE-2003-0932

Buffer overflow in omega-rpg 0.90 allows local users to execute arbitrary code via a long 1 command line or 2 environment variable...