Дырка в Oracle 8 (ORACLE_HOME)

Переполнение буфера во многих приложениях при разборе переменной ORACLEHOME...

CVE-2000-0794

Buffer overflow in IRIX libgl.so library allows local users to gain root privileges via a long HOME variable to programs such as 1 gmemusage and 2 grosview...

CVE-2000-0340

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable...

CVE-2000-0009

The CVE-2000-0009 entry concerns the bna_pass program in Optivity NETarchitect, which relies on the PATH environment variable to locate the rm program. This behavior allows local users to execute arbitrary commands due to how PATH is used, as described in the observed description. The available d...

CVE-2000-0340

Affected software: Gnomelib on SuSE Linux 6.3. Vulnerability: buffer overflow in Gnomelib that allows local users to execute arbitrary commands via the DISPLAY environment variable. Root cause: buffer overflow; Impact: local arbitrary command execution. Remediation: no patch/version details provi...

CVE-1999-0946

CVE-1999-0946 documents a buffer overflow in the Yamaha MidiPlug triggered via a Text variable in an EMBED tag. The available sources confirm the vulnerable component is the MidiPlug and identify the root cause as improper handling of a Text variable within an EMBED tag, leading to a potential ov...

CVE-2000-0537

BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable...

anaconda Foundation 1.4 < 1.9 - Directory Traversal

source: https://www.securityfocus.com/bid/2338/info A vulnerability exists in Anaconda Foundation Directory which allows a remote user to traverse the filesystem of a target computer. This may lead to the disclosure of file and directory contents. Arbitrary files can be accessed through the use o...

XFree86 3.3.53.3.6 - Xlib Display Buffer Overflow

XFree86 3.3.53.3.6 - Xlib Display Buffer Overflow source: https://www.securityfocus.com/bid/1805/info A vulnerability exists in xlib, the C language interface to the X Window System protocol. When applications linked to the xlib library are run, user-supplied values for the DISPLAY environment...

XFree86 3.3.5/3.3.6 - Xlib Display Buffer Overflow

source: https://www.securityfocus.com/bid/1805/info A vulnerability exists in xlib, the C language interface to the X Window System protocol. When applications linked to the xlib library are run, user-supplied values for the DISPLAY environment variable and the command-line argument -display are...

Mail File POST Vulnerability

MailFile v 1.10 by Oatmeal-Studios http://www.oatmeal-studios.com This Perl script enables a site's visitor to have a given file dispatched to a specified email address. The visitor is required to select the file from a given list and to enter his or her email address. The data will then be...

Переполнение буфера в ncurses

Переполнение буфера в библиотеке ncurses при разборе переменной среды TERMCAP...

phpix 1.0 - Directory Traversal

phpix 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The...

Серьезная уязвимость многих Unix через locale в glibc

Функции работы с locale позволяют пользователям создавать пользовательские отображения строк, при этом не проверяется наличие форматных символов. Функции locale используются многими suid-приложениями. В некоторых случаях проблема становится удаленной из-за некорректной обработки переменных...

OpenBSD 2.x - fstat Format String

OpenBSD 2.x - fstat Format String // source: https://www.securityfocus.com/bid/1746/info fstat is a program shipped with BSD unix variants that is used to list the open files on a system. It is installed sgid kmem so it can access information about open files from the kernel memory structures. A...

Дырка в catopen (libc)

В дополнение к ошибке форматной строки в catopen/setlocale в catopen так же имеется переполнение буфера при разборе локальных переменных окружения...

telnet and rlogin URLs disclose sensitive information, including Environment variables

Overview Some telnet clients may disclose sensitive information in environment variables Description Web browsers can be configured to respond to certian protocol types through the use of a helper application. In this case, web browsers can respond to telnet: URLs with the use of a helper...

tco.txt

Synnergy Laboratories Advisory SLA-2000-14 NAME BSD/Linux telnet client overflow AFFECTED Linux Debian Redhat Mandrake Slackware possibly others BSD FreeBSD possible others SYNOPSIS Synnergy Labs has found a bug in the telnet client that causes a stack overflow by filling the DISPLAY environment...

Horde library Bug part 2

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Horde Library $from Bug part 2 + How to exploit with IMP and Sendmail Description: The Fix of the first detected problem with the $from variable in the horde library was just escaping shellchars which avoids directly executing commands. It is still...

Unsafe passing of variables to mailform.pl in MailForm V2.0

Title: Unsafe passing of variables to mailform.pl in MailForm V2.0 For Unix or NT Advisory Author: Karl Hanmore [email protected] Script URL: http://rlaj.com/scripts/mailform Script Author: Ranson Johnson Advisory Released: 11 September 2000 Vendor notified: [email protected] 05 Sept...