BRU Vulnerability

BRU backup software Vulnerability: Description: You can change the log file BRU uses by changing the BRUEXECLOG environment variable. Since bru is setuid root you can append to any file on the system. Exploitation: $ BRUEXECLOG=/etc/passwd $ export BRUEXECLOG $ bru -V ' comsec::0:0::/:/bin/sh ' $...

BRU 15.116.0 - BRUEXECLOG Environment Variable

BRU 15.116.0 - BRUEXECLOG Environment Variable source: https://www.securityfocus.com/bid/1321/info A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter...

BRU 15.1/16.0 - BRUEXECLOG Environment Variable

source: https://www.securityfocus.com/bid/1321/info A vulnerability exists in BRU, the Backup and Restore Utility, from Enhanced Software Technologies. By setting the value of the BRUEXECLOG environment variable, it is possible to an attack to alter and create files on the filesystem. As BRU is...

CVE-2000-0230

Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable...

CVE-1999-0754

CVE-1999-0754 concerns the INN inndstart program, where local users can gain privileges by specifying an alternate configuration file via the INNCONF environment variable. The available connected records confirm this vulnerability exists in INN’s inndstart component and describe the privilege-esc...

CVE-1999-0754

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable...

Real Networks Real Server 7.07.0.18.0 Beta - view-source Denial of Service

Real Networks Real Server 7.07.0.18.0 Beta - view-source Denial of Service source: https://www.securityfocus.com/bid/1288/info RealServer 7.0 will crash if it receives a request for a specific file with an unspecified variable value. http://targetIP:port/viewsource/template.html?...

Переполнение буфера в kdesud

Классическое переполнение при разборе переменно DISPLAY. Позволяет получить привилегии группы wheel...

CVE-2000-0460

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable...

KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow

// source: https://www.securityfocus.com/bid/1274/info /usr/bin/kdesud has a DISPLAY environment variable overflow which could allow for the execution of arbitrary code. / KDE: /usr/bin/kdesud exploit by noir x86/Linux [email protected] | [email protected] DISPLAY env overflow this script will...

Дырка в kcsd под Linux

kcsd использует внешний shell определяемый переменной SHELL, которая задается пользователем. Таким образом, подменив SHELL можно получить привелегии группы disk, позволяющие менять разрешения любых файлов...

CVE-2000-0393

The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute...

KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable

source: https://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using...

KDE 1.11.1.11.22.0 kscd - SHELL Environmental Variable

KDE 1.11.1.11.22.0 kscd - SHELL Environmental Variable source: https://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This...

Black Watch Labs Vulnerability Alert

Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...

Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure

source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...

Переполнение буфера в gnomelib из SuSE

Переполнение буфера при разборе переменной DISPLAY...

CVE-2000-0340

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable...

CVE-1999-0706

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables...

CVE-2000-0288

CVE-2000-0288 affects Infonautics getdoc.cgi. The vulnerability allows remote attackers to bypass the payment phase for accessing documents by altering a form variable. The available sources confirm the existence and description of this issue but do not provide concrete details on affected versio...