tcsh.6.07.bof.txt

Date: Mon, 17 May 1999 09:53:19 +0200 From: arkth To: [email protected] Subject: tcsh overflow While few days ago there was discussion about bash overflow on bugtraq i found another overflow in tcsh-6.07.09-1 rh 5.2 . The problem is in too long $HOME evironment variable very old thing - zgv...

asp-server-var.passwds.txt

Date: Wed, 12 Aug 1998 19:26:27 +0800 From: VINCENT LOK Subject: obtain domain users password via asp server variable Dear all, Just noticed that with basic authentication on IIS, one can obtain password of users accessing the ASP page via the server variable AUTHPASSWORD. The line in an asp file...

CVE-1999-0888

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLEHOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script...

Oracle 8 8.1.5 - Intelligent Agent (2)

// source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in $ORACLEHOME/bin . This setuid roo...

Oracle 8 8.1.5 - Intelligent Agent (1)

Oracle 8 8.1.5 - Intelligent Agent 1 source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...

Oracle 8 8.1.5 - Intelligent Agent (1)

source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in $ORACLEHOME/bin . This setuid root a...

Oracle 8 8.1.5 - Intelligent Agent (2)

Oracle 8 8.1.5 - Intelligent Agent 2 // source: https://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located...

CVE-1999-0690

HP CDE program includes the current directory in root's PATH variable...

CVE-1999-0733

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable...

Xi Graphics Accelerated X 4.0.x/5.0 - Local Buffer Overflow

// source: https://www.securityfocus.com/bid/488/info Accelerated-X, also known as Accel-X, is a popular commercial X server available from Xi Graphics. The servers are normally installed setuid root, and contain multiple buffer overflow vulnerabilities. These vulnerabilities were found in the...

IBM AIX 4.2.1 / Sun Solaris 7.0 - LC_MESSAGES libc Buffer Overflow (4)

// source: https://www.securityfocus.com/bid/268/info A buffer overflow in libc's handling of the LCMESSAGES environment variable allows a malicious user to exploit any suid root program linked agains libc to obtain root privileges. This problem is found in both IBM's AIX and Sun Microsystem's...

CVE-1999-0754

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable...

Oracle 8 - File Access

source: https://www.securityfocus.com/bid/170/info A number of security file access security vulnerabilities in suid programs that are part of Oracle may be exploited to obtain the privileges of the 'oracle' user and full access to the database system. Only the Unix version of Oracle is vulnerabl...

Microsoft IIS 5.0 - IISAPI Extension Enumerate Root Web Server Directory

source: https://www.securityfocus.com/bid/194/info A GET request that specifies a nonexistent file with an IISAPI-registered extension ie .pl, .idq will cause the IIS server to return an error message that includes the full path of the root web server directory. This can happen if the file is...

CVE-1999-1422

The default configuration of Slackware 3.4, and possibly other versions, includes . dot, the current directory in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users...

CVE-1999-0388

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root...

CVE-1999-0937

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable...

PT-1998-1120 · Bnbform · Bnbform

Name of the Vulnerable Software and Affected Versions: BNBForm affected versions not specified Description: The issue allows remote attackers to read arbitrary files. This is achieved via the automessage hidden form variable. Recommendations: At the moment, there is no information about a newer...

CVE-1999-0782

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable...

CVE-1999-1107

Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable...