HP-UX 11 CDE DTPrintInfo Display Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8795/info It has been reported that dtprintinfo, installed setuid root by default, is susceptible to a locally exploitable buffer overflow vulnerability. The condition is triggered when the value of the DISPLAY environmen...

FuzzyMonkey 2.11 MyClassifieds Email Variable SQL Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8863/info It has been reported that FuzzyMonkey MyClassifieds may be prone to a SQL injection vulnerability that may allow an attacker to disclose user passwords by supplying malicious SQL code to the Email variable. This...

XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...

Easypx41 Multiple Variable Injection Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information...

IBM AIX <= 3.2.5 IFS Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/454/info Under older versions of AIX By changing the IFS enviroment variable to / setuid root programs that use system or popen can be fooled into running user provided programs. !/bin/csh IFS hole in AIX3.2 rmail gives...

Progress Database 9.1 Environment Variable Local Privilege Escalation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7916/info It has been reported that Progress database does not properly handle untrusted input when opening shared libraries. Specifically, the dlopen function used by several Progress utilities checks the user's PATH...

Oracle Internet Directory 2.0.6 oidldap Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1828/info Oracle Internet Directory 2.0.6 is a pre-alpha development release, available as both an addon package and in the Oracle Database Software release 8.1.6. A vulnerability has been found in the oidldap binary with...

e107 <= 0.7.11 - Arbitrary Variable Overwriting Vulnerability

No description provided by source. GulfTech Security Research August 07, 2008 Vendor : Steve Dunstan URL : http://www.e107.org/ Version : e107 = 0.7.11 Risk : Arbitrary Variable Overwriting Description: e107 is a popular full featured content management system written in php. Unfortunately e107...

EditTag 1.2 edittag.pl file Variable Arbitrary File Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/21890/info EditTag is prone to multiple directory-traversal vulnerabilities because the application fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow a remote attacker to access any file...

IMLib2 Home Environment Variable Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/3868/info Imlib2 is a freely available, open source graphics library available for the Linux and Unix operating systems. It is maintained by Michael Jennings. Imlib2 is installed on many operating systems and linked with...

Sudo 1.6.x Environment Variable Handling Security Bypass Vulnerability (1)

No description provided by source. source: http://www.securityfocus.com/bid/16184/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling environment variables. A local attacker with the...

ListProc 8.2.9 Catmail ULISTPROC_UMASK Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/7533/info ListProc catmail has been reported prone to a buffer overflow vulnerability when handling a ULISTPROCUMASK environment variable of excessive length. The issue is likely due to a lack of sufficient bounds checkin...

CubeCart 2.0.x view_product.php product Variable Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/13050/info CubeCart is reported prone to multiple SQL injection vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input before using it in SQL queries. These issues...

TextPattern <= 1.19 (publish.php) Remote File Inclusion Vulnerability

No description provided by source. ---------------------------------------------------------------------------- TextPattern =g1.19 txpcfgtxpath Remote File Inclusion Vulnerability ---------------------------------------------------------------------------- Author : Zeni Susanto A.K.A Bithedz Date...

PHPmybibli <= 3.0.1 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. \ /\ \ / | \ \ | / \ // / | \ | \ \ Y / | \ / / \ /| /\ / / / / / .OR.ID ECHOADV55$2006 ----------------------------------------------------------------------------------------------- ECHOADV55$2006Phpmybibli =2.1 Multiple Remote File Inclusion...

DFD Cart 1.1 - Multiple Remote File Inclusion Vulnerabilities

No description provided by source. DFD Cart 1.1 Multiple Remote File Inclusion Vulnerabilities Vulnerability Type: Remote File Inclusion Vulnerable file: /dfdcart/app.lib/product.control/core.php/product.control.config.php Exploit URL:...

com_flyspray Mambo Com. <= 1.0.1 - Remote File Disclosure Vulnerability

No description provided by source. | \ | / | \ \ / | | | | | \ / | \ \ / / | | | | '| | |/| |/ \ / / \ / / | | '| | | / | | || | | | | | | | | \ / | | | | || \ \ |/|| || ||,//\ / ||| ,|/ Compononent name:comflyspray Affected Version:1.0.1...

Muhammad A. Muquit wwwcount 2.3 Count.cgi Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/128/info Wwwcount count.cgi is a very popular CGI program used to track website usage. In particular, it enumerates the number of hits on given webpages and increments them on a 'counter'. In October of 1997 two remotely...

IBM AIX 5.x Diag Local Privilege Escalation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/12041/info diag is reported prone to a local privilege escalation vulnerability. This issue is due to a failure of certain diag applications to properly implement security controls when executing an application specified ...

XPCD 2.0.8 Home Environment Variable Local Buffer Overflow Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/8370/info A problem in the handling of long strings in environment variables by xpcd may result in a buffer overflow condition. This may allow an attacker to gain unauthorized access to system resources. / xpcd 2.0.8 late...