9564 matches found
VisualShapers ezContents 1.x/2.0 db.php Arbitrary File Inclusion
No description provided by source. source: http://www.securityfocus.com/bid/9638/info It has been reported that ezContents may be prone to a file include vulnerability in multiple modules. The problem reportedly exists because remote users may influence the 'GLOBALSrootdp' and 'GLOBALSlanguagehom...
ImageShack Toolbar 4.8.3.75 - Remote Code Execution Exploit
No description provided by source. !-- Title: ImageShack Toolbar 4.8.3.75 Remote Code Execution Exploit Date: Nov 23, 2010 Author: Rew Email: rew splat leethax.info Link: http://toolbar.imageshack.us/ImageShackToolbar.exe Version: 4.8.3.75 Tested on: WinXP - IE 6 & 7 CVE: NA 0day Note: This objec...
XSOK 1.0 2 LANG Environment Variable Local Buffer Overrun Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/9341/info xsok is prone to a locally exploitable buffer overrun vulnerability due to insufficient bounds check of data supplied through the LANG environment variable. This could be exploited to execute arbitrary code with...
Armidale Software Yapp Conferencing System 2.2 - Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence of the vulnerability being exploited is a...
Liquid War 5.4.5/5.5.6 HOME Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8629/info Liquid War has been reported prone to a buffer overflow condition when handling HOME environment variables of excessive length. The issue presents itself, due to a lack of sufficient boundary checks performed on...
Solaris 2.6/7.0 /locale Subsystem Format String
No description provided by source. / source: http://www.securityfocus.com/bid/1634/info nectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
Chinput 3.0 Environment Variable Buffer Overflow Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/3896/info Chinput is an input server designed for Chinese characters. It is available on Linux and other Unix based systems. Chinput appears to be installed suid root by default. A vulnerability exists in Chinput. A local...
Tucows Client Code Suite (CSS) <= 1.2.1015 File Include Vulnerability
No description provided by source. !/usr/bin/perl Tucows Open Project --Remote File Inclusion Vulnerablity Bug Found & Exploit coded By Dr Max Virus Download:http://developer.tucows.com/code/ccs/downloads/ccs-open-1.2.1015-2006-209-1337.zip use LWP::UserAgent; $target=@ARGV0; $shellsite=@ARGV1;...
Oracle <= 8 8.1.5 Intelligent Agent Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/585/info A vulnerability in the Oracle Intelligent Agent allows local malicious users to execute arbitrary commands and to create world writable files as the root user. The problem lies in the dbsnmp program located in...
Mantis 0.x/1.0 - Multiple Input Validation Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/14604/info Mantis is prone to multiple input validation vulnerabilities. These issues involve cross-site scripting, HTML injection and variable poisoning, and are due to a failure in the application to properly sanitize...
InTouch 0.5.1 Alpha User Variable SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/16110/info inTouch is prone to an SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could resu...
XFree86 X11R6 3.3.2 XMan ManPath Environment Variable Buffer Overflow
No description provided by source. source: http://www.securityfocus.com/bid/3030/info xman is a component included with the XFree86 Window System. A buffer overflow in the handling of the MANPATH environment variable by xman makes it possible for a local user to execute arbitrary code. By inserti...
XFree86 4.2 XLOCALEDIR Local Buffer Overflow Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/7002/info Several XFree86 utilities may be prone to a buffer overflow condition. The vulnerability exists due to insufficient boundary checks performed by these utilities when referencing the XLOCALEDIR environment...
Poster 2.0 Unauthorized Privileged User Access Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/8426/info A vulnerability has been reported for Poster.version:two. The problem occurs due to the application failing to lock the 'setup' variable after initialization. As a result, an attacker may access this variable to...
Sudo Perl 1.6.x Environment Variable Handling Security Bypass Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/15394/info Sudo is prone to a security-bypass vulnerability that could lead to arbitrary code execution. This issue is due to an error in the application when handling the 'PERLLIB', 'PERL5LIB', and 'PERL5OPT' environment...
SGI IRIX <= 6.4 rmail Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/460/info A vulnerability exists in the rmail utility, included by SGI with it's Irix operating system. By failing to sanity check the contents of an environment variable, arbitrary commands may be executed with gid mail...
cPanel 5.0 Guestbook.cgi Remote Command Execution Vulnerability (4)
No description provided by source. source: http://www.securityfocus.com/bid/6882/info A remote command execution vulnerability has been discovered in the cPanel CGI Application. This issue occurs due to insufficient sanitization of externally supplied data to the 'guestbook.cgi' script. An attack...
HP Tru64 NLSPATH Environment Variable Local Buffer Overflow Vulnerability (2)
No description provided by source. source: http://www.securityfocus.com/bid/5647/info Tru64 is a commercially available UNIX operating system. Tru64 was originally developed by Digital and is now distributed and maintained by HP. A buffer overflow has been discovered in a number of Tru64 binaries...
KDE 1.1/1.1.1/1.2/2.0 kscd SHELL Environmental Variable Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to...
Joomla Component (com_restaurantguide) Multiple Vulnerabilities
No description provided by source. Exploit Title: Joomla Component comrestaurantguide Multiple Vulnerabilities Date: 18.09.2010 Author: Valentin Category: webapps/0day Version: 1.0.0 Tested on: Debian lenny, Apache2, MySQL 5, Joomla 1.5.x CVE : Code : :::::::::::::::::::::::::::::::::::::: 0x1...