Design/Logic Flaw

A certain Ubuntu build procedure for perf, as distributed in the Linux kernel packages in Ubuntu 10.04 LTS, 12.04 LTS, 12.10, 13.04, and 13.10, sets the HOME environment variable to the buildd directory and consequently reads the system configuration file from the buildd directory, which allows...

McKesson Active-X 11.0.10.38 Enumeration

McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member OpenTextFile from DXVLauncherLib.McKLauncher and returns ...

McKesson ActiveX File/Environmental Variable Enumeration

Exploit for windows platform in category remote exploits McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member...

McKesson - ActiveX File/Environmental Variable Enumeration

McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member OpenTextFile from DXVLauncherLib.McKLauncher and returns ...

McKesson - ActiveX FileEnvironmental Variable Enumeration

McKesson - ActiveX FileEnvironmental Variable Enumeration McKesson Rad Station ActiveX File/Variable Enumeration McKesson Rad Station File Enumeration This proof of concept will check if a file exists on the victim's machine or display the contents of an environmental variable. It uses the member...

Code injection

econvert in ExactImage 0.8.9 and earlier does not properly initialize the setjmp variable, which allows context-dependent users to cause a denial of service crash via a crafted image file...

DSA-2754-1 exactimage - denial of service

Bulletin has no description...

dedecms latest version of the modify any of the administrator vulnerability+getshell+exp-vulnerability warning-the black bar safety net

This vulnerability disregard gpc escape, over 80sec injected into the defense. Complement, don't worry about the backend could not be found. This is just a demo, can modify any database, also afraid to not get the SHELL for? The cause is the global variable$GLOBALS can be freely modified, just...

CVE-2013-4920

The P1 dissector in Wireshark 1.10.x before 1.10.1 does not properly initialize a global variable, which allows remote attackers to cause a denial of service application crash via a crafted packet...

CVE-2013-4874

The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable...

CVE-2013-4874

The Uboot bootloader on the Verizon Wireless Network Extender SCS-26UC4 allows physically proximate attackers to obtain root access by connecting a crafted HDMI cable and using a sys session to modify the ramboot environment variable...

Design/Logic Flaw

Multiple untrusted search path vulnerabilities in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allow local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCuh73454...

CVE-2013-3434

Untrusted search path vulnerability in Cisco Unified Communications Manager CUCM 7.1x through 9.11a allows local users to gain privileges by leveraging unspecified file-permission and environment-variable issues for privileged programs, aka Bug ID CSCui02242...

Kernel: atm: update msg_namelen in vcc_recvmsg()

The vccrecvmsg function in net/atm/common.c in the Linux kernel before 3.9-rc7 does not initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

Web application security vulnerability analysis and prevention（ASP article-the vulnerability warning-the black bar safety net

In previous articles we have for common Web security vulnerabilities and prevention methods are analyzed and described, and learn to Web security vulnerability of the website's security operations as well as corporate sensitive information anti-leakage effect is huge, so effective against Web...

Web application security vulnerability analysis and prevention（PHP article-the vulnerability warning-the black bar safety net

PHP is the current Internet environment in the most mainstream of dynamic website development script language, using PHP development of Web application security is also a hacker like the focus of attention. This article will by source code analysis a way to use PHP to write Web application securi...

Oracle Linux 4 : squirrelmail (ELSA-2006-0668)

From Red Hat Security Advisory 2006:0668 : A new squirrelmail package that fixes a security issue as well as several bugs is now available for Red Hat Enterprise Linux 3 and 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. SquirrelMail is a...

Kernel: Bluetooth: possible info leak in bt_sock_recvmsg()

The btsockrecvmsg function in net/bluetooth/afbluetooth.c in the Linux kernel before 3.9-rc7 does not properly initialize a certain length variable, which allows local users to obtain sensitive information from kernel stack memory via a crafted recvmsg or recvfrom system call...

phpMyAdmin 4.x < 4.0.4.1 import.php GLOBALS Variable Injection Configuration Parameter Manipulation (PMASA-2013-7)

According to its self-identified version number, the phpMyAdmin 4.x install hosted on the remote web server is earlier than 4.0.4.1 and, therefore, contains a flaw where the 'import.php' script does not properly sanitize input. This could allow attackers to inject arbitrary GLOBALS variables and...

FreeBSD : phpMyAdmin -- Global variable scope injection (1b93f6fe-e1c1-11e2-948d-6805ca0b3d42)

The phpMyAdmin development team reports : The import.php script was vulnerable to GLOBALS variable injection. Therefore, an attacker could manipulate any configuration parameter. This vulnerability can be triggered only by someone who logged in to phpMyAdmin, as the usual token protection prevent...