CVE-2005-4158

Sudo before 1.6.8 p12, when the Perl taint flag is off, does not clear the 1 PERLLIB, 2 PERL5LIB, and 3 PERL5OPT environment variables, which allows limited local users to cause a Perl script to include and execute arbitrary library files that have the same name as library files that are included...

phpMyAdmin: Multiple vulnerabilities

Background phpMyAdmin is a tool written in PHP intended to handle the administration of MySQL over the web. Description Stefan Esser from Hardened-PHP reported about multiple vulnerabilties found in phpMyAdmin. The $GLOBALS variable allows modifying the global variable importblacklist to open...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-3665

Multiple cross-site scripting XSS vulnerabilities in phpMyAdmin before 2.7.0 allow remote attackers to inject arbitrary web script or HTML via the 1 HTTPHOST variable and 2 various scripts in the libraries directory that handle header generation...

CVE-2005-4076

Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENTHOME environment variable...

CVE-2005-4079

The registerglobals emulation in phpMyAdmin 2.7.0 rc1 allows remote attackers to exploit other vulnerabilities in phpMyAdmin by modifying the importblacklist variable in grabglobals.php, which can then be used to overwrite other variables...

CVE-2005-4076

Buffer overflow in Appfluent Technology Database IDS 2.0 allows local users to execute arbitrary code via a long APPFLUENTHOME environment variable...

Advisory 25/2005: phpMyAdmin Variables Overwrite Vulnerability

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hardened-PHP Project www.hardened-php.net -= Security Advisory =- Advisory: phpMyAdmin Variable Overwrite Vulnerability Release Date: 2005/12/07 Last Modified: 2005/12/07 Author: Stefan Esser [email protected] Application: phpMyAdmin 2.7.0-rc1...

phpMyAdmin < 2.7.0-pl1 Global Variable Overwrite

Binary data 3319.prm...

Appfluent Database IDS &lt; 2.1.0.103 (Env Variable) Local Exploit

No description provided by source. / $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug Scope Rate: Local root $ This...

Appfluent Database IDS &lt; 2.1.0.103 - Environment Variable Local Overflow

/ $ An open security advisory 14 - Appfluent Database IDS Environment Variable Overflow 1: Bug Researcher: c0ntex - c0ntexbatgmail.com -+- www.open-security.org 2: Bug Released: December 07th 2005 3: Bug Impact Rate: Hi 4: Bug Scope Rate: Local root $ This advisory and/or proof of concept code mu...

Appfluent Database IDS < 2.1.0.103 (Env Variable) Local Exploit

Exploit for solaris platform in category local exploits =============================================================== Appfluent Database IDS 2.1.0.103 Env Variable Local Exploit =============================================================== / $ An open security advisory 14 - Appfluent Database...

XSS vulnerabilities

PMASA-2005-8 Announcement-ID: PMASA-2005-8 Date: 2005-12-05 Summary XSS vulnerabilities Description It was possible to conduct an XSS attack via the HTTPHOST variable; also, some scripts in the libraries directory that handle header generation were vulnerable to XSS. Severity We consider these...

NukeETSQL32.txt

Nuke ET 'search' module 'query' variable SQL injection Vendor url: www.truzone.org exploit available:yes vendor notify:yes advisore:http://lostmon.blogspot.com/2005/11/ nuke-et-search-module-query-variable.html Nuke ET have a flaw which can be exploited by malicious people to conduct SQL injectio...

Guppy 4.5.9 - REMOTE_ADDR Remote Command Execution

Guppy 4.5.9 - REMOTEADDR Remote Command Execution Guppy body background-color:111111; SCROLLBAR-ARROW-COLOR: ffffff; SCROLLBAR-BASE-COLOR: black; CURSOR: crosshair; color: 1CB081; img backgro...

CVE-2005-3738

globals.php in Mambo Site Server 4.0.14 and earlier, when registerglobals is disabled, allows remote attackers to overwrite variables in the GLOBALS array and conduct various attacks, as demonstrated using the mosConfigabsolutepath parameter to content.html.php for remote PHP file inclusion...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3346

Buffer overflow in the environment variable substitution code in main.c in OSH 1.7-14 allows local users to inject arbitrary environment variables, such as LDPRELOAD, via pathname arguments of the form "$VAR/EVAR=arg", which cause the EVAR portion to be appended to a buffer returned by a getenv...

CVE-2005-3346

CVE-2005-3346 affects osh (OSHevironment) 1.7-14, where a buffer overflow in the environment variable substitution code (main.c) can be triggered by pathname args like "$VAR/EVAR=arg". This allows a local attacker to inject arbitrary environment variables (e.g., LD_PRELOAD) and, per Debian's advi...