PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite

PHP 4.x5.0.x - Arbitrary File Upload GLOBAL Variable Overwrite source: https://www.securityfocus.com/bid/15250/info PHP is prone to a vulnerability that allows attackers to overwrite the GLOBAL variable via HTTP POST requests. By exploiting this issue, remote attackers may be able to overwrite th...

CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...

CVE-2005-2926

Stack-based buffer overflow in 1 backupsh and 2 authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2005-2926

Stack-based buffer overflow in 1 backupsh and 2 authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable...

CVE-2004-2489

Format string vulnerability in IBM Informix Dynamic Server IDS before 9.40.xC3 allows local users to execute arbitrary code via a modified INFORMIXDIR environment variable that points to a file with format string specifiers in the filename...

CVE-2005-2748

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application...

sudo -- arbitrary command execution

Tavis Ormandy reports: The bash shell uses the value of the PS4 environment variable after expansion as a prefix for commands run in execution trace mode. Execution trace mode xtrace is normally set via bash's -x command line option or interactively by running "set -o xtrace". However, it may als...

CVE-2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIMVANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges...

CVE-2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIMVANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

security flaw

The NAT code 1 ipnatprototcp.c and 2 ipnatprotoudp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service memory corruption by causing two packets for the same protocol to be NATed at t...

security flaw

snmpapi.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service crash by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

CVE-2005-0023

gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed...

CVE-2005-3149

Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIMVANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges...

CVE-2005-0023

CVE-2005-0023 affects gnome-pty-helper within GNOME libzvt2 and libvte4. The root cause is a vulnerability where a modified DISPLAY environment variable allows local users to spoof the logon hostname. Implications are limited to local access with partial confidentiality/availability impact as des...

Gnome libzvt information spoofing

DISPLAY environment variable is used as a utmp hostname...

Uim: Privilege escalation vulnerability

Background Uim is a multilingual input method library which provides secure and useful input method for all languages. Description Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libui...

mantis-poc.txt

--------------------------------------------------------------------------- Mantis Bugtracker - Remote Database Scanner and XSS Vulnerabilities --------------------------------------------------------------------------- Author: Jose Antonio Coret Joxean Koret Date: 2005 Location: Basque Country...