Easypx41 - Multiple Variable Injection Vulnerabilities

Easypx41 - Multiple Variable Injection Vulnerabilities source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged...

Easypx41 - Multiple Variable Injection Vulnerabilities

source: https://www.securityfocus.com/bid/14421/info Easypx41 is prone to multiple variable injection vulnerabilities. An attacker can manipulate multiple script input variables and bypass access controls to retrieve sensitive and privileged information. Information obtained may aid in further...

beehiveVulns.txt

-------------------------------------- Beehive Forum Multiple Vulnerabilities -------------------------------------- Beehive Forum is affected by sql injection, xss, and path disclosure. Vulnerabilities --------------- 1 The $GET "webtag" parameter is on almost every page of the product and is...

Advanced Guestbook User-Agent Header HTML Injection

The remote host is running Advanced Guestbook, a free guestbook written in PHP. The installed version of Advanced Guestbook fails to properly sanitize the 'HTTPUSERAGENT' environment variable before using it in dynamically-generated content. An attacker can exploit this flaw to launch cross-site...

Beehive Forum Multiple Vulnerabilities

-------------------------------------- Beehive Forum Multiple Vulnerabilities -------------------------------------- Beehive Forum is affected by sql injection, xss, and path disclosure. Vulnerabilities --------------- 1 The $GET "webtag" parameter is on almost every page of the product and is...

CVE-2005-2328

PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFGPATH variable...

CVE-2004-2264

GNU less versions 358–382 contain a format-string bug in the open_altfile function (filename.c) that may allow local users to cause a denial of service or possibly execute arbitrary code via the LESSOPEN environment variable. The PT-2004-3159 advisory notes this is not a vulnerability unless priv...

CVE-2004-2264

Format string bug in the openaltfile function in filename.c for GNU less 382, 381, and 358 might allow local users to cause a denial of service or possibly execute arbitrary code via format strings in the LESSOPEN environment variable. NOTE: since less is not setuid or setgid, then this is not a...

Sun Solaris LD_AUDIT privilege escalation

LDAUDIT environment variable allows to attch external dynamic library compiled with ld.so library. In addition, there is buffer overflow while parsing this variable...

SquirrelMail Arbitrary Variable Overwriting Vulnerability

GulfTech Security Research July 14th, 2005 Vendor : The SquirrelMail Project Team URL : http://www.squirrelmail.org/ Version : SquirrelMail 1.4.5-RC1 && Earlier Risk : Variable Overwriting Description: SquirrelMail is a standards-based webmail package written in php. It includes built-in pure PHP...

CVE-2002-2017

sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code by setting the authprog environment variable to reference a malicious program, which is then executed by sastcpd...

CVE-2002-2018

CVE-2002-2018 affects SAS/Base 8.0. The affected component is sastcpd; a local user can set the NETENCRALG environment variable, which causes a segmentation fault and may grant privileges. Exploit details and remediation/patch information are not provided in the connected documents.

Debian DSA-756-1 : squirrelmail - several vulnerabilities

Several vulnerabilities have been discovered in Squirrelmail, a commonly used webmail system. The Common Vulnerabilities and Exposures project identifies the following problems : - CAN-2005-1769 Martijn Brinkers discovered cross-site scripting vulnerabilities that allow remote attackers to inject...

squirrelmail -- _$POST variable handling allows for various attacks

A Squirrelmail Advisory reports: An extract$POST was done in optionsidentities.php which allowed for an attacker to set random variables in that file. This could lead to the reading and possible writing of other people's preferences, cross site scripting or writing files in webserver-writable...

FreeBSD : perl -- vulnerabilities in PERLIO_DEBUG handling (a5eb760a-753c-11d9-a36f-000a95bc6fae)

Kevin Finisterre discovered bugs in perl's I/O debug support : - The environmental variable PERLIODEBUG is honored even by the set-user-ID perl command usually named sperl or suidperl. As a result, a local attacker may be able to gain elevated privileges. CVE-2005-0155 - A buffer overflow may occ...

FreeBSD : portupgrade -- insecure temporary file handling vulnerability (22f00553-a09d-11d9-a788-0001020eed82)

Simon L. Nielsen discovered that portupgrade handles temporary files in an insecure manner. This could allow an unprivileged local attacker to execute arbitrary commands or overwrite arbitrary files with the permissions of the user running portupgrade, typically root, by way of a symlink attack...

FreeBSD : golddig -- local buffer overflow vulnerabilities (949c470e-528f-11d9-ac20-00065be4b5b6)

Two buffer overflow vulnerabilities where detected. Both issues can be used by local users to gain group games privileges on affected systems. The first overflow exists in the map name handling and can be triggered when a very long name is given to the program during command-line execution The...

phpSecurePages cfgProgDir Variable File Include Vulnerabilities

The remote host is running phpSecurePages, a PHP module used to secure pages with a login name / password. The installed version of phpSecurePages allows remote attackers to control the 'cfgProgDir' variable used when including PHP code in several of the application's scripts. By leveraging this...

CVE-2005-2148

Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the...

DEBIAN-CVE-2005-2109

wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use...