CVE-2002-1659

CVE-2002-1659 affects PortalApp 2.2 where user_profile.asp allows local users to gain privileges by modifying the user_id variable. The root cause is manipulating a user_id parameter in the profile page, enabling local privilege escalation with complete impact on confidentiality, integrity, and a...

CVE-2004-1937

Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1.5b allow remote attackers to read or include arbitrary files via .. sequences in 1 the userlangue parameter to index.php or 2 the langue parameter to update.php, or modify arbitrary GLOBAL variables by causing globals.php to be...

NukeET 3.0/3.1 - Base64 Codigo Variable Cross-Site Scripting

source: https://www.securityfocus.com/bid/13570/info NukeET is prone to a cross-site scripting vulnerability. The source of this issue is that HTML and script code is not properly sanitized from URI variables before being output in a dynamically generated Web page. However, to successfully trigge...

Multiple vulnearabilities in e107 cms

Software: http://www.e107.org Author: Heintz Advisory origin: http://www.waraxe.us Software bugtracker: http://e107.org/e107plugins/bugtracker2/bugtracker2.php?0.bug.558 e107 v 0.617 search.php line 142 if$POST'searchquery' echo "div...

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable...

CVE-2005-1336

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable...

CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to 1 wservice or 2 lockmgr...

CVE-2005-0106

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGDPATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file...

CVE-2005-1395

CVE-2005-1395 affects Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier. The vulnerability is a buffer overflow that can allow local users to gain privileges when a long environment variable (XAPPLRESLANGPATH or XAPPLRESDIR) is set or via a long command line argument. The Red Hat and NVD entries confirm...

CVE-2005-1394

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to 1 wservice or 2 lockmgr...

CVE-2005-1019

Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable...

CVE-2005-0497

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory...

CVE-2005-1395

Buffer overflow in Ce/Ceterm aka ARPUS/Ce 2.5.4 and earlier may allow local users to gain privileges via a long 1 XAPPLRESLANGPATH or 2 XAPPLRESDIR environment variable, or 3 command line argument...

PT-2005-2391 · Esri · Esri Arcinfo Workstation

Name of the Vulnerable Software and Affected Versions: ESRI ArcInfo Workstation version 9.0 Description: The issue allows local users to gain privileges via format string specifiers in the ARCHOME environment variable, affecting components such as wservice or lockmgr. Recommendations: For ESRI...

ARPUSCe - Local Overflow (setuid) (Perl)

ARPUSCe - Local Overflow setuid Perl !/usr/bin/perl -w Setuid ARPUS/ce exploit by KF - kflistsatdigitalmunitiondotcom - 4/21/05 Copyright Kevin Finisterre kfinisterre@threat:/tmp$ ./ceex.pl sh-2.05b id uid=0root gid=1000kfinisterre groups=20dialout,24cdrom,25floppy,29audio,44video,1000kfinisterre...

WoltLab Burning Board <= 2.3.1 PL2 - XSS Vulnerability (24.04.05)

WoltLab Burning Board = 2.3.1 PL2 - XSS Vulnerability Vendor: WoltLab URL: http://www.woltlab.de/ Version: = 2.3.1 PL 2 Type: XSS Discovered by R and deluxe89 Description: -------------------------------- The WoltLab Burning Board is a high customisable forum software for every kind of use. See 1...

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...

CVE-2001-1457

Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote attackers to execute arbitrary code via a long HTTPUSERAGENT CGI environment variable...

CVE-1999-1580

SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding host argument, which allows local users to gain root privileges by modifying the IFS Internal Field Separator variable and passing crafted values to the -oR option...

jportal231.txt

Hello BugTraq, I've found possibility to inject sql code in jPortal version 2.3.1, in module "banner" module/banner.inc.php. Bug is in these lines of code: code $query = "SELECT FROM $bannatbl WHERE title='$haslo' ORDER BY id DESC"; /code - line 192. There is unfiltered variable $haslo. In order ...