Multiple PHP request parsing bugs

Invalid request parameters parsing leads to leakage of memory content and rewriting of internal variables...

Debian DSA-117-1 : cvs - improper variable initialization

Kim Nielsen recently found an internal problem with the CVS server and reported it to the vuln-dev mailing list. The problem is triggered by an improperly initialized global variable. A user exploiting this can crash the CVS server, which may be accessed through the pserver service and running...

@lex Guestbook (PHP) Include file

Informations : °°°°°°°°°°°°°° Website : http://www.alexphpteam.com Version : all Problem : Include file PHP Code/Location : °°°°°°°°°°°°°°°°°°° ./include/livreinclude.php ------------------------------------------------------------------ if !$noconnect.... some include functions...

CVE-2004-0747

Buffer overflow in Apache 2.0.50 and earlier allows local users to gain apache privileges via a .htaccess file that causes the overflow during expansion of environment variables...

GLSA-200409-18 : cdrtools: Local root vulnerability in cdrecord if set SUID root

The remote host is affected by the vulnerability described in GLSA-200409-18 cdrtools: Local root vulnerability in cdrecord if set SUID root Max Vozeler discovered that the cdrecord utility, when set to SUID root, fails to drop root privileges before executing a user-supplied RSH program. By...

cdrecord fails to set proper permissions on programs specified in RSH environment variable

Overview Cdrecord can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Cdrecord is an application used to create data or audio compact discs. Cdrecord permits the use of CD recorders on remote machine...

star fails to set proper permissions on programs specified in RSH environment variable

Overview Star can call external programs specified by the RSH environment variable. This may permit a malicious local user to gain elevated privileges. Description Star is a tape archiving program similar to tar. Star permits the use of storage devices on remote machines via an access program on...

apache -- ap_resolve_env buffer overflow

SITIC discovered a vulnerability in Apache 2's handling of environmental variable settings in the httpd configuration files the main httpd.conf' and .htaccess' files. According to a SITIC advisory: The buffer overflow occurs when expanding $ENVVAR constructs in .htaccess or httpd.conf files. The...

CVE-2004-0806

cdrecord in the cdrtools package before 2.01, when installed setuid root, does not properly drop privileges before executing a program specified in the RSH environment variable, which allows local users to gain privileges...

CVE-2004-1683

A race condition in crrtrap for QNX RTP 6.1 allows local users to gain privileges by modifying the PATH environment variable to reference a malicious io-graphics program before is executed by crrtrap...

IlohaMail index.php init_lang Parameter Arbitrary File Access

The target is running at least one instance of IlohaMail version 0.7.10 or earlier. Such versions contain a flaw in the processing of the language variable that allows an unauthenticated attacker to retrieve arbitrary files available to the web user. %NASLMINLEVEL 70300 This script was written by...

Important: Red Hat Security Advisory: httpd security update

Updated httpd packages that include a security fix for modssl and various enhancements are now available. The Apache HTTP server is a powerful, full-featured, efficient, and freely-available Web server. An input filter bug in modssl was discovered in Apache httpd version 2.0.50 and earlier. A...

CVE-2002-1414

Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMINTEMPLATEDIR environment variable...

CVE-2001-0548

CVE-2001-0548 describes a buffer overflow in Solaris 2.6/7’s dtmail MUA triggered by the MAIL environment variable, allowing local users to gain privileges. Affected component: dtmail; impact: local privilege escalation (to the mail group). Underlying cause: insufficient boundary checking of envi...

CVE-2003-0088

TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information...

CVE-2002-1469

scponly does not properly verify the path when finding the 1 scp or 2 sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs...

CVE-2001-0423

CVE-2001-0423 concerns a buffer overflow in Solaris 7 x86 ‘ipcs’ that local users can exploit by supplying a long TZ environment variable, enabling arbitrary code execution on the affected host. The vulnerability is specific to Solaris 7 x86; it is described as a local privilege escalation/vector...

CVE-2002-1323

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in 1 Safe::reval or 2 Safe::rdo using a redefined @ variable, which is not reset between successive calls...

CVE-2004-0089

Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable...

CVE-2002-1239

The CVE-2002-1239 issue affects QNX Neutrino RTOS 6.2.0 where a setuid root packager uses external commands without full paths, causing local privilege escalation by manipulating PATH to point to a malicious cp. The underlying problem is unvalidated PATH-based execution of external binaries, enab...