CVE-2002-2099

Buffer overflow in the GNU DataDisplay Debugger DDD 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE...

CVE-2002-1757

PHProjekt 2.0 through 3.1 relies on the $PHPSELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATHINFO portion of the $PHPSELF variable, as demonstrated using...

CVE-2002-1988

Resin 2.1.1 allows remote attackers to cause a denial of service memory consumption and hang via a URL with long variables for non-existent resources...

CVE-2002-2167

Directory traversal vulnerability in functionfoot1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. dot dot sequences terminated by a null character in the $designNo variable, which is part of an "include" function call...

CVE-2002-2087

Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling 1 gdsdrop, 2 gdslockmgr, or 3 gdsinetserver...

Emacs 2.1 - Local Variable Arbitrary Command Execution

Emacs 2.1 - Local Variable Arbitrary Command Execution source: https://www.securityfocus.com/bid/15375/info Emacs is susceptible to an arbitrary command execution vulnerability with local variables. This issue is due to insufficient sanitization of user-supplied input. By modifying a text file to...

HP-UX 11.0/11.11 - 'swxxx' Privilege Escalation

/ Program : xhpux11isw.c Use : HP-UX 11.11/11.0 exploit swxxx to get local root shell. Complie : cc xhpux11isw.c -o xsw;./xsw not use gcc for some system Usage : ./xsw off Tested : HP-UX B11.11 & HP-UX B11.0 Author : watercloud @ xfocus.org Date : 2002-12-11 Note : Use as your own risk !! / inclu...

CVE-2002-1247

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon...

News Evolution 1.02.0 - Include Undefined Variable Command Execution

News Evolution 1.02.0 - Include Undefined Variable Command Execution source: https://www.securityfocus.com/bid/6260/info News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems. The problem occurs in t...

News Evolution 1.0/2.0 - Include Undefined Variable Command Execution

source: https://www.securityfocus.com/bid/6260/info News Evolution is a freely available, open source news software package. It is written in PHP, and designed for use on Unix and Linux operating systems. The problem occurs in the affnews.php file. By loading this file, and defining the chemin...

CVE-2002-1247

Buffer overflow in LISa/LISa-derived resLISa (KDE LAN browsing) allows local users to exploit through an overly long LOGNAME environment variable, enabling control of the resLISa process or related access. The vulnerability is triggered during parsing of LOGNAME, and exposed both in LISa and its ...

CVE-2002-1247

Buffer overflow in LISa allows local users to gain access to a raw socket via a long LOGNAME environment variable for the resLISa daemon...

KDE resLISa buffer overflow

Buffer overflow on oversized LOGNAME environment variable...

DSA-193 kdenetwork - buffer overflow

Bulletin has no description...

Solaris 2.6/7/8 - 'TTYPROMPT in.telnet' Remote Authentication Bypass

Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the environment variable TTYPROMPT to a 6-character string, inside telnet...

Solaris 2.678 - TTYPROMPT in.telnet Remote Authentication Bypass

Solaris 2.678 - TTYPROMPT in.telnet Remote Authentication Bypass Solaris TTYPROMPT Security Vulnerability Telnet This vulnerability is very simple to exploit, since it does not require any code to be compiled by an attacker. The vulnerability only requires the attacker to simply define the...

CVE-2002-0905

Buffer overflow in sqlexec for Informix SE-7.25 allows local users to gain root privileges via a long INFORMIXDIR environment variable...

solaris.login.txt

Hello, Solaris 2.6, 7, and 8 /bin/login has a vulnerability involving the environment variable TTYPROMPT. This vulnerability has already been reported to BugTraq and a patch has been released by Sun. However, a very simple exploit, which does not require any code to be compiled by an attacker,...

CVE-2002-1128

Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows local users to execute arbitrary code via a long MH environment variable...

CVE-2002-1604

Multiple buffer overflows in HP Tru64 UNIX allow local and possibly remote attackers to execute arbitrary code via a long NLSPATH environment variable to 1 csh, 2 dtsession, 3 dxsysinfo, 4 imapd, 5 inc, 6 uucp, 7 uux, 8 rdist, or 9 deliver...