CVE-2001-1025

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable e.g., by including mainfile.php, such as article.php...

CVE-2001-1091

The 1 dump and 2 dumplfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMDCMD environment variable...

Linux dump uses environment variables insecurely, allowing for root compromise

Overview Some implementations of the Linux backup utility, dump, call external programs on remote machines via the RSH environment variable. This may permit an attacker to compromise root if dump is setuid root. Description Some implementations of the Linux backup utility, dump, permit use of...

Aladdin Ghostscript LD_RUN_PATH environment variable allows libraries to be loaded from current directory

Overview Alladin Ghostscript, a previewer for postscript files, uses an insecure value for the LDRUNPATH environment variable. This allows attackers to supply malicious libraries to be loaded from the current directory. Description Alladin Ghostscript is a previewer for postscript files. In...

CVE-2001-0533

Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable...

CVE-2001-0548

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable...

3 phpnuke bugs (2 possibly lead to admin privs)

phpnuke www.phpnuke.org is an opensource webpage portal powers many websites on the net. Version 5.x of phpnuke does not properly check some variables, and is vulnerable to an attack that gives an intruder admin privileges. This is only possible if the intruder knows the database name that phpnuk...

Oracle 8/9i - DBSNMP Oracle Home Environment Variable Buffer Overflow

// source: https://www.securityfocus.com/bid/3138/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLEHOME environment variable is filled with 750 bytes or more, a buffer overflow occurs...

Oracle 89i - DBSNMP Oracle Home Environment Variable Buffer Overflow

Oracle 89i - DBSNMP Oracle Home Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/3138/info Oracle is an Enterprise level SQL database, supporting numerous features and options. It is distributed and maintained by Oracle Corporation. When the ORACLEHOME environment...

CVE-2001-1471

prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users to execute arbitrary PHP code via an invalid language value, which prevents the variables 1 $lstatsblock in prefs.php or 2 $lprivnotify in auth.php from being properly initialized, which can be modified by the user and later...

Solaris 2.67.0 - DTMail Mail Environment Variable Buffer Overflow

Solaris 2.67.0 - DTMail Mail Environment Variable Buffer Overflow // source: https://www.securityfocus.com/bid/3081/info dtmail is an application included with the Common Desktop Environment, one of the X Window Managers included with Solaris. A buffer overflow in dtmail makes it possible for a...

Debian glibc 2 symlink issue could allow arbitrary file overwriting

Overview Some versions of ld.so, the loader for shared libraries in UNIX/LINUX, do not properly clear risky environment variables, allowing a symlink attack to overwrite arbitrary files. Description LDDEBUGOUTPUT specifies a directory in which ld.so creates a file with a predictable name based on...

FreeBSD TOP Format String Vulnerability

Exploit for bsd platform in category local exploits ======================================= FreeBSD TOP Format String Vulnerability ======================================= / freebsd x86 top exploit affected under top-3.5beta9 including this version 1. get the address of .dtors from /usr/bin/top...

Переполнение буфера в xman (buffer overflow)

Переполнение буфера при разборе переменной MANPATH sgid man...

CVE-2001-1178

Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable...

CVE-2001-0422

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable...

CVE-2001-0423

Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ timezone environmental variable, a different vulnerability than CAN-2002-0093...

CVE-2001-0475

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter...

CVE-2001-0366

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program...

Solaris 8 libsldap - Local Buffer Overflow (2)

// source: https://www.securityfocus.com/bid/2931/info Solaris 8 ships with a shared library that implements LDAP functionality called 'libsldap'. This library is linked to by a number of system utilities, many of them installed setuid or setgid. Libsldap contains a buffer overflow vulnerability ...