9447 matches found
CVE-2000-1184
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file...
CVE-2000-1125
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program...
CVE-2000-1163
ghostscript before 5.10-16 uses an empty LDRUNPATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript...
Дырка в gtk+ (GTK_MODULES)
Пользователь может указать расположение библиотек через переменную GTKMODULES...
GTK+ 1.2.8 - Arbitrary Loadable Module Execution
// source: https://www.securityfocus.com/bid/2165/info GTK+ is the Gimp Toolkit, freely available to the public and maintained by the GTK Development Team. A problem exists in the Gimp Toolkit that could allow a user elevated privileges. The problem occurs in the ability to load modules with the...
xconq7.4.1 exploit.
i saw some mention of xconq on bugtraq, but no exploit. decided to take a lookie at it...took a little more work than expected to successfully exploitwithout a display, but none-the-less: originalunwarpped/working: http://realhalo.org/xxconq.c xxconq.cwrapped:...
CVE-2000-1125
restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program...
CVE-2000-0994
Format string vulnerability in OpenBSD fstat program and possibly other BSD-based operating systems allows local users to gain root privileges via the PWD environmental variable...
CVE-2000-0986
Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, onrsd, osslogin, tnslsnr, tnsping, trcasst, and trcroute possibly allow local users to gain privileges via a long ORACLEHOME environmental variable...
CVE-2000-0976
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter...
CVE-2000-1125
CVE-2000-1125 affects Red Hat Linux 6.2 where the restore utility trusts the pathname in the RSH environment variable. A local attacker can set RSH to a Trojan horse program, potentially gaining root privileges. The vulnerability arises from unvalidated use of RSH in invoking external programs (r...
CVE-2000-0918
Format string vulnerability in kvt in KDE 1.1.2 may allow local users to execute arbitrary commands via a DISPLAY environmental variable that contains formatting characters...
CVE-2000-1013
The setlocale function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable...
CVE-2000-1012
The catopen function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to read arbitrary files via the LANG environmental variable...
CVE-2000-1001
add2basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable...
CVE-2000-1009
dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program...
Дырка в phpWebLog
Из-за некорректной инициализации переменных пользователь может получить доступ к администрированию...
BSDi 3.0 inc - Local Buffer Overflow / Local Privilege Escalation
/ BSDiincmh buffer overflow, by [email protected]. this is will give you euid=0root on BSDi/3.0 systems. / define PATH "/usr/contrib/mh/bin/inc" / path to inc on BSDi/3.0 / define BUFFER 2048 / no need to change this. / define DEFAULTOFFSET -7000 / generalized offset. / static char exec=...
GLIBC (via /bin/su) Local Root Exploit
Exploit for linux platform in category local exploits ====================================== GLIBC via /bin/su Local Root Exploit ====================================== / Working exploit for glibc executing /bin/su To exploit this i have used a technique that overwrites the .dtors section of...
CVE-2000-1013
The CVE-2000-1013 entry describes a local file read vulnerability in setlocale affecting FreeBSD/5.0 and earlier (and possibly other OSes), where an attacker can read arbitrary files via the LANG environment variable. The NVD entry lists a base CVSS v2 score of 7.2 (HIGH) with local access, low a...