9447 matches found
Переполнение буфера в ncurses
Переполнение буфера в библиотеке ncurses при разборе переменной среды TERMCAP...
phpix 1.0 - Directory Traversal
phpix 1.0 - Directory Traversal source: https://www.securityfocus.com/bid/1773/info PHPix is a web-based photo-album system written in PHP. It is vulnerable to an attack that allows a malicious remote user to view arbitrary files on the target webserver with the privileges of the webserver. The...
Серьезная уязвимость многих Unix через locale в glibc
Функции работы с locale позволяют пользователям создавать пользовательские отображения строк, при этом не проверяется наличие форматных символов. Функции locale используются многими suid-приложениями. В некоторых случаях проблема становится удаленной из-за некорректной обработки переменных...
OpenBSD 2.x - fstat Format String
OpenBSD 2.x - fstat Format String // source: https://www.securityfocus.com/bid/1746/info fstat is a program shipped with BSD unix variants that is used to list the open files on a system. It is installed sgid kmem so it can access information about open files from the kernel memory structures. A...
Дырка в catopen (libc)
В дополнение к ошибке форматной строки в catopen/setlocale в catopen так же имеется переполнение буфера при разборе локальных переменных окружения...
telnet and rlogin URLs disclose sensitive information, including Environment variables
Overview Some telnet clients may disclose sensitive information in environment variables Description Web browsers can be configured to respond to certian protocol types through the use of a helper application. In this case, web browsers can respond to telnet: URLs with the use of a helper...
tco.txt
Synnergy Laboratories Advisory SLA-2000-14 NAME BSD/Linux telnet client overflow AFFECTED Linux Debian Redhat Mandrake Slackware possibly others BSD FreeBSD possible others SYNOPSIS Synnergy Labs has found a bug in the telnet client that causes a stack overflow by filling the DISPLAY environment...
Horde library Bug part 2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Horde Library $from Bug part 2 + How to exploit with IMP and Sendmail Description: The Fix of the first detected problem with the $from variable in the horde library was just escaping shellchars which avoids directly executing commands. It is still...
Unsafe passing of variables to mailform.pl in MailForm V2.0
Title: Unsafe passing of variables to mailform.pl in MailForm V2.0 For Unix or NT Advisory Author: Karl Hanmore [email protected] Script URL: http://rlaj.com/scripts/mailform Script Author: Ranson Johnson Advisory Released: 11 September 2000 Vendor notified: [email protected] 05 Sept...
Screen 3.9.5 vulnerability again.
Hi all as mentioned in previous postings, screen versions = 3.9.5 which are installed suid root are vulnerable to a malformed user supplied vbellmsg string attack. I looked at the source of screen-3.9.5 and found that the vulnerable call to Msg moved to another place and that there is no longer a...
Libc locale - Local Privilege Escalation (2)
Libc locale - Local Privilege Escalation 2 / source: https://www.securityfocus.com/bid/1634/info ectiva 4.x/5.x,Debian 2.x,IBM AIX 3.x/4.x,Mandrake 7,RedHat 5.x/6.x,IRIX 6.x, Solaris 2.x/7/8,Turbolinux 6.x,Wirex Immunix OS 6.2 Locale Subsystem Format String Many UNIX operating systems provide...
CGI Script Center Auction Weaver 1.0.2 - Remote Command Execution
source: https://www.securityfocus.com/bid/1645/info CGI Script Center's Auction Weaver does not verify the validity of the value in the variable 'fromfile'. Therefore it is possible to perform arbitrary commands on a remote system under the UID of the http daemon by altering the variable...
IRIX 6.5.x - '/usr/sbin/dmplay' Local Buffer Overflow
/ source: https://www.securityfocus.com/bid/1528/info Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the way the program handles the DISPLAY variable for th...
IRIX 6.5.x - usrsbindmplay Local Buffer Overflow
IRIX 6.5.x - usrsbindmplay Local Buffer Overflow / source: https://www.securityfocus.com/bid/1528/info Certain versions of IRIX ship with a version of dmplay which is vulnerable to a buffer overflow attack. The program, dmplay, is used to play movie files under IRIX. The problem at hand is the wa...
Tech-Source Raptor GFX PGX32 2.3.1 - Config Tool
Tech-Source Raptor GFX PGX32 2.3.1 - Config Tool source: https://www.securityfocus.com/bid/1563/info Raptor GFX cards are designed to handle 24-bit true color applications such as Netscape, seismic, geographical information systems GIS, satellite imaging, pre-press imaging and general desktop use...
Tech-Source Raptor GFX PGX32 2.3.1 - Config Tool
source: https://www.securityfocus.com/bid/1563/info Raptor GFX cards are designed to handle 24-bit true color applications such as Netscape, seismic, geographical information systems GIS, satellite imaging, pre-press imaging and general desktop use. They can also be used for high resolution 8-bit...
CVE-2000-0617
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long USER environmental variable...
CVE-2000-0618
Buffer overflow in xconq and cconq game programs on Red Hat Linux allows local users to gain additional privileges via long DISPLAY environmental variable...
Nokia 7110 Wap Browser Hole
Ok, so this may be slighly off topic for this forum, but I though id post it anyway. The nokia 7110 wap browser will happily pass form varibles that were entered once to another site later on in the same session? Not sure how long it stores them for The problem is that the Nokia recognises forms...
CVE-2000-0393
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute...