CVE-2000-0460

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable...

KDE 1.1/1.1.1/1.1.2/1.2 - kdesud DISPLAY Environment Variable Overflow

// source: https://www.securityfocus.com/bid/1274/info /usr/bin/kdesud has a DISPLAY environment variable overflow which could allow for the execution of arbitrary code. / KDE: /usr/bin/kdesud exploit by noir x86/Linux [email protected] | [email protected] DISPLAY env overflow this script will...

Дырка в kcsd под Linux

kcsd использует внешний shell определяемый переменной SHELL, которая задается пользователем. Таким образом, подменив SHELL можно получить привелегии группы disk, позволяющие менять разрешения любых файлов...

CVE-2000-0393

The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute...

KDE 1.1/1.1.1/1.2/2.0 kscd - SHELL Environmental Variable

source: https://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This makes it possible to obtain a sgid 'disk' shell. Using...

KDE 1.11.1.11.22.0 kscd - SHELL Environmental Variable

KDE 1.11.1.11.22.0 kscd - SHELL Environmental Variable source: https://www.securityfocus.com/bid/1206/info Some linux distributions S.u.S.E. 6.4 reported ship with kscd a CD player for the KDE Desktop sgid disk. kscd uses the contents of the 'SHELL' environment variable to execute a browser. This...

Black Watch Labs Vulnerability Alert

Dear Security Professional, The following vulnerability: "Environment and setup variables can be viewed through FormMail script" is in the text of the message below and has just been posted to the Black Watch Labs Web site at http://www.perfectotech.com/blackwatchlabs/ Thank you, Black Watch Labs...

Matt Wright FormMail 1.6/1.7/1.8 - Environmental Variables Disclosure

source: https://www.securityfocus.com/bid/1187/info An unauthorized remote user is capable of obtaining CGI environmental variable information from a web server running Matt Wright FormMail by requesting a specially formed URL that specifies the email address to send the details to. This is...

Переполнение буфера в gnomelib из SuSE

Переполнение буфера при разборе переменной DISPLAY...

CVE-2000-0340

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable...

CVE-1999-0706

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables...

CVE-2000-0288

CVE-2000-0288 affects Infonautics getdoc.cgi. The vulnerability allows remote attackers to bypass the payment phase for accessing documents by altering a form variable. The available sources confirm the existence and description of this issue but do not provide concrete details on affected versio...

CVE-1999-0781

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables...

CVE-1999-0782

KDE kppp is affected by CVE-1999-0782. Local users can create a directory in an arbitrary location by manipulating the HOME environment variable. The core issue is the use of HOME to determine user directories, enabling an attacker with local access to create files/directories outside their inten...

CVE-1999-0782

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable...

Переполнение буфера в CMD

Тривиальное переполнение буфера при слишком большой переменной окружения...

CVE-2000-0331

Buffer overflow in Microsoft command processor CMD.EXE for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability...

CVE-1999-0906

The CVE-1999-0906 entry describes a local buffer overflow in sccw that allows escalation to root via the HOME environment variable. The connected KITPLOIT reference mentions an attack example and lists CVE-1999-0906, but none of the provided documents specify the affected product/vendor/version, ...

CVE-1999-0888

The CVE-1999-0888 entry concerns dbsnmp in Oracle Intelligent Agent. Local users can gain privileges by manipulating the ORACLE_HOME environment variable, which dbsnmp uses to locate the nmiconf.tcl script. The vulnerability affects the component responsible for Oracle Agent operations and has a ...

CVE-1999-0906

Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable...