CVE-1999-0781

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables...

textcounter.pl 1.2 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/2265/info textcounter.pl is distributed through Matt's Scripts archive, and provides added features to httpd servers such as counters, guestbooks, and http cookie management. Due to insufficient checking of entered characters, it is possible for a remote...

CVE-1999-1490

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable...

CVE-1999-1096

Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable...

CVE-1999-1040

Vulnerabilities in 1 ipxchk and 2 ipxlink in NetWare Client 1.0 on IRIX 6.3 and 6.4 allows local users to gain root access via a modified IFS environmental variable...

Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow

Armidale Software Yapp Conferencing System 2.2 - Local Buffer Overflow // source: https://www.securityfocus.com/bid/365/info Armidale Software's Yapp Conferencing System is vulnerable to an environment variable related buffer overflow vulnerability in at least the Linux version. The consequence o...

Linux libc 5.3.12 (RedHat Linux 4.0 Slackware Linux 3.1) - libc NLSPATH

Linux libc 5.3.12 RedHat Linux 4.0 Slackware Linux 3.1 - libc NLSPATH // source: https://www.securityfocus.com/bid/379/info There is a serious vulnerability in linux libc affecting all Linux distributions using libc 5.2.18 and below. The vulnerability is centered around the NLSPATH environment...

CVE-1999-0192

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable...

PT-1997-1089 · Unknown · Telnet Daemon

Name of the Vulnerable Software and Affected Versions: telnet daemon affected versions not specified Description: The issue is related to a buffer overflow in the telnet daemon's tgetent routing, which allows remote attackers to gain root access. This is achieved via the TERMCAP environmental...

IRIX 5.36.x - usrbinmail Local Buffer Overflow

IRIX 5.36.x - usrbinmail Local Buffer Overflow / source: https://www.securityfocus.com/bid/1542/info The mail1 program, also know as mailatt, is used to read or send email. A buffer overflow condition exists in code that handles the LOGNAME environment variable. This could be exploited to elevate...

IRIX 5.3/6.x - '/usr/bin/mail' Local Buffer Overflow

/ source: https://www.securityfocus.com/bid/1542/info The mail1 program, also know as mailatt, is used to read or send email. A buffer overflow condition exists in code that handles the LOGNAME environment variable. This could be exploited to elevate privileges. / / copyright LAST STAGE OF DELIRI...

SGI IRIX 6.2 - libgl.so Local Buffer Overflow

SGI IRIX 6.2 - libgl.so Local Buffer Overflow / source: https://www.securityfocus.com/bid/1527/info Certain versions of IRIX ship with a version libgl.so which is vulnerable to buffer overflow attacks. This library, libgl.so, is used in conjunction with graphical programs which use OpenGL. As a...

CVE-1999-1399

spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed...

zgv - $HOME Local Buffer Overflow

zgv - $HOME Local Buffer Overflow / zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop into a normal unpriviledged shell. Go Figure.... $ cp zgvexploit.c n.c $ cc ...

zgv - '$HOME' Local Buffer Overflow

/ zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop into a normal unpriviledged shell. Go Figure.... $ cp zgvexploit.c n.c $ cc -o n n.c $ ./n Oak driver: Unknown...

zgv $HOME overflow

Exploit for linux platform in category local exploits ================== zgv $HOME overflow ================== / zgv exploit coded by BeastMaster V on June 20, 1997 USAGE: For some strage reason, the filename length of this particular exploit must me one character long, otherwise you will be drop...

CVE-1999-1483

Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local users to execute arbitrary code via a long HOME environment variable...

CVE-1999-1232

Untrusted search path vulnerability in day5datacopier in SGI IRIX 6.2 allows local users to execute arbitrary commands via a modified PATH environment variable that points to a malicious cp program...

CVE-1999-1184

Buffer overflow in Elm 2.4 and earlier allows local users to gain privileges via a long TERM environmental variable...

Elm 2.3/2.4 - TERM Environment Variable Local Buffer Overrun

source: https://www.securityfocus.com/bid/8030/info A buffer overrun has been discovered in Elm. The problem occurs due to insufficient bounds checking performed before copying user-supplied data into an internal memory buffer. Specifically, a TERM environment variable containing excessive data...