Lucene search
K

7901 matches found

CVE
CVE
added 2002/03/09 5:0 a.m.45 views

CVE-1999-1142

SunOS 4.1.2 and earlier allows local users to gain privileges via LD_* environment variables affecting dynamically linked setuid/setgid programs (e.g., login, su, sendmail) by causing real and effective UIDs to the same user. This yields a local escalation with complete confidentiality and integr...

7.2CVSS7.4AI score0.00389EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.25 views

CVE-2001-0652

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long 1 XFILESEARCHPATH or 2 XUSERFILESEARCHPATH environmental variable...

6.8AI score0.00917EPSS
Exploits0References5
Cvelist
Cvelist
added 2002/03/09 5:0 a.m.25 views

CVE-2000-0892

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL...

6.2AI score0.01166EPSS
Exploits1References2
CVE
CVE
added 2002/03/09 5:0 a.m.61 views

CVE-2000-0892

CVE-2000-0892 describes a vulnerability where some telnet clients may disclose environment variables to remote telnet servers or via telnet: URLs, due to RFC 1572 (NEW-ENVIRON). The underlying issue is the ability of a server to request environment variables before authentication, potentially exp...

2.6CVSS6.2AI score0.01166EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.21 views

CVE-2001-0976

Vulnerability in HP Process Resource Manager PRM C.01.08.2 and earlier, as used by HP-UX Workload Manager WLM, allows local users to gain root privileges via modified libraries or environment variables...

6.6AI score0.00529EPSS
Exploits0References1
Cvelist
Cvelist
added 2002/02/02 5:0 a.m.25 views

CVE-2001-1076

Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long 1 SOR or 2 CFIME environment variable...

7.5AI score0.01398EPSS
Exploits1References5
CVE
CVE
added 2002/02/02 5:0 a.m.35 views

CVE-2001-0976

HP Process Resource Manager (PRM) C.01.08.2 and earlier, used by HP-UX Workload Manager (WLM), is vulnerable to local privilege escalation via manipulated libraries or environment variables. Root privileges can be gained by a local user due to the underlying insecure handling of library paths and...

7.2CVSS7AI score0.00529EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2002/01/31 5:0 a.m.22 views

CVE-2002-0043

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked...

7.2CVSS6.5AI score0.00938EPSS
Exploits0References13
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.49 views

Переполнение буфера в sastcpd (buffer overflow)

переполнение буфера, ошибка форматной строки, использование переменных пользователя для запуска внешних приложений...

2.4AI score
Exploits0References2Affected Software1
securityvulns
securityvulns
added 2002/01/31 12:0 a.m.31 views

sastcpd 8.0 'authprog' local root vulnerability

Hi, Several environment variable problems exist in the 'SAS Job Spawner for Open Systems version 8.00'. No other releases of the software were available to test. Sorry. authprog vulnerability ---------------------- The daemon passes a user-defined environment variable, 'authprog', to execve. This...

2AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2002/01/25 12:0 a.m.242 views

FastCGI Multiple Sample CGI XSS

Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...

5.5AI score
Exploits0
securityvulns
securityvulns
added 2002/01/16 12:0 a.m.26 views

Переполнение буфера в clanlib (buffer overflow)

Переполнение буфера при разборе переменных окружения...

2.8AI score
Exploits0References1Affected Software1
FreeBSD Advisory
FreeBSD Advisory
added 2002/01/16 12:0 a.m.7 views

FreeBSD-SA-02:06.sudo

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:06 Security Advisory FreeBSD, Inc. Topic: sudo port may enable local privilege escalation Category: ports Module: sudo Announced: 2002-01-16 Credits: Sebastian Krahmer...

5.8AI score
Exploits0
exploitpack
exploitpack
added 2002/01/14 12:0 a.m.19 views

Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation

Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation source: https://www.securityfocus.com/bid/3871/info Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems. It is maintained by Todd C. Miller. Under some...

1.4AI score
Exploits0
Debian
Debian
added 2001/12/16 1:42 a.m.17 views

[SECURITY] [DSA-094-1] mailman cross-site scripting problem

Package : mailman Problem type : cross-site scripting hole Debian-specific: no Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been...

5.8AI score
Exploits0
Debian
Debian
added 2001/12/05 2:33 p.m.13 views

[SECURITY] [DSA-091-1] OpenSSH UseLogin vulnerability

Package : ssh Problem type : influencing login Debian-specific: no If the UseLogin feature is enabled in for ssh local users could pass environment variables including variables like LDPRELOAD to the login process. This has been fixed by not copying the environment of UseLogin is enabled. Please...

5.8AI score
Exploits0
securityvulns
securityvulns
added 2001/11/27 12:0 a.m.39 views

Переполнения буфера в IODBC (buffer overflow)

Переполнение буфера при длинном имени DSN источника данных. Источник данных указывается через переменную окружения, что может привести к проблеме, например в случае неинициализированных переменных PHP...

1.9AI score
Exploits0References1
NVD
NVD
added 2001/10/18 4:0 a.m.19 views

CVE-2001-0739

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges...

7.2CVSS6.5AI score0.00393EPSS
Exploits0References3
CERT
CERT
added 2001/10/18 12:0 a.m.20 views

Php variables passed from the browser are stored in global context

Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...

7.8AI score
Exploits0References16
NVD
NVD
added 2001/10/08 4:0 a.m.25 views

CVE-2001-1128

Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the 1 PROMSGS or 2 PROTERMCAP environment variables...

7.2CVSS7.5AI score0.00712EPSS
Exploits0References3
Rows per page
Query Builder