7901 matches found
CVE-1999-1142
SunOS 4.1.2 and earlier allows local users to gain privileges via LD_* environment variables affecting dynamically linked setuid/setgid programs (e.g., login, su, sendmail) by causing real and effective UIDs to the same user. This yields a local escalation with complete confidentiality and integr...
CVE-2001-0652
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long 1 XFILESEARCHPATH or 2 XUSERFILESEARCHPATH environmental variable...
CVE-2000-0892
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL...
CVE-2000-0892
CVE-2000-0892 describes a vulnerability where some telnet clients may disclose environment variables to remote telnet servers or via telnet: URLs, due to RFC 1572 (NEW-ENVIRON). The underlying issue is the ability of a server to request environment variables before authentication, potentially exp...
CVE-2001-0976
Vulnerability in HP Process Resource Manager PRM C.01.08.2 and earlier, as used by HP-UX Workload Manager WLM, allows local users to gain root privileges via modified libraries or environment variables...
CVE-2001-1076
Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows local users to execute arbitrary code via a long 1 SOR or 2 CFIME environment variable...
CVE-2001-0976
HP Process Resource Manager (PRM) C.01.08.2 and earlier, used by HP-UX Workload Manager (WLM), is vulnerable to local privilege escalation via manipulated libraries or environment variables. Root privileges can be gained by a local user due to the underlying insecure handling of library paths and...
CVE-2002-0043
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked...
Переполнение буфера в sastcpd (buffer overflow)
переполнение буфера, ошибка форматной строки, использование переменных пользователя для запуска внешних приложений...
sastcpd 8.0 'authprog' local root vulnerability
Hi, Several environment variable problems exist in the 'SAS Job Spawner for Open Systems version 8.00'. No other releases of the software were available to test. Sorry. authprog vulnerability ---------------------- The daemon passes a user-defined environment variable, 'authprog', to execve. This...
FastCGI Multiple Sample CGI XSS
Two sample CGI's supplied with FastCGI are vulnerable to cross-site scripting attacks. FastCGI is an 'open extension to CGI that provides high performance without the limitations of server specific APIs', and is included in the default installation of the 'Unbreakable' Oracle9i Application Server...
Переполнение буфера в clanlib (buffer overflow)
Переполнение буфера при разборе переменных окружения...
FreeBSD-SA-02:06.sudo
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-02:06 Security Advisory FreeBSD, Inc. Topic: sudo port may enable local privilege escalation Category: ports Module: sudo Announced: 2002-01-16 Credits: Sebastian Krahmer...
Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation
Sudo 1.6.3 - Unclean Environment Variable Privilege Escalation source: https://www.securityfocus.com/bid/3871/info Sudo is a freely available, open source permissions management software package available for the Linux and Unix operating systems. It is maintained by Todd C. Miller. Under some...
[SECURITY] [DSA-094-1] mailman cross-site scripting problem
Package : mailman Problem type : cross-site scripting hole Debian-specific: no Barry A. Warsaw reported several cross-site scripting security holes in Mailman, due to non-existent escaping of CGI variables. These have been fixed upstream in version 2.0.8, and the relevant patches have been...
[SECURITY] [DSA-091-1] OpenSSH UseLogin vulnerability
Package : ssh Problem type : influencing login Debian-specific: no If the UseLogin feature is enabled in for ssh local users could pass environment variables including variables like LDPRELOAD to the login process. This has been fixed by not copying the environment of UseLogin is enabled. Please...
Переполнения буфера в IODBC (buffer overflow)
Переполнение буфера при длинном имени DSN источника данных. Источник данных указывается через переменную окружения, что может привести к проблеме, например в случае неинициализированных переменных PHP...
CVE-2001-0739
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges...
Php variables passed from the browser are stored in global context
Overview Php is a dynamic scripting language used by programmers to develop webservers, message boards, chat applications and a variety of programs. By default php stores variables passed from the URL in a global context. Programmers often fail to change this setting which can allow serious...
CVE-2001-1128
Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the 1 PROMSGS or 2 PROTERMCAP environment variables...