Searching variable software vulnerabilities

Buffer overflow in Solaris libc, ufsrestore, an

environmental | LC_MESSAGES | ufsrestore | variable | overflow | Solaris | Buffer | libc | rcp | via |

Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES environmental variable.


Solaris chkperm allows local users to read file

environmental | variable | symlink | chkperm | Solaris | allows | attack | VMSYS | files | users | local | owned | read | bin | via |

Solaris chkperm allows local users to read files owned by bin via the VMSYS environmental variable and a symlink attack.


Buffer overflow in FreeBSD seyon via HOME envir

environmental | -emulator | argument | overflow | variable | FreeBSD | -modems | Buffer | seyon | HOME | GUI | via |

Buffer overflow in FreeBSD seyon via HOME environmental variable, -emulator argument, -modems argument, or the GUI.


Buffer overflow in kscreensaver in KDE klock al

environmental | kscreensaver | privileges | variable | overflow | Buffer | allows | users | local | klock | long | HOME | root | gain | KDE | via |

Buffer overflow in kscreensaver in KDE klock allows local users to gain root privileges via a long HOME environmental variable.


Buffer overflow in kppp in KDE allows local use

environmental | variable | overflow | access | allows | Buffer | users | local | long | PATH | gain | kppp | root | via | KDE |

Buffer overflow in kppp in KDE allows local users to gain root access via a long PATH environmental variable.


dump in Red Hat Linux 6.2 trusts the pathname s

environmental | privileges | specified | modifying | variable | pathname | program | allows | trusts | obtain | Trojan | point | horse | users | which | Linux | local | dump | root | Red | RSH | Hat |

dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.


restore 0.4b15 and earlier in Red Hat Linux 6.2

environmental | privileges | modifying | specified | pathname | variable | restore | earlier | program | allows | obtain | trusts | Trojan | 04b15 | horse | point | which | Linux | local | users | root | Hat | Red | RSH |

restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname specified by the RSH environmental variable, which allows local users to obtain root privileges by modifying the RSH variable to point to a Trojan horse program.


PHP-Nuke 5.x allows remote attackers to perform

operations | arbitrary | modifying | attackers | PHP-Nuke | "prefix" | variable | calling | scripts | already | perform | prefix | allows | remote | define | SQL | any | not |

PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL operations by modifying the "prefix" variable when calling any scripts that do not already define the prefix variable (e.g., by including mainfile.php), such as article.php.


Perlbot 1.9.2 allows remote attackers to execut

Perlbot |

Perlbot 1.9.2 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $text variable in SpelCheck.pm or (2) the $filename variable in HTMLPlog.pm.


misc.cpp in KPopup 0.9.1 trusts the PATH variab

misccpp | KPopup |

misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killall, which allows local users to elevate their privileges by modifying the PATH variable to reference a malicious killall program.


Multiple cross-site scripting (XSS) vulnerabili

cross-site | scripting | Multiple |

Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or script via (1) the $mailer variable in read_body.php, (2) the $senderNames_part variable in mailbox_display.php, and possibly other vectors including (3) the $event_title variable or (4) the $event_text variable.


phpBB 2.0.17 and earlier allows remote attacker

phpBB |

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.


process.php in DocMGR 0.54.2 does not initializ

processphp | DocMGR |

process.php in DocMGR 0.54.2 does not initialize the $siteModInfo variable when a direct request is made, which allows remote attackers to include arbitrary local files or possibly remote files via a modified includeModule and siteModInfo variable.


Multiple SQL injection vulnerabilities in Geekl

vulnerabilities | injection | Multiple | Geeklog | SQL |

Multiple SQL injection vulnerabilities in Geeklog 1.4.0 before 1.4.0sr1 and 1.3.11 before 1.3.11sr4 allow remote attackers to inject arbitrary SQL commands via the (1) userid variable to users.php or (2) sessid variable to lib-sessions.php.


Dynamic variable evaluation vulnerability in in

vulnerability | configuration | parameters | evaluation | variables | overwrite | attackers | evaluated | variable | indexphp | Dynamic | Jetbox | allows | remote | which | PHP | CMS | SR1 | via | URL |

Dynamic variable evaluation vulnerability in index.php in Jetbox CMS 2.1 SR1 allows remote attackers to overwrite configuration variables via URL parameters, which are evaluated as PHP variable variables.


The mosgetparam implementation in Joomla! befor

implementation | mosgetparam | before | Joomla |

The mosgetparam implementation in Joomla! before 1.0.10, does not set a variable's data type to integer when the variable's default value is numeric, which has unspecified impact and attack vectors, which may permit SQL injection attacks.


Variable extraction vulnerability in include/co

include/commonphp | vulnerability | extraction | Variable | exV2 |

Variable extraction vulnerability in include/common.php in exV2 2.0.4.3 and earlier allows remote attackers to overwrite arbitrary program variables and conduct directory traversal attacks to execute arbitrary code by modifying the $xoopsOption['pagetype'] variable.


The WDDX deserializer in the wddx extension in

deserializer | extension | before | WDDX | PHP |

The WDDX deserializer in the wddx extension in PHP 5 before 5.2.1 and PHP 4 before 4.4.5 does not properly initialize the key_length variable for a numerical key, which allows context-dependent attackers to read stack memory via a wddxPacket element that contains a variable with a string name before a numerical variable.


Integer overflow in the 16 bit variable referen

context-dependent | CVE-2007-1286 | overflowing | arbitrary | attackers | destroyed | reference | overflow | variable | related | execute | counter | Integer | causes | allows | twice | issue | which | code | same | PHP | bit |

Integer overflow in the 16 bit variable reference counter in PHP 4 allows context-dependent attackers to execute arbitrary code by overflowing this counter, which causes the same variable to be destroyed twice, a related issue to CVE-2007-1286.


Variable extraction vulnerability in grab_globa

grab_globalsphp | vulnerability | extraction | Variable | Dynamic | Portal | System | Net |

Variable extraction vulnerability in grab_globals.php in Net Portal Dynamic System (NPDS) 5.10 and earlier allows remote attackers to conduct SQL injection attacks via the _FILES[DB][tmp_name] parameter to print.php, which overwrites the $DB variable with dynamic variable evaluation.


Software vulnerabilities results 1 to 20 of 524     
Page: 12345...27