tetris-bsd on Gentoo Linux checkscores() Function Local Overflow
A local overflow exists in tetris-bsd of the port bsd-games on Gentoo Linux. The checkscores() function in scores.c fails to validate a player's name, obtained from the '/var/games/tetris-bsd.scores' file, before it is printed into a buffer using sprintf, resulting in a stack overflow. The same function also reads player level without validation, resulting in an integer overflow. With a specially crafted request, an attacker can execute arbitrary code as a user with the permissions of the games group, resulting in a loss of integrity.. Read more.
NetBSD mail Record File Permission Weakness Information Disclosure
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the "set record" setting is present in a users .mailrc and the default umask is set, which will create a record file with insecure permissions. This will disclose the record file of a user's email resulting in a loss of confidentiality.. Read more.
CA BrightStor ARCserve Backup Default Administrator Account
BrightStor ARCserve Backup UniversalAgent contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is caused by a hard-coded, undocumented administrative account for the Common Agent. This flaw may lead to a loss of integrity.. Read more.
SQuery igi2.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to igi2.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
SQuery savage.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to savage.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
SQuery hlife2.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to hlife2.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
SQuery hlife.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to hlife.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
SQuery halo.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to halo.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
SQuery gsvari.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to gsvari.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
SQuery rene.php libpath Variable Remote File Inclusion
SQuery contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to rene.php (not an underlying library) not properly sanitizing user input supplied to the 'libpath' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.. Read more.
Vuln: Sudo Python Environment Variable Handling Security Bypass Vulnerability
Sudo Python Environment Variable Handling Security Bypass Vulnerability. Read more.
Vuln: Sudo Perl Environment Variable Handling Security Bypass Vulnerability
Sudo Perl Environment Variable Handling Security Bypass Vulnerability. Read more.
Vuln: ADOdb Server.PHP SQL Injection Vulnerability
ADOdb Server.PHP SQL Injection Vulnerability
. Read more.
Vuln: ADOdb PostgreSQL SQL Injection Vulnerability
ADOdb PostgreSQL SQL Injection Vulnerability. Read more.
