The php functions "exec", "system", "popen" (and similar) keep file descriptors of the parent process opened. When a new process is run this program will inherit all opened file descriptors of its parent. This can be used by hostile programs to listen and accept connections on port 80, or write to the apache log files.
df0886b7417f348dce9959a45e47a889aa6e01dd100f026507d0c694e50c33e3
Armorize-ADV-2006-0006 discloses multiple cross-site scripting vulnerabilities that are found in KnowledgeBank (http://sourceforge.net/projects/knowledgebank/), which is a is a PHP/mySQL web app that allows you to create a searchable database application with categories, subcategories, and screenshots.
c927285de10b58e4f08255e17e9aac5473d0afa4e7f732a3759dd534a2c01d3d
KICS cms suffers from an SQL injection vulnerability that can be used to gain administrative privileges.
c63da37314a6840ff5959a53f296ea306761576606a8d1acabaa3afa922df13b
UltraCMS 0.9 suffers from an SQL injection vulnerability which can be used to gain administrative privileges.
16f09bababa6c7297143a2a4505336bd9103adb0e2dc170f27c5573543ee0858
DigitalHive 2.0 RC2 suffers from a remote file inclusion vulnerability in base_include.php.
64c56e2bb825fa0e0a6fff5d832614de9a5d2c84b668a23f35957848a9af3001
A paper discussing a race condition vulnerability in a software package called TORQUE Resource Manager.
8e3866e0319643aa29a9919eaa286e3471d96bfe045e873e7e743efd8891fb19
rPath Security Advisory: 2006-0195-1: Previous versions of the KDE khtml library use Qt in a way that allows unchecked pixmap image input to be provided to Qt, triggering an integer overflow flaw in Qt. This enables a user-complicit denial of service attack (application crash), or possibly unauthorized access via arbitrary code execution.
d62aeb3881b902a5efb505319342562b3c2dd128421144cad0ce895f592acd96
Aimject facilitates man-in-the-middle attacks against AOL Instant Messenger's OSCAR protocol via a simple GTK interface.
8975e8f16ac28ee7b9331a2b37d25c54c13dab742ee263dc198ad8e73e93e6bd
HPSBST02161 SSRT061264 rev.1 - Storage Management Appliance (SMA), Microsoft Patch Applicability MS06-056 Through MS06-065: Various potential security vulnerabilities have been identified in Microsoft software that is running on the Storage Management Appliance (SMA). Some of these vulnerabilities may be pertinent to the SMA, please check the table in the Resolution section of this Security Bulletin.
d534dbc9037f027408f159b6b857432cbdcb78dbb5f9bd0ddedf322433ac96f7
Ubuntu Security Notice 367-1: An SQL injection was discovered in Pike's PostgreSQL module. Applications using a PostgreSQL database and uncommon character encodings could be fooled into running arbitrary SQL commands, which could result in privilege escalation within the application, application data exposure, or denial of service.
90854ac0e96c7bdf1a8c3510f8ee136c7c53119f8c29929c8dcea427e0ab3fa5
Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.
1ffc1a3c73c760ac58f91ec3ae453c8ca7a813338127f8d1868f21bb892b88b0
Ubuntu Security Notice 366-1: A buffer overflow was discovered in gas (the GNU assembler). By tricking an user or automated system (like a compile farm) into assembling a specially crafted source file with gcc or gas, this could be exploited to execute arbitrary code with the user's privileges.
1ffc1a3c73c760ac58f91ec3ae453c8ca7a813338127f8d1868f21bb892b88b0
Gentoo Linux Security Advisory GLSA 200610-08 - Unchecked use of strcpy() and *scanf() leads to several buffer overflows. Versions less than 15.5.20060927 are affected.
28493ecd8598067c624d4c2bb2b0a887735dd04d2ba935ad91f1d97352b11180
Drupal security advisory - DRUPAL-SA-2006-024: Multiple XSS (cross site scripting) vulnerabilities have been discovered.
1aa675f91c66e69c739dbfa33817a0d04e6526d3a5f2b4c2b15192944ad977b4
Drupal security advisory DRUPAL-SA-2006-025: Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. To illustrate; suppose one has an active user 1 session, the most powerful administrator account for a site, to a Drupal site while visiting a website created by an attacker. This website will now be able to submit any form to the Drupal site with the privileges of user 1, either by enticing the user to submit a form or by automated means. An attacker can exploit this vulnerability by changing passwords, posting PHP code or creating new users, for example. The attack is only limited by the privileges of the session it executes in.
c2eab01fab47cd53866e412e9c040859163e8d5a1dfd064f8742b495b323b50a
Drupal security advisory DRUPAL-SA-2006-026: A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such a url, for example, will submit all data, such as his/her e-mail address, but also possible private profile data, to a third-party site.
aac4a667546b92b6c6ad5f65a8adf2bf591fd7078837743847a284bbb2d5ba58
Novell eDirectory/iMonitor Remote Code Execution Security Advisory: Novell's HTTP Protocol Stack (httpstk) is a component of iMonitor which provides a web-based interface for management of eDirectory, an LDAP service forming the basis for many of the world s largest identity-management deployments. The code fails to check the length of client-supplied HTTP Host request-header (e.g. Host: www.host.com) values before using them to build a formatted URL into an inadequate, statically-sized buffer on the stack. This condition occurs in a call to snprintf() while the server is preparing an HTTP redirect response and can be triggered remotely, before any authentication takes place. This can allow attacker supplied code to be executed on vulnerable systems.
83f493818d78f80ff8f029bc85f643e0e2806d60376926715e9dc35b65088b58
[CAID 34693, 34694]: CA BrightStor ARCserve Backup Multiple Buffer Overflow Vulnerabilities (UPDATED): Summary: CA BrightStor ARCserve Backup contains multiple buffer overflow conditions that allow remote attackers to execute arbitrary code with local SYSTEM privileges on Windows. These issues affect the BrightStor Backup Agent Service, the Job Engine Service, and the Discovery Service in multiple BrightStor ARCserve Backup application agents and the Base product.
aab9553c2355bbb2473b67f29de0eca777c8f03660b498ab0279bf3ed1729b5b
The Asterisk Skinny channel driver for Cisco SCCP phones chan_skinny.so) incorrectly validates a length value in the packet header. An integer wrap-around leads to heap overwrite, and arbitrary remote code execution as root.
375f21639bb208bd239538725658092493aa1588e6038a60e78e34e06d806e2d
National Cyber Alert System - Technical Cyber Security Alert TA06-291A: Oracle Updates for Multiple Vulnerabilities
8c2cf43c1e1381dd8f0795056b5bc8eeed34189c5408d22004d2fb83b5e60de0
An alternative method in format string exploitation - a paper discussing a method of making format string exploits static again on 2.6 with random VA.
0c45b1d562e077e6945b0677cd1ab74d79b4754f927c1df8be3f30b948146365
Secunia Research 18/10/2006 - Joomla BSQ Sitestats Script Insertion and SQL Injection: Secunia Research has discovered some vulnerabilities in the BSQ Sitestats component for Joomla, which can be exploited by malicious people to conduct script insertion or SQL injection attacks.
75f22230642955d8f34b22474e9d1fbc4ee2657453e32d589105b5c872b599fc
Secunia Research 18/10/2006: IBM Lotus Notes Insecure Default Folder Permissions - Secunia Research has discovered a security issue in Lotus Notes, which can be exploited by malicious, local users to manipulate arbitrary files.
329a738d598319ed98c9d729752ed575b69c649c13730dad35244762b9e39337
The management interface of AirMagnet Enterprise contains several middle-risk vulnerabilities. Vulnerabilities ranges from reflected and stored Cross-Site scripting to remote code execution and protection bypass.
45b51e4b288d9397d096ede91151af95bd3a8a02a4557cdb8b9a9635359a4393
Highwall Enterprise and Highwall Endpoint wireless IDS management interface contain multiple vulnerabilities which can lead to privilege escalation and code execution.
104af84b88d66190c16142880c76ba81765558cf0f8d6a9b89f3c81eacec3f1d