8702 matches found
CVE-2000-0941
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter...
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs...
CVE-2000-0949
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option...
CVE-2000-0961
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command...
Itetris 1.6.1/1.6.2 - Privileged Arbitrary Command Execution
// source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular user. Itetris contains a...
ezmlm-cgi/ezmlm-idx-0.40 security advisory
Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....
CVE-2000-1021
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL...
CVE-2000-1024
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands...
Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied input to the 'config' field. As a result, the script can be made to...
CSA-200012.txt
CHINANSL Security AdvisoryCSA-200012 Topic: Ultraseek Server 3.0 Vulnerability Release Date£º Dec 6, 2000 Affected system: ============ Ultraseek Server 3.0 ¡¡¡¡- SunOS Impact: ====== CHINANLS security team has found a security problem in Ultraseek Server 3.0 . Exploitation of this vulnerability,...
Endymion MailMan 3.0.x - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2063/info A vulnerability exists in 3.x versions of Endymion MailMan Webmail prior to release 3.0.26. The widely-used Perl script provides a web-email interface. Affected versions make insecure use of the perl open function. Attackers can control the way...
Microsoft IIS Phone Book Service /pbserver/pbserver.dll Remote Overflow
The CGI /pbserver/pbserver.dll is subject to a buffer overflow attack that may allow an attacker to execute arbitrary commands on this host. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid10564; scriptversion"1.43...
CVE-2000-1021
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL...
Security problems with TWIG webmail system
Twig is a popular webmail system written in PHP, once called Muppet. Author: Christopher Heschong Homepage: http://twig.screwdriver.net Version: 2.5.1 latest Problem: The possibility of processing our own php file , can leed to arbitrary command execution on the server as the httpd user. Status:...
Security problems with Phorum php message board
Author: Brian Moon Homepage: www.phorum.org Version: 3.2.6 Problem: Any user can parse a choosed php script file using the Phorum sustem. It is also possibel, under certain circunstances, to execute arbitrary commands on the server as the httpd user. Status: Fixed in version 3.2.7 released...
[Update] NSFOCUS SA2000-07: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
NSFOCUS Security AdvisorySA2000-07 Topic: Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability Release DateЈє Nov 7th, 2000 Update DateЈє Nov 23rd, 2000 CVE Candidate Numbers: CAN-2000-0886 BUGTRAQ ID : 1912 Affected system: ================ - Microsoft IIS 4.0 - Microsoft IIS 5.0 Impact:...
CVE-2000-0854
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document...
CVE-2000-0878
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field...
CVE-2000-0856
Buffer overflow in SunFTP build 91 allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request...
Linux modutils 2.3.9 - 'modprobe' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/1936/info Modutils is a component of many linux systems that includes tools for using loadable kernel modules. One of these tools, modprobe, loads a set of modules that correspond to a provided "name" passed at the command line automatically. Modprobe...