7665 matches found
CVE-2001-0422
CVE-2001-0422 affects Xsun on Solaris 8 and earlier. A buffer overflow triggered by a long HOME environment variable allows local users to execute arbitrary commands. The provided documents do not include remediation details.
CVE-2000-0740
CVE-2000-0740 describes a buffer overflow in the Net Tools PKI Server 1.0 strong.exe web server (HTTPS) that, when processing a long URL, can allow a remote attacker to execute arbitrary commands. The vulnerability is in the web server component and affects the HTTPS port; the issue is exploitabl...
CVE-2001-0236
CVE-2001-0236 affects Solaris snmpXdmid, where a buffer/heap overflow in the SNMP-to-DMI mapper allows remote code execution via a long indication event. Affected platforms include SunOS 5.7/Solaris 7 and SunOS 5.8/Solaris 8. The vulnerability is triggered by handling crafted SNMP traps/indicatio...
CVE-1999-1321
The CVE-1999-1321 entry concerns the SSH 1.2.26 client with Kerberos V enabled. A buffer overflow in handling a long DNS hostname during TGT ticket passing could allow remote attackers to cause a denial of service or execute arbitrary commands. The vulnerability details are drawn from the NVD/CVE...
CVE-2001-0537
CVE-2001-0537 affects Cisco IOS HTTP Server in Cisco IOS 11.3–12.2. The vulnerability allows bypassing local authentication and executing arbitrary commands by specifying a high access level in the URL. Impact is authenticated command execution with full privileges on affected devices. Public det...
IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
GreyMagic Security Advisory GM001-IE ===================================== by GreyMagic Software, Israel. 27 Feb 2002. Topic: Executing arbitrary commands without Active Scripting or ActiveX. Discovery date: 25 Feb 2002. Affected applications: ====================== Any application that hosts the...
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. The search.cgi script...
Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does not properly validate user input when executed with the -c option. Because of...
Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution
Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does n...
CVE-2001-1495
networkquery.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter...
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...
Multiple FTPD glob Command Arbitrary Command Execution
The FTPD glob vulnerability manifests itself in handling the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs - an implementation of the glob command that does not properly return an error condition when interpreting the stri...
DCForum Remote Admin Privilege Compromise Vulnerability
Vulnerable: DC Scripts DCForum 2000 1.0 DC Scripts DCForum 6.0 DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of...
Advisory: Corrupt RPM Query Vulnerability
Description: Arbitrary command executing on query of corrupt RPM files note: you do not have to install the file to be affected Severity: Very Low to Low Unless running an lpd with no access restrictions, in which case, it may allow remote compromize. Affects: rpm-4.0.2-7x probably also earlier...
FreeBSD-SA-01:62.uucp
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit Category: core Module: uucp Announced: 2001-10-08 Credits: [email protected] Affects: All release...
Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution
The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server. %NASLMINLEVEL 70300 This script written by Matt Moore See the Nessus Scripts License for details Changes by Tenable...
CVE-2001-0408
vim aka gvim processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes...
CVE-2001-0489
The CVE-2001-0489 entry concerns gftp before version 2.0.8, where a printf/format string vulnerability in the logging of network data allows a remote FTP server to cause arbitrary commands to be executed. Affected component is the gftp client; root cause is unsafe handling of data received from t...
CVE-2001-0408
CVE-2001-0408 affects Vim (gvim); a crafted file containing VIM control codes can cause arbitrary commands to execute when opening the file. The root cause is Vim interpreting embedded control codes, enabled by the status line option in .vimrc, allowing code execution as the user. Mandrake adviso...
CVE-2001-0473
CVE-2001-0473 affects the Mutt email client (Imap-related code) prior to version 1.2.5. The vulnerability is a format string issue in the IMAP handling that can allow a remote, malicious IMAP server to execute arbitrary commands on the local machine. The Mandrakelinux MDKSA-2001:031 advisory spec...