8699 matches found
CVE-2002-1478
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...
CVE-1999-1189
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file...
CVE-2002-1548
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."...
CVE-2003-0069
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...
CVE-2002-1377
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...
GNU a2ps 4.13 - File Name Command Execution
GNU a2ps 4.13 - File Name Command Execution source: https://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to...
Gallery save_photos.php Arbitrary Command Execution
The version of Gallery hosted on the remote web server is affected by an arbitrary command execution vulnerability. This could allow an attacker to execute arbitrary commands on the remote host by uploading a file containing arbitrary PHP code. When the temp directory is web accessible, the...
Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities
According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP's 'registerglobals' setting is enabled. %NASLMINLEVEL...
AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution
Binary data 1728.prm...
AOL Instant Messenger IMG Tag Arbitrary Command Execution
Binary data 1251.prm...
bsguest.cgi Guestbook Email Address Variable Arbitrary Command Execution
Binary data 1644.prm...
Aplio Internet Phone authenticate.cgi Arbitrary Command Execution
Binary data 1641.prm...
HP Jet Admin 7.x Traversal Arbitrary Command Execution
Binary data 1211.prm...
Sendmail DEBUG Arbitrary Command Execution
Binary data 2028.prm...
IkonBoard FUNC.pm lang Cookie Arbitrary Command Execution
Binary data 1537.prm...
YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution
The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack of sanitization of user-supplied data. It is reported that an attacker may be ab...
BasiliX login.php3 username Variable Arbitrary Command Execution
The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be execut...
gnomevfs -- unsafe URI handling
Alexander Larsson reports that some versions of gnome-vfs and MidnightCommander contain a number of extfs' scripts that do not properly validate user input. If an attacker can cause her victim to process a specially-crafted URI, arbitrary commands can be executed with the privileges of the victim...
Mandrake Linux Security Advisory : gaim (MDKSA-2002:054-1)
Versions of Gaim an AOL instant message client prior to 0.58 contain a buffer overflow in the Jabber plug-in module. As well, a vulnerability was discovered in the URL-handling code, where the 'manual' browser command passes an untrusted string to the shell without reliable quoting or escaping...
Mandrake Linux Security Advisory : dhcpcd (MDKSA-2003:003)
A vulnerability was discovered by Simon Kelley in the dhcpcd DHCP client daemon. dhcpcd has the ability to execute an external script named dhcpcd-.exe when an IP address is assigned to that network interface. The script sources the file /var/lib/dhcpcd/dhcpcd-.info which contains shell variables...