8698 matches found
Fedora Core 1 : kdepim-3.1.4-2 (2004-133)
The KDE team found a buffer overflow in the file information reader of VCF files. An attacker could construct a VCF file so that when it was opened by a victim it would execute arbitrary commands. The Common Vulnerabilities and Exposures project cve.mitre.org has assigned the name CVE-2003-0988 t...
CVE-2004-0201
Heap-based buffer overflow in the HtmlHelp program hh.exe in HTML Help for Microsoft Windows 98, Me, NT 4.0, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary commands via a .CHM file with a large length field, a different vulnerability than CVE-2003-1041...
CVE-2004-0395
The xatitv program in the gatos package does not properly drop root privileges when the configuration file does not exist, which allows local users to execute arbitrary commands via shell metacharacters in a system call...
CVE-2002-1582
compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail as the Mail Transfer Agent, allows remote attackers to execute arbitrary commands via shell metacharacters in the RealEmail configuration variable, which is used to call Sendmail in network.cgi...
RHEL 2.1 : xchat (RHSA-2002:124)
A security issue in XChat allows a malicious server to execute arbitrary commands. XChat is a popular cross-platform IRC client. Versions of XChat prior to 1.8.9 do not filter the response from an IRC server when a /dns query is executed. Because XChat resolves hostnames by passing the configured...
RHEL 2.1 : cvs (RHSA-2003:013)
Updated CVS packages are now available for Red Hat Linux Advanced Server. These updates fix a vulnerability which would permit arbitrary command execution on servers configured to allow anonymous read-only access. Updated 06 Feb 2003 Added fixed packages for Advanced Workstation 2.1 CVS is a...
RHEL 2.1 : XFree86 (RHSA-2003:065)
Updated XFree86 packages that resolve various security issues and additionally provide a number of bug fixes and enhancements are now available for Red Hat Enterprise Linux 2.1. XFree86 is an implementation of the X Window System, which provides the graphical user interface, video drivers, etc. f...
format string vulnerability in Gnats
Zone-h Security Advisory Date of discovery : 21 june 2004 Date of release : 24 june 2004 Bug found by Khan Shirani [email protected] http://www.zone-h.org --------------------------------------- Software : GNU Gnats 4.00 Bugs : formats string bugs Risk : low/medium Platform : nix...
[ GLSA 200406-18 ] gzip: Insecure creation of temporary files
Gentoo Linux Security Advisory GLSA 200406-18 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity:...
PHPX 3.x - forums.php Cross-Site Request Forgery Arbitrary Command Execution
PHPX 3.x - forums.php Cross-Site Request Forgery Arbitrary Command Execution source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properl...
PHPX 3.x - '/forums.php' Cross-Site Request Forgery / Arbitrary Command Execution
source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. This issue could permit a remot...
PHPX 3.x - '/page.php' Cross-Site Request Forgery / Arbitrary Command Execution
source: https://www.securityfocus.com/bid/10284/info It has been reported that PHPX is affected by multiple administrator command execution vulnerabilities. These issues are due to a failure of the application to properly validate access to administrative commands. This issue could permit a remot...
Coppermine Photo Gallery 1.2.2b - theme.php Remote File Inclusion
Coppermine Photo Gallery 1.2.2b - theme.php Remote File Inclusion source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the...
Coppermine Photo Gallery 1.2.0 RC4 - init.inc.php Remote File Inclusion
Coppermine Photo Gallery 1.2.0 RC4 - init.inc.php Remote File Inclusion source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because t...
Coppermine Photo Gallery 1.2.2b - 'theme.php' Remote File Inclusion
source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the application fails to properly sanitize and validate user-supplied inp...
Coppermine Photo Gallery 1.2.2b - menu.inc.php Cross-Site Scripting
Coppermine Photo Gallery 1.2.2b - menu.inc.php Cross-Site Scripting source: https://www.securityfocus.com/bid/10253/info Coppermine Photo Gallery is reported prone to multiple input-validation vulnerabilities, some of which may lead to arbitrary command execution. These issues occur because the...
[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution
-------------------------------------------------------------------------- Debian Security Advisory DSA 496-1 [email protected] http://www.debian.org/security/ Martin Schulze April 29th, 2004 http://www.debian.org/security/faq -...
CVE-2004-0151
Unknown vulnerability in xitalk 1.1.11 and earlier allows local users to execute arbitrary commands...
CVE-2004-0377
CVE-2004-0377: A buffer overflow in the win32_stat wrapper used by ActivePerl (ActiveState) and Larry Wall’s Perl up to 5.8.3 allows local or remote code execution when a filename ends with a backslash. Exploitation depends on how the vulnerable Perl is used by an application; Windows environment...
Aborior Encore Web Forum - Arbitrary Command Execution
Aborior Encore Web Forum - Arbitrary Command Execution source: https://www.securityfocus.com/bid/10040/info Encore Web Forum is reported prone to an issue that may allow a remote user to execute arbitrary commands on a system implementing the forum software. This issue is due to the application's...