8695 matches found
IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
GreyMagic Security Advisory GM001-IE ===================================== by GreyMagic Software, Israel. 27 Feb 2002. Topic: Executing arbitrary commands without Active Scripting or ActiveX. Discovery date: 25 Feb 2002. Affected applications: ====================== Any application that hosts the...
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. The search.cgi script...
Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution
Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does n...
Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does not properly validate user input when executed with the -c option. Because of...
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...
CVE-2001-1495
networkquery.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter...
Multiple FTPD glob Command Arbitrary Command Execution
The FTPD glob vulnerability manifests itself in handling the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs - an implementation of the glob command that does not properly return an error condition when interpreting the stri...
DCForum Remote Admin Privilege Compromise Vulnerability
Vulnerable: DC Scripts DCForum 2000 1.0 DC Scripts DCForum 6.0 DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of...
Advisory: Corrupt RPM Query Vulnerability
Description: Arbitrary command executing on query of corrupt RPM files note: you do not have to install the file to be affected Severity: Very Low to Low Unless running an lpd with no access restrictions, in which case, it may allow remote compromize. Affects: rpm-4.0.2-7x probably also earlier...
FreeBSD-SA-01:62.uucp
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit Category: core Module: uucp Announced: 2001-10-08 Credits: [email protected] Affects: All release...
Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution
The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server. %NASLMINLEVEL 70300 This script written by Matt Moore See the Nessus Scripts License for details Changes by Tenable...
CVE-2001-0473
CVE-2001-0473 affects the Mutt email client (Imap-related code) prior to version 1.2.5. The vulnerability is a format string issue in the IMAP handling that can allow a remote, malicious IMAP server to execute arbitrary commands on the local machine. The Mandrakelinux MDKSA-2001:031 advisory spec...
CVE-2001-0489
The CVE-2001-0489 entry concerns gftp before version 2.0.8, where a printf/format string vulnerability in the logging of network data allows a remote FTP server to cause arbitrary commands to be executed. Affected component is the gftp client; root cause is unsafe handling of data received from t...
CVE-2001-0408
CVE-2001-0408 affects Vim (gvim); a crafted file containing VIM control codes can cause arbitrary commands to execute when opening the file. The root cause is Vim interpreting embedded control codes, enabled by the status line option in .vimrc, allowing code execution as the user. Mandrake adviso...
CVE-2001-0408
vim aka gvim processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes...
CVE-1999-0808
CVE-1999-0808 highlights multiple buffer overflows in ISC DHCP Distribution server (dhcpd) versions 1.0 and 2.0. The root cause, as documented, is unsafe handling of long options, which can be exploited by a remote attacker to cause a crash and potentially execute arbitrary commands. Affected com...
CVE-1999-1155
CVE-1999-1155 affects the LakeWeb Mail List CGI script, where remote attackers can execute arbitrary commands by injecting shell metacharacters into the recipient email address. The description specifies a remote command execution risk with network access and no authentication. No explicit patch ...
CVE-1999-1292
The CVE-1999-1292 entry describes a buffer overflow in the web administration feature of Kolban Webcam32 versions up to 4.8.3 and earlier. The underlying issue is a buffer overflow in the web admin interface that allows remote attackers to execute arbitrary commands by supplying a long URL. No ex...
CVE-1999-1334
CVE-1999-1334 : Multiple buffer overflows in the filter command of Elm 2.4 allow an attacker to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) a long -f (filterfile) command line argument. The connected sources confirm Elm 2.4 as the affected component a...
CVE-1999-1376
CVE-1999-1376 targets IIS 4.0 with FrontPage Server Extensions, via the fpcount.exe CGI. The vulnerability is a remote buffer overflow in the fpcount.exe CGI that could allow a remote attacker to execute arbitrary commands on the server, potentially crashing it or taking control. Incident details...