GNU findutils 4.04.1 - Locate Arbitrary Command Execution

GNU findutils 4.04.1 - Locate Arbitrary Command Execution // source: https://www.securityfocus.com/bid/3127/info GNU locate is an application that searches file databases for file names that match user-supplied patterns. A boundary condition error can occur when the program reads database files...

Entrust - getAccess

hola friends, getAccesstm is used as a single-sign-on system often used for large internet-portals. --- snip http://www.entrust.com --- Entrust GetAccesstm offers the most comprehensive solution for consistently deploying and enforcing basic and enhanced security across online applications, from...

phpBB 1.x - Page Header Arbitrary Command Execution

source: https://www.securityfocus.com/bid/3167/info An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of some variables in phpBB. It is possible for users registered with the phpBB system to submit values for certain...

CVE-2001-0349

CVE-2001-0349 affects Microsoft Windows 2000, specifically the Telnet Service. The Telnet Service creates named pipes to share data between session handlers, using an algorithm to name pipes that is easily predictable, and it does not properly verify the pipe names. If a local attacker with acces...

CVE-2001-0614

Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain additional privileges and execute arbitrary commands via a specially constructed URL...

CVE-2001-0350

Microsoft Windows 2000 telnet service creates named pipes with predictable names and does not properly verify them, which allows local users to execute arbitrary commands by creating a named pipe with the predictable name and associating a malicious program with it, the second of two variants of...

CVE-2001-0980

docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page...

SimpleServer:WWW Encoded Traversal Arbitrary Command Execution

By sending a specially encoded string to the remote server, it is possible to execute remote commands with the privileges of the server. This script was written by Mathieu Meadele Script audit and contributions from Carmichael Security Erik Anderson nb: domain no longer exists Added BugtraqID...

CVE-2001-0262

Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers malicious web pages to execute arbitrary commands via a long URL...

CVE-2001-0432

Buffer overflows in various CGI programs in the remote administration service for Trend Micro Interscan VirusWall 3.01 allow remote attackers to execute arbitrary commands...

PHP Safe Mode mail Function 5th Parameter Arbitrary Command Execution

The remote host is running PHP 4.0.5. There is a flaw in this version of PHP that allows local users to circumvent the safe mode and to gain the UID of the HTTP process. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. References: Date: Fri, 23 Aug 2002 09:30:40 +0200 CEST From: "Wojciech...

PT-2001-2378 · Php · Php

Name of the Vulnerable Software and Affected Versions: PHP versions 4.0.5 through 4.1.0 Description: The issue is related to the mail function in PHP, where the 5th parameter is not properly cleansed in safe mode, allowing local users and possibly remote attackers to execute arbitrary commands vi...

[SNS Advisory No.35] TrendMicro InterScan VirusWall 3.51 HttpSaveC*P.dll Buffer Overflow

SNS Advisory No.35 TrendMicro InterScan VirusWall 3.51 HttpSaveCP.dll Buffer Overflow Problem first discovered: Wed, 6 Jun 2001 Published: Thu, 28 Jun 2001 ---------------------------------------------------------------------- Overview: --------- A buffer overflow vulnerability was found in some...

CVE-2001-0244

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter...

CVE-2001-0449

Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option...

GNU groff 1.1x - xploitation Via LPD

GNU groff 1.1x - xploitation Via LPD // source: https://www.securityfocus.com/bid/3103/info lpd is the print spooling daemon. It is used to support network printing on a variety of unix platforms. The version of lpd that ships with linux systems invokes groff to process documents that are to be...

Hewlett Packard OpenView and Tivoli NetView do not adequately validate SNMP trap arguments

Overview Hewlett Packard's HP OpenView and Tivoli NetView are system management software packages. There is a vulnerability a component of these packages, ovactiond, that allows intruders to execute arbitrary commands as user bin. This may subsequently lead to a root compromise. Description HP...

CVE-2001-0408

vim aka gvim processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes...

Microburst uDirectory 2.0 - Remote Command Execution

source: https://www.securityfocus.com/bid/2884/info uDirectory is an online directory and listing management system. An input validation error exists in uDirectory that may allow remote users to execute arbitrary commands on a host running the software. !/usr/bin/perl -w management, e-commerce...

CVE-2001-0216

PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter...