CVE-2001-0318

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory cwd...

CVE-2001-0436

The vulnerability CVE-2001-0436 affects DCForum 2000, specifically the dcboard.cgi CGI: remote attackers can execute arbitrary commands by uploading a Perl program to the server and referencing it via a .. in the AZ parameter. This is documented in the NVD entry for DCForum 2000 1.0 with a base s...

CVE-2001-0447

CVE-2001-0447 affects the Web configuration server component of 602Pro LAN SUITE. A crafted long HTTP request containing %2e (dot dot) characters can trigger a denial of service and may allow arbitrary command execution. This is documented across NVD and CVE records; no explicit exploit code or i...

CVE-2001-0397

CVE-2001-0397 describes a buffer overflow in Silent Runner Collector (SRC) 1.6.1 that can be triggered by a long SMTP HELO command. The vulnerability allows remote attackers to cause a denial of service and, potentially, execute arbitrary commands. CVSS v2 base metrics are provided: AV:N/AC:L/Au:...

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution (7)

Microsoft IIS 3.04.05.0 - PWS Escaped Characters Decoding Command Execution 7 source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, i...

def-2001-25: Carello E-Commerce Arbitrary Command Execution

====================================================================== Defcom Labs Advisory def-2001-25 Carello E-Commerce Arbitrary Command Execution Author: Peter Grьndl [email protected] Release Date: 2001-05-14 ======================================================================...

Microsoft IIS 3.0/4.0/5.0 - PWS Escaped Characters Decoding Command Execution (3)

source: https://www.securityfocus.com/bid/2708/info Due to a flaw in the handling of CGI filename program requests, remote users can execute arbitrary commands on an IIS host. When IIS receives a CGI filename request, it automatically performs two actions before completing the request: 1. IIS...

CVE-2000-0693

The CVE affects pgxconfig in the Raptor GFX configuration tool, where a relative path is used for a system call to the cp program. This enables local users to execute arbitrary commands by manipulating their PATH to point to a malicious cp replacement. Root cause: path-based command execution via...

CVE-2001-0050

CVE-2001-0050 correlates to two bugs in the BitchX IRC client reported in MDKSA-2000:079. A stack overflow can occur when processing a malformed DNS answer, potentially enabling remote denial of service or arbitrary code execution, and a second bug allows embedding a malformed DNS record in a val...

CVE-2001-0005

Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands...

CVE-2001-0111

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument...

CVE-2001-0191

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length...

CVE-2001-0299

Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL...

CVE-2000-0816

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters...

CVE-2000-0854

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document...

CVE-2000-1121

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument...

cgiCentral WebStore 400 - Administrator Authentication Bypass

cgiCentral WebStore 400 - Administrator Authentication Bypass source: https://www.securityfocus.com/bid/2860/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. A vulnerability exists in Webstore which may allow attackers to obtain administrati...

cgiCentral WebStore 400 - Arbitrary Command Execution

cgiCentral WebStore 400 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2861/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. Wsmail.cgi calls system with user-supplied data in the command string. Because it does not...

cgiCentral WebStore 400 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/2861/info cgiCentral's Webstore is an shopping cart application which processes and manages online purchases. Wsmail.cgi calls system with user-supplied data in the command string. Because it does not filter metacharacters out of the user-supplied data, i...

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite (3)

WU-FTPD 2.4.22.5 .02.6.0 - Remote Format String Stack Overwrite 3 source: https://www.securityfocus.com/bid/1387/info Washington University ftp daemon wu-ftpd is a very popular unix ftp server shipped with many distributions of Linux and other UNIX operating systems. Wu-ftpd is vulnerable to a ve...