8695 matches found
CVE-2001-0298
Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP GET request...
IRIX /usr/lib/print/netprint local root symbols exploit.
i haven't audited anything in some time. well, i just noticed this because i am doing a project with a name similar to "netprint" and i was wondering if it was at all related to what i was doing. it wasn't. but, i noticed it was setuid root and had a little bug. this bug takes advantage of the -n...
Sendfile 1.x/2.1 - Local Privileged Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2645/info Sendfile is an implementation of the SAFT simple asynchronous file transfer protocol for UNIX systems. Due to a problem dropping privileges completely before running user-specified post-processing commands in the Sendfile daemon, it may be...
Trend Micro InterScan VirusWall catinfo CGI Overflow
The remote cgi /catinfo seems to be vulnerable to a buffer overflow when it receives a too long input strings, allowing any user to execute arbitrary commands as root. This CGI usually comes with the VirusWall suite. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
mkpasswd: acutally its worse than just not many passwords
due to a fault in expect the interpreter that runs the mkpasswd script it is trivially easy to cause arbitrary commands to be executed by someone else. under RH7.0 anyway the search path for libs for it includes /var/tmp/ check out http://bugzilla.redhat.com/bugzilla/showbug.cgi?id=28224 for...
CVE-2001-0302
Pi3Web 1.0.1 is vulnerable via the ISAPI extension tstisapi.dll. A buffer overflow triggered by a long URL allows remote attackers to cause denial of service and potentially execute arbitrary commands; the CGI runs with the HTTP service privileges and can disclose the web-root path. Remediation m...
CVE-2001-0296
Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute arbitrary commands via a long CWD command...
CVE-2001-0256
FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long username...
MAILNEWS mailnews.cgi Arbitrary Command Execution
mailnews.cgi is being hosted on the remote web server. Input to the 'address' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary commands with the privileges of the web server. Please note Nessus only checked for the presence of this CGI, and did not...
CVE-2001-0172
CVE-2001-0172 describes a buffer overflow in ReiserFS 3.5.28 on SuSE Linux that allows local users to trigger a denial of service and potentially execute arbitrary commands by supplying a long directory name. The vulnerability is local (attack vector: LOCAL) with low complexity and authentication...
PHP < 4.0.4 IMAP Module imap_open() Function Overflow
A version of PHP that is older than 4.0.4 is installed on this host. There is a buffer overflow condition in the IMAP module of this version that could allow an attacker to execute arbitrary commands with the privileges of the web server, if this server is serving a webmail interface. %NASLMINLEV...
Joe Text Editor 2.8 - .joerc Arbitrary Command Execution
Joe Text Editor 2.8 - .joerc Arbitrary Command Execution source: https://www.securityfocus.com/bid/2437/info Joe is a text editor originally written by Joseph Allen. Joe offers a user-friendly interface, with key binding and configuration familiar to many users of Microsoft Word Processing tools....
CVE-2001-0112
The CVE-2001-0112 entry concerns the splitvt utility: multiple buffer overflows in splitvt prior to 1.6.5 allow local users to execute arbitrary commands. Public details in the connected documents confirm affected software (splitvt) and the vulnerable version range (before 1.6.5), with Debian and...
KICQ 1.0 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2443/info KICQ is an ICQ-compatible interactive messaging client for Unix. Versions of KICQ are vulnerable to remote execution of arbitrary commands embedded in URLs. A maliciously-composed URL containing shell metacharacters and shell commands can be sen...
CVE-2001-0005
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands...
CVE-2001-0028
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " quotation characters...
Micro Focus Cobol 4.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2359/info Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis. If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may be able to elevate privileges. A...
REVISION: @stake Advisory Notification: NetDDE Message Vulnerability (A020501-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please note revision section below @stake Inc. www.atstake.com Security Advisory Advisory Name: NetDDE Message Vulnerability Release Date: 02/05/2001 Updated on 2/08/2001 Application: Network DDE system component Platform: Windows 2000 up to and...
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...
CVE-2001-0098
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string...