8695 matches found
CVE-2000-1147
Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers to execute arbitrary commands via a long string to the "LANGUAGE" argument in a script tag...
CVE-2000-1175
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument...
CVE-2000-1183
Buffer overflow in socks5 server on Linux allows attackers to execute arbitrary commands via a long connection request...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly validate user-supplied, URL-encoded input to the read...
eXtropia bbs_forum.cgi 1.0 - Arbitrary Command Execution
eXtropia bbsforum.cgi 1.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2177/info bbsforum.cgi is a popular Perl cgi script from eXtropia.com. It supports the creation and maintenance of web-based threaded discussion forums. Version 1.0 of bbsforum.cgi fails to properly...
CVE-2000-1084
The CVE-2000-1084 issue affects Microsoft SQL Server and SQL Server Desktop Engine (MSDE) via Extended Stored Procedures. The vulnerable component is xp_updatecolvbm, which does not properly restrict buffer length before calling srv_paraminfo in the XP API, enabling a potential denial of service ...
CVE-2000-1085
The vulnerability CVE-2000-1085 affects Microsoft SQL Server 2000 and SQL Server Desktop Engine (MSDE). It concerns the xp_peekqueue function, where the length of a buffer is not properly restricted before invoking srv_paraminfo in the SQL Server API for Extended Stored Procedures (XP). This coul...
CVE-2000-1088
CVE-2000-1088 affects Microsoft SQL Server 2000 and MSDE via the Extended Stored Procedures API. The vulnerability lies in xp_SetSQLSecurity not properly restricting the buffer length before calling srv_paraminfo, enabling a attacker to cause a denial of service or execute arbitrary commands. The...
CVE-2000-1126
CVE-2000-1126 affects HP-UX 11.00 and earlier. The vulnerability is in the auto_parms and set_parms components and, per the sources, allows remote attackers to execute arbitrary commands or cause a denial of service. The connected documents confirm the affected software and the underlying impact ...
CVE-2000-1183
CVE-2000-1183 concerns a buffer overflow in a Socks5 server running on Linux. The vulnerability arises in the Socks5 server’s handling of long connection requests, which can overflow a buffer and allow an attacker to execute arbitrary commands. The available connected documents confirm the vulner...
CVE-2000-1082
The xpenumresultset function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...
CVE-2000-1083
The xpshowcolv function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execute...
CVE-2000-1175
Buffer overflow in Koules 1.4 allows local users to execute arbitrary commands via a long command line argument...
CVE-2000-0941
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter...
CVE-2000-0949
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option...
CVE-2000-0961
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command...
CVE-2000-0967
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs...
Itetris 1.6.1/1.6.2 - Privileged Arbitrary Command Execution
// source: https://www.securityfocus.com/bid/2139/info Itetris, or "Intelligent Tetris", is a clone of the popular Tetris puzzle game for linux systems. The svgalib version of Itetris is installed setuid root so that it may access video hardware when run by a regular user. Itetris contains a...
ezmlm-cgi/ezmlm-idx-0.40 security advisory
Summary: ezmlm-cgi is part of the ezmlm-idx-0.40.tar.gz package and allows web access to mailing list archives. When ezmlm-cgi is installed SUID user other than root, it can be used to execute arbitrary commands with the effective uid of the SUID user. Scope: Default installations of ezmlm-idx-0....
CVE-2000-1021
Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long URL...