Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution

Leif M. Wright everythingform.cgi 2.0 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/2101/info An input validation vulnerability exists in Leif M. Wright's everything.cgi, a Perl-based form design tool. The script fails to properly filter shell commands from user-supplied...

RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)

Motto from the modprobe manpage: "BUGS: Naah..." ------------------------------------------------ This vulnerability has been found by Sebastian Krahmer some time ago he is posting an advisory right now. Stupid shell command execution within userspace kernel helper application, modprobe, is...

Серьезная дырка в LPR (PostScript shell execution & grog)

При печати PostScript документов выполняются shell-команды содержащиеся в документах, при этом не сбрасывается egid lp, что позволяет получить gid lp, кроме того, в отдельных случаях возможно получить root используя некорректный вызов к программе pic в grog...

TalentSoft Web+ Application Server (Linux) 4.6 - Example Script File Disclosure

TalentSoft Web+ Application Server Linux 4.6 - Example Script File Disclosure source: https://www.securityfocus.com/bid/1725/info Web+ is a development language for use in creating web-based client/server applications. In Linux versions of the product, an example script installed in Web+ Web+Ping...

Matt Kruse Calendar Script 2.2 - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/1215/info Matt Kruse's Calendar script is a popular, free perl cgi-script used by many websites on the Internet. It allows a website administrator to easily setup and customize a calendar on their website. There are two components of this package,...

BizDB Search Script Enables Shell Command Execution at the Server

BizDB Search Script Enables Shell Command Execution at the Server Perfecto's Black Watch Labs Security Advisory 00-04 April 7th, 2000 Name: BizDB Search Script Enables Shell Command Execution at the Server Black Watch Labs ID: BWL-00-04 Date Released: April 7th, 2000 Category: ApplicationHTML:...

Great Circle Associates Majordomo 1.94.4 - Local resend

Great Circle Associates Majordomo 1.94.4 - Local resend source: https://www.securityfocus.com/bid/902/info It is possible to execute arbitrary commands with elevated privileges through exploiting the majordomo binary, "resend". A setuid root wrapper program calls resend after setuiding and...

Microsoft Data Access Components (MDAC) 2.1 / Microsoft IIS 3.0/4.0 / Microsoft Index Server 2.0 / Microsoft Site Server Commerce Edition 3.0 i386 MDAC - RDS (2)

source: https://www.securityfocus.com/bid/529/info MDAC Microsoft Data Access Components is a package used to integrate web and database services. It includes a component named RDS Remote Data Services. RDS allows remote access via the internet to database objects through IIS. Both are included i...