OpenSSH < 3.7.1 Multiple Vulnerabilities

According to its banner, the remote SSH server is running a version of OpenSSH older than 3.7.1. Such versions are vulnerable to a flaw in the buffer management functions that might allow an attacker to execute arbitrary commands on this host. An exploit for this issue is rumored to exist. Note...

CVE-2003-0644

Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands...

DSA-364-3 man-db - buffer overflows, arbitrary command execution

Bulletin has no description...

DSA-364 man-db - buffer overflows, arbitrary command execution

Bulletin has no description...

Microsoft Internet Explorer and Outlook Express MHTML rendering engine incorrectly executes script in Local Computer Zone

Overview There is an MHTML input validation vulnerability in Outlook Express that may lead to arbitrary command and code execution in the Local Computer Zone of a victim host. Description Microsoft systems use components of Microsoft Outlook Express to render MHTML MIME Encapsulation of Aggregate...

[CLA-2003:711] Conectiva Security Announcement - mnogosearch

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- CONECTIVA LINUX SECURITY ANNOUNCEMENT - -------------------------------------------------------------------------- PACKAGE : mnogosearch SUMMARY : Remote buffer overflow...

Adobe Acrobat Reader (UNIX) 5.0 6 Xpdf 0.9x Hyperlinks - Arbitrary Command Execution

Adobe Acrobat Reader UNIX 5.0 6 Xpdf 0.9x Hyperlinks - Arbitrary Command Execution source: https://www.securityfocus.com/bid/7912/info A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled with...

Adobe Acrobat Reader (UNIX) 5.0 6 / Xpdf 0.9x Hyperlinks - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/7912/info A vulnerability has been reported for multiple PDF viewers for Unix variant operating systems. The problem is said to occur when hyperlinks have been enabled within the viewer. Allegedly, by placing a specially formatted hyperlink within a PDF...

CVE-2003-0354

Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers to execute arbitrary commands, even when -dSAFER is enabled, via a PostScript file that causes the commands to be executed from a malicious print job...

AIX 4.3.35.x - Getlvcb Command Line Argument Buffer Overflow (1)

AIX 4.3.35.x - Getlvcb Command Line Argument Buffer Overflow 1 source: https://www.securityfocus.com/bid/9905/info getlvcb has been reported to be prone to a buffer overflow vulnerability. When an argument is passed to the getlvcb utility, the string is copied into a reserved buffer in memory. Da...

RedHat 9.0 / Slackware 8.1 - &#039;/bin/mail&#039; Carbon Copy Field Buffer Overrun

source: https://www.securityfocus.com/bid/7760/info A vulnerability has been discovered in the Linux /bin/mail utility. The problem occurs when processing excessive data within the carbon copy field. Due to insufficient bounds checking while parsing this information it may be possible to trigger ...

Samba 2.2.x - call_trans2open Remote Buffer Overflow (3)

Samba 2.2.x - calltrans2open Remote Buffer Overflow 3 // source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server,...

Samba 2.2.x - &#039;call_trans2open&#039; Remote Buffer Overflow (3)

// source: https://www.securityfocus.com/bid/7294/info A buffer overflow vulnerability has been reported for Samba. The problem occurs when copying user-supplied data into a static buffer. By passing excessive data to an affected Samba server, it may be possible for an anonymous user to corrupt...

unhappycgi.txt

Advisory URL: http://securitytracker.com/alerts/2003/May/1006707.html Vendor: Happycgi.com Product: Happymall Versions: 4.3, 4.4 Title: Happymall E-Commerce Input Validation Flaw Lets Remote Users Execute Arbitrary Commands Description: Revin Aldi reported an input validation vulnerability in the...

HappyMall Multiple Script Arbitrary Command Execution

There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...

CVE-2003-0171

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program...

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (2)

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 2 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...

StockMan Shopping Cart shop.plx page Parameter Arbitrary Command Execution

The remote host is running the StockMan shopping cart. According to the version number of the CGI shop.plx, there is a flaw in this installation that could allow an attacker to execute arbitrary commands on this host, and which could also allow him to obtain your list of customers or their credit...

[SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 296-1 [email protected] http://www.debian.org/security/ Martin Schulze April 30th, 2003 http://www.debian.org/security/faq -...

DSA-296 kdebase - insecure execution

Bulletin has no description...