CVE-2003-0068

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker t...

CVE-2002-1377

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt...

CVE-2003-0069

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute...

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...

CVE-2002-1478

CVE-2002-1478 affects Cacti prior to 0.6.8. The issue allows an attacker to execute arbitrary commands via the Data Input option in console mode, due to the underlying handling of input. The vulnerability is documented with a high impact (CVSS v2 base score 10.0; confidentiality, integrity, and a...

CVE-2003-0065

The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitra...

CVE-2002-1377

CVE-2002-1377 affects Vim 6.0 and 6.1 (and possibly other versions) and is caused by the libcall feature in modelines not being sandboxed, enabling arbitrary command execution when a malicious file is edited (e.g., via mutt). The vulnerability is triggered locally when Opened files contain crafte...

CVE-1999-1189

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file...

GNU a2ps 4.13 - File Name Command Execution

GNU a2ps 4.13 - File Name Command Execution source: https://www.securityfocus.com/bid/11025/info Reportedly GNU a2ps is affected by a filename command-execution vulnerability. This issue is due to the application's failure to properly sanitize filenames. An attacker might leverage this issue to...

Gallery save_photos.php Arbitrary Command Execution

The version of Gallery hosted on the remote web server is affected by an arbitrary command execution vulnerability. This could allow an attacker to execute arbitrary commands on the remote host by uploading a file containing arbitrary PHP code. When the temp directory is web accessible, the...

Mantis < 0.18.3 / 0.19.0a2 Multiple Vulnerabilities

According to its banner, the remote version of Mantis contains multiple flaws that may allow an attacker to use it to perform a mass emailing, to inject HTML tags in the remote pages, or to execute arbitrary commands on the remote host if PHP's 'registerglobals' setting is enabled. %NASLMINLEVEL...

HP Jet Admin 7.x Traversal Arbitrary Command Execution

Binary data 1211.prm...

AWStats Rawlog Plugin Logfile Parameter Arbitrary Command Execution

Binary data 1728.prm...

Aplio Internet Phone authenticate.cgi Arbitrary Command Execution

Binary data 1641.prm...

AOL Instant Messenger IMG Tag Arbitrary Command Execution

Binary data 1251.prm...

bsguest.cgi Guestbook Email Address Variable Arbitrary Command Execution

Binary data 1644.prm...

IkonBoard FUNC.pm lang Cookie Arbitrary Command Execution

Binary data 1537.prm...

Sendmail DEBUG Arbitrary Command Execution

Binary data 2028.prm...

YaPiG < 0.92.2 Multiple Scripts Arbitrary Command Execution

The remote host is running YaPiG, a web-based image gallery written in PHP. The remote version of YaPiG may allow a remote attacker to execute malicious scripts on a vulnerable system. This issue exists due to a lack of sanitization of user-supplied data. It is reported that an attacker may be ab...

BasiliX login.php3 username Variable Arbitrary Command Execution

The remote host appears to be running a version of BasiliX between 1.0.2beta or 1.0.3beta. In such versions, the script 'login.php3' fails to sanitize user input, which enables a remote attacker to pass in a specially crafted value for the parameter 'username' with arbitrary commands to be execut...