HappyMall Multiple Script Arbitrary Command Execution

There is a flaw HappyMall that could allow an attacker to execute arbitrary commands with the privileges of the HTTP daemon typically root or nobody, by making a request like : /shop/normalhtml.cgi?file=|id| In addition, memberhtml.cgi has been reported vulnerable. However, Nessus has not checked...

CVE-2003-0171

DirectoryServices in MacOS X trusts the PATH environment variable to locate and execute the touch command, which allows local users to execute arbitrary commands by modifying the PATH to point to a directory containing a malicious touch program...

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (2)

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 2 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...

StockMan Shopping Cart shop.plx page Parameter Arbitrary Command Execution

The remote host is running the StockMan shopping cart. According to the version number of the CGI shop.plx, there is a flaw in this installation that could allow an attacker to execute arbitrary commands on this host, and which could also allow him to obtain your list of customers or their credit...

[SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 296-1 [email protected] http://www.debian.org/security/ Martin Schulze April 30th, 2003 http://www.debian.org/security/faq -...

DSA-296 kdebase - insecure execution

Bulletin has no description...

CVE-2003-0084

The CVE-2003-0084 issue affects the mod_auth_any Apache module included in Red Hat Enterprise Linux 2.1 (and other OS) where arguments passed to external programs are not properly escaped. This enables remote attackers to execute arbitrary commands via shell metacharacters, potentially running co...

Kerio Personal Firewall 2.1.x - Remote Authentication Packet Buffer Overflow (1)

source: https://www.securityfocus.com/bid/7180/info A buffer-overflow vulnerability has been discovered in Kerio Personal Firewall. The problem occurs during the administration authentication process. An attacker could exploit this vulnerability by forging a malicious packet containing an excessi...

[SECURITY] [DSA 294-1] New gkrellm-newsticker packages fix DoS and arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 294-1 [email protected] http://www.debian.org/security/ Martin Schulze April 23rd, 2003 http://www.debian.org/security/faq -...

[SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 293-1 [email protected] http://www.debian.org/security/ Martin Schulze April 23rd, 2003 http://www.debian.org/security/faq -...

Security problems in gkrellm-newsticker

Brian Campbell discovered two security-related problems in gkrellm-newsticker, a plugin for the gkrellm system monitor program, which provides a news ticker from RDF feeds. The following IDs were assigned: CAN-2003-0205 gkrellm-newsticker can launch a web browser of the user's choice when the...

DSA-293 kdelibs - insecure execution

Bulletin has no description...

CVE-2002-1478

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode...

PT-2003-1213 · Cacti · Cacti

Name of the Vulnerable Software and Affected Versions: Cacti versions prior to 0.6.8 Description: The issue allows remote authenticated Cacti administrators to execute arbitrary commands. This can be achieved by injecting shell metacharacters in the title during edit mode, specifically in the...

a NEW vulnerability in REGEDIT.EXE

Hi list, I have found a new vulnerability in regedit.exe that can be exploited localy or remotely by trapping our registery. --- SNIP --- / 09/04/2003 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @ Trapped Registery for REGEDIT.EXE exploit @ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@...

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution (1)

IkonBoard 3.1 - Lang Cookie Arbitrary Command Execution 1 source: https://www.securityfocus.com/bid/7361/info It has been reported that IkonBoard is prone to an arbitrary command execution vulnerability. The vulnerability is due to insufficient sanitization performed on user supplied cookie data...

[SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 284-1 [email protected] http://www.debian.org/security/ Martin Schulze April 12th, 2003 http://www.debian.org/security/faq -...

DSA-284 kdegraphics - insecure execution

Bulletin has no description...

IkonBoard v3.1.1: arbitrary command execution

============================================================================ Vulnerable: IkonBoard 3.1.1 and probably earlier Category: Perl/CGI coding errors Impact: Arbitrary command execution Date: 1st April 2003 Vendor: The Jarvis Group Homepage: http://www.ikonboard.com/ Vendor Status: First...

Solaris in.lpd Crafted Job Request Arbitrary Remote Command Execution

The remote lpd daemon is vulnerable to an environment error that could allow an attacker to execute arbitrary commands on this host. Nessus uses this vulnerability to retrieve the password file of the remote host although any command could be executed. %NASLMINLEVEL 70300 C Tenable Network...