Cyrus IMAP Server login Command Remote Overflow

According to its banner, the remote Cyrus IMAP server is vulnerable to a pre-login buffer overrun. An attacker without a valid login could exploit this, and would be able to execute arbitrary commands as the owner of the Cyrus process. This would allow full access to all users' mailboxes. This...

[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 207-1 [email protected] http://www.debian.org/security/ Martin Schulze December 11th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 207-1 [email protected] http://www.debian.org/security/ Martin Schulze December 11th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - -------------------------------------------------------------------------- Debian Security Advisory DSA 207-1 [email protected] http://www.debian.org/security/ Martin Schulze December 11th, 2002 http://www.debian.org/security/faq -...

DSA-207 tetex-bin - arbitrary command execution

Bulletin has no description...

[SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 203-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2002 http://www.debian.org/security/faq -...

[SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution

-------------------------------------------------------------------------- Debian Security Advisory DSA 203-1 [email protected] http://www.debian.org/security/ Martin Schulze December 4th, 2002 http://www.debian.org/security/faq -...

DSA-203 smb2www - arbitrary command execution

Bulletin has no description...

CVE-2002-0836

dvips converter for Postscript files in the tetex package calls the system function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts...

phpMyNewsletter 0.6.10 - Remote File Inclusion

phpMyNewsletter 0.6.10 - Remote File Inclusion source: https://www.securityfocus.com/bid/5886/info A vulnerability has been discovered in phpMyNewsLetter. Reportedly, it is possible to pass an attacker-specified file include location to a CGI paramter of the 'customize.php' script. This may allow...

wp-02-0011: Jetty CGIServlet Arbitrary Command Execution

Westpoint Security Advisory Title: Jetty CGIServlet Arbitrary Command Execution Risk Rating: Medium Software: Jetty Servlet Container Platforms: Win32 other platforms not tested Vendor URL: www.mortbay.org Author: Matt Moore [email protected] Date: 1st October 2002 Advisory ID: wp-02-0011.txt...

Jetty 3.1.6/3.1.7/4.1 Servlet Engine - Arbitrary Command Execution

source: https://www.securityfocus.com/bid/5852/info A flaw in the CGIServlet in Jetty allows an attacker to execute arbitrary commands on the server. Specifically, it is possible for an attacker to use directory traversal sequences and cause the CGIServlet to execute attacker-specified commands...

Microsoft Word does not check for macros contained in linked template file when opening RTF document

Overview There is a vulnerability caused by a failure to detect macros embedded in templates used by rich text format documents opened in Microsoft Word. This vulnerability may allow the author of a malicious document to execute arbitrary commands as the user who opens the document. Description...

PGPMail.pl does not adequately validate user input thereby allowing arbitrary command execution

Overview PGPMail.pl does not adequately filter user input, allowing arbitrary command execution. Description PGPMail.pl is an adaptation of the FormMail.pl CGI script, enhanced to use PGP encryption. PGPMail.pl does not adequately filter the "recipient" and "pgpuserid" CGI variables before passin...

MS Excel XLM Text Macro execution fails to trigger warning when default medium security set

Overview Excel fails to present a warning dialog when a macro is called from an external XLM text macro file. Description If a spreadsheet contains a reference to an external macro XLM file, Excel does not generate the usual warning dialog asking if the user wants to run the macro. Microsoft...

WebCalendar does not adequately validate user input

Overview WebCalendar does not properly validate user input, allowing attackers to execute arbitrary commands. Description WebCalendar is a free PHP application providing web calendar services for user groups. WebCalendar contains an unspecified input validation vulnerability, allowing arbitrary...

Textor Webmasters Ltd listrec.pl does not adequately validate user input thereby allowing arbitrary commands to be executed

Overview Textor Webmasters Ltd listrec.pl CGI script does not properly validate input to the "TEMPLATE" CGI variable, allowing arbitrary command execution. Description The CGI script listrec.pl by Textor Webmasters Ltd does not properly validate input to the "TEMPLATE" CGI variable. This value is...

phpWebSite 0.8.2 - PHP File Inclusion

source: https://www.securityfocus.com/bid/5779/info A vulnerability has been discovered in phpWebsite which allows an attacker to remotely include a malicious PHP file. It is possible for an attacker to specify a remote location for phpWebsite to download an attacker-supplied htmlheader.php scrip...

Input-validation vulnerability in PHP-Nuke allows arbitrary command execution via request for remote web site

Overview PHP-Nuke has an input-validation vulnerability that can lead to execution of arbitrary PHP code hosted on another web server. Description PHP-Nuke is a tool designed to ease web site creation and maintenance. PHP-Nuke includes a script named index.php, which uses PHP's include function t...

phpGB: DoS and executing_arbitrary_commands

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ppp-design found the following design error in phpGB: Details - ------- Product: phpGB Affected Version: 1.20 and maybe all versions before Immune Version: 1.30 OS affected: all OS with php Vendor-URL: http://www.walzl.net Vendor-Status: informed, new...