CVE-2002-0363

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice...

Taskpads ActiveX Control incorrectly marked safe-for-scripting

Overview The taskpads ActiveX control included with some resource kit products circa February 1999 was incorrectly marked safe-for-scripting. Description The taskpads ActiveX control included with the Microsoft Windows 98 resource kit, the Microsoft Windows 98 resource kit sampler, and the Back...

CVE-2002-0277

Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter...

eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI

eSO Security Advisory: 2408 Discovery Date: April 3, 2000 ID: eSO:2408 Title: CIDER SHADOW CGI arbitrary command execution vulnerabilities Impact: Remote attackers can execute commands with the privileges of the running web server process Affected Technology: CIDER SHADOW 1.5, 1.6 Vendor Status:...

CGIScript.net - csMailto Hidden Form Field Remote Command Execution

CGIScript.net - csMailto Hidden Form Field Remote Command Execution source: https://www.securityfocus.com/bid/4579/info CGIScript.NET csMailto is a Perl script designed to support multiple mailto: forms. A vulnerability has been reported in some versions of this script. Reportedly, configuration...

Apache on Windows < 1.3.24 / 2.0.x < 2.0.34 DOS Batch File Arbitrary Command Execution

Apache for Win32 prior to 1.3.24 and 2.0.x prior to 2.0.34-beta is shipped with a default script, '/cgi-bin/test-cgi.bat', that allows an attacker to remotely execute arbitrary commands on the host subject to the permissions of the affected application. An attacker can send a pipe character '|'...

Several x-dev.de Guestbook and xNewsletter Vulnerabilities &#40; www.x-dev.de &#41;

------------------------------------------------------------ itcp advisory 12 [email protected] http://www.it-checkpoint.net/advisory/12.html April 14th, 2002 - ------------------------------------------------------------ Several x-dev.de Guestbook and xNewsletter Vulnerabilities...

Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances

------------------------------------------------------------- itcp advisory 7 [email protected] http://www.it-checkpoint.net/advisory/7.html April 3rd, 2002 ------------------------------------------------------------- Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command...

Microsoft Internet Explorer does not adequately evaluate malformed URLs

Overview Microsoft Internet Explorer contains a serious vulnerability in its handling of zone determination. Description Microsoft Internet Explorer contains a vulnerability in the way in which it handles zone determination. Specifically, HTML scripts stored in cookies should be executed in the...

Apache-SSL < 1.3.23+1.46 i2d_SSL_SESSION Function SSL Client Certificate Overflow

The remote host is using a version of Apache-SSL that is older than 1.3.22+1.46. Such versions are vulnerable to a buffer overflow that, albeit difficult to exploit, may allow an attacker to execute arbitrary commands on this host subject to the privileges under which the web server operates. C...

Solaris 7.08 Sunsolve CD - SSCD_SunCourier.pl CGI Script Arbitrary Command Execution

Solaris 7.08 Sunsolve CD - SSCDSunCourier.pl CGI Script Arbitrary Command Execution source: https://www.securityfocus.com/bid/4269/info The Sunsolve CD is part of the Solaris Media pack. It is included as a documentation resource, and is available for the Solaris Operating Environment. A CGI scri...

CVE-2001-0422

CVE-2001-0422 affects Xsun on Solaris 8 and earlier. A buffer overflow triggered by a long HOME environment variable allows local users to execute arbitrary commands. The provided documents do not include remediation details.

CVE-1999-1055

Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."...

CVE-2000-0740

CVE-2000-0740 describes a buffer overflow in the Net Tools PKI Server 1.0 strong.exe web server (HTTPS) that, when processing a long URL, can allow a remote attacker to execute arbitrary commands. The vulnerability is in the web server component and affects the HTTPS port; the issue is exploitabl...

CVE-2000-0788

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic VBA scripts in an Access database, which could allow an attacker to execute arbitrary commands...

CVE-2001-0537

CVE-2001-0537 affects Cisco IOS HTTP Server in Cisco IOS 11.3–12.2. The vulnerability allows bypassing local authentication and executing arbitrary commands by specifying a high access level in the URL. Impact is authenticated command execution with full privileges on affected devices. Public det...

CVE-2001-0236

CVE-2001-0236 affects Solaris snmpXdmid, where a buffer/heap overflow in the SNMP-to-DMI mapper allows remote code execution via a long indication event. Affected platforms include SunOS 5.7/Solaris 7 and SunOS 5.8/Solaris 8. The vulnerability is triggered by handling crafted SNMP traps/indicatio...

CVE-1999-1321

The CVE-1999-1321 entry concerns the SSH 1.2.26 client with Kerberos V enabled. A buffer overflow in handling a long DNS hostname during TGT ticket passing could allow remote attackers to cause a denial of service or execute arbitrary commands. The vulnerability details are drawn from the NVD/CVE...

IE execution of arbitrary commands without Active Scripting or ActiveX &#40;GM#001-IE&#41;

GreyMagic Security Advisory GM001-IE ===================================== by GreyMagic Software, Israel. 27 Feb 2002. Topic: Executing arbitrary commands without Active Scripting or ActiveX. Discovery date: 25 Feb 2002. Affected applications: ====================== Any application that hosts the...

AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution

AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. The search.cgi script...