Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution

source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does not properly validate user input when executed with the -c option. Because of...

Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution

Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does n...

CVE-2001-1530

run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...

CVE-2001-1495

networkquery.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter...

Multiple FTPD glob Command Arbitrary Command Execution

The FTPD glob vulnerability manifests itself in handling the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs - an implementation of the glob command that does not properly return an error condition when interpreting the stri...

DCForum Remote Admin Privilege Compromise Vulnerability

Vulnerable: DC Scripts DCForum 2000 1.0 DC Scripts DCForum 6.0 DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of...

Advisory: Corrupt RPM Query Vulnerability

Description: Arbitrary command executing on query of corrupt RPM files note: you do not have to install the file to be affected Severity: Very Low to Low Unless running an lpd with no access restrictions, in which case, it may allow remote compromize. Affects: rpm-4.0.2-7x probably also earlier...

FreeBSD-SA-01:62.uucp

-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit Category: core Module: uucp Announced: 2001-10-08 Credits: [email protected] Affects: All release...

Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution

The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server. %NASLMINLEVEL 70300 This script written by Matt Moore See the Nessus Scripts License for details Changes by Tenable...

CVE-2001-0408

vim aka gvim processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes...

CVE-2001-0473

CVE-2001-0473 affects the Mutt email client (Imap-related code) prior to version 1.2.5. The vulnerability is a format string issue in the IMAP handling that can allow a remote, malicious IMAP server to execute arbitrary commands on the local machine. The Mandrakelinux MDKSA-2001:031 advisory spec...

CVE-2001-0408

CVE-2001-0408 affects Vim (gvim); a crafted file containing VIM control codes can cause arbitrary commands to execute when opening the file. The root cause is Vim interpreting embedded control codes, enabled by the status line option in .vimrc, allowing code execution as the user. Mandrake adviso...

CVE-2001-0489

The CVE-2001-0489 entry concerns gftp before version 2.0.8, where a printf/format string vulnerability in the logging of network data allows a remote FTP server to cause arbitrary commands to be executed. Affected component is the gftp client; root cause is unsafe handling of data received from t...

CVE-1999-1376

CVE-1999-1376 targets IIS 4.0 with FrontPage Server Extensions, via the fpcount.exe CGI. The vulnerability is a remote buffer overflow in the fpcount.exe CGI that could allow a remote attacker to execute arbitrary commands on the server, potentially crashing it or taking control. Incident details...

CVE-1999-1334

Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via 1 long From: headers, 2 long Reply-To: headers, or 3 via a long -f filterfile command line argument...

CVE-1999-1112

Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header...

CVE-1999-1502

CVE-1999-1502 affects the Quake 1.9 client. It is due to buffer overflows triggered by long values in four fields (precache paths, server name, server address, argument to the map console command), allowing a remote attacker to execute arbitrary commands on the client. Exploitation details are no...

CVE-1999-0808

CVE-1999-0808 highlights multiple buffer overflows in ISC DHCP Distribution server (dhcpd) versions 1.0 and 2.0. The root cause, as documented, is unsafe handling of long options, which can be exploited by a remote attacker to cause a crash and potentially execute arbitrary commands. Affected com...

CVE-1999-1479

CVE-1999-1479 affects the CGI textcounter.pl (Matt Wright) – the installed textcounter CGI allows remote command execution via shell metacharacters. Impact is remote code execution with the privileges of the http daemon (usually root or nobody). Remediation available is to remove the CGI from /cg...

CVE-1999-1334

CVE-1999-1334 : Multiple buffer overflows in the filter command of Elm 2.4 allow an attacker to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) a long -f (filterfile) command line argument. The connected sources confirm Elm 2.4 as the affected component a...