Windmail.exe Shell Metacharacter Arbitrary Command Execution

The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

fcheck v.2.7.45 and insecure use of Perl's system()

The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...

Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution

/scripts/tools/ctss.idc is present. Input to the 'table' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL commands. If xpcmdshell is enabled, this could result in arbitrary command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

Oracle Web Listener 4.0.x - for NT Batch File

Oracle Web Listener 4.0.x - for NT Batch File source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on t...

Oracle Web Listener 4.0.x - for NT Batch File

source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on the server, simply by appending '?&' and a...

WorldView 6.5/Wnn4 4.2 - Asian Language Server Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/1603/info A remote buffer overflow exists in the Asian language servers portion of a number of different implementations of Wnn. It has been reported that only systems that have WorldView Japanese, Korean, and Chinese installed are vulnerable to this...

CVE-1999-0255

Buffer overflow in ircd allows arbitrary command execution...

CVE-1999-0186

The CVE-1999-0186 entry concerns Solaris where an SNMP subagent uses a default community string, enabling remote attackers to execute arbitrary commands as root or modify system parameters. The NVD record shows a base score of 10.0 (HIGH) with Network attack vector, low complexity, and complete i...

CVE-1999-0233

IIS 1.0 is reported to allow users to execute arbitrary commands via .bat or .cmd files. The cited sources do not provide concrete technical details beyond this description (no specific root cause, affected versions beyond IIS 1.0, or remediation steps). Exploitation status and in‑the‑wild use ar...

PlusMail plusmail CGI Arbitrary Command Execution

The 'plusmail' CGI is installed. Some versions of this CGI have a well known security flaw that lets an attacker read arbitrary file with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-1999-1290

Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string...

CVE-1999-1334

Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via 1 long From: headers, 2 long Reply-To: headers, or 3 via a long -f filterfile command line argument...

Majordomo 1.94.4/1.94.5 - Local -C Parameter (1)

source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of several other scripts when run with the setuid ro...

CVE-1999-0935

classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form...

Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write

The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...

Cobalt RaQ2 cgiwrap Multiple Vulnerabilities

The remote host has 'cgiwrap' is installed. If you are running an unpatched Cobalt RaQ, the version of cgiwrap distributed with that system has a known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. This flaw exists only on the...

Matt Wright guestbook.pl Arbitrary Command Execution

The 'guestbook.pl' is installed. This CGI has a well known security flaw that lets anyone execute arbitrary commands with the privileges of the HTTP daemon root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details Changes by Tenable: ...

CVE-1999-1058

Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via several long CWD commands...

CVE-1999-1511

Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of service crash and possibly execute arbitrary commands via 1 a long PASS command in the POP3 service, 2 a long HELO command in the SMTP service, or 3 a long user name in the Control Service...

The Matt Wright Guestbook.pl 2.3.1 - Server-Side Include

$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Matt Wright...