8682 matches found
CVE-2001-0595
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMSPROFILES environment variable, e.g. as demonstrated using the kcmsconfigure program...
CVE-1999-1055
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."...
CVE-2000-0740
CVE-2000-0740 describes a buffer overflow in the Net Tools PKI Server 1.0 strong.exe web server (HTTPS) that, when processing a long URL, can allow a remote attacker to execute arbitrary commands. The vulnerability is in the web server component and affects the HTTPS port; the issue is exploitabl...
CVE-2000-0788
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic VBA scripts in an Access database, which could allow an attacker to execute arbitrary commands...
CVE-2001-0537
CVE-2001-0537 affects Cisco IOS HTTP Server in Cisco IOS 11.3–12.2. The vulnerability allows bypassing local authentication and executing arbitrary commands by specifying a high access level in the URL. Impact is authenticated command execution with full privileges on affected devices. Public det...
CVE-2001-0236
CVE-2001-0236 affects Solaris snmpXdmid, where a buffer/heap overflow in the SNMP-to-DMI mapper allows remote code execution via a long indication event. Affected platforms include SunOS 5.7/Solaris 7 and SunOS 5.8/Solaris 8. The vulnerability is triggered by handling crafted SNMP traps/indicatio...
CVE-1999-1321
The CVE-1999-1321 entry concerns the SSH 1.2.26 client with Kerberos V enabled. A buffer overflow in handling a long DNS hostname during TGT ticket passing could allow remote attackers to cause a denial of service or execute arbitrary commands. The vulnerability details are drawn from the NVD/CVE...
IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE)
GreyMagic Security Advisory GM001-IE ===================================== by GreyMagic Software, Israel. 27 Feb 2002. Topic: Executing arbitrary commands without Active Scripting or ActiveX. Discovery date: 25 Feb 2002. Affected applications: ====================== Any application that hosts the...
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution
AHG Search Engine 1.0 - search.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3985/info Search.CGI is a component of the HTMLsearch Search Engine software distributed by AHG. The software is available for the Unix, Linux, and Microsoft platforms. The search.cgi script...
Caldera UnixWare 7.1.1 - WebTop 'SCOAdminReg.cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does not properly validate user input when executed with the -c option. Because of...
Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution
Caldera UnixWare 7.1.1 - WebTop SCOAdminReg.cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/3936/info UnixWare is a commercial Unix implementation distributed originally developed by SCO. It is now maintained and distributed by Caldera. The scoadminreg.cgi program does n...
CVE-2001-1530
run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands...
CVE-2001-1495
networkquery.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter...
Multiple FTPD glob Command Arbitrary Command Execution
The FTPD glob vulnerability manifests itself in handling the glob command. The problem is not a typical buffer overflow or format string vulnerability, but a combination of two bugs - an implementation of the glob command that does not properly return an error condition when interpreting the stri...
DCForum Remote Admin Privilege Compromise Vulnerability
Vulnerable: DC Scripts DCForum 2000 1.0 DC Scripts DCForum 6.0 DCForum is a commercial cgi script from DCScripts which is designed to facilitate web-based threaded discussion forums. Versions of DCForum are vulnerable to attacks which can yield an elevation of privileges and remote execution of...
Advisory: Corrupt RPM Query Vulnerability
Description: Arbitrary command executing on query of corrupt RPM files note: you do not have to install the file to be affected Severity: Very Low to Low Unless running an lpd with no access restrictions, in which case, it may allow remote compromize. Affects: rpm-4.0.2-7x probably also earlier...
FreeBSD-SA-01:62.uucp
-----BEGIN PGP SIGNED MESSAGE----- ============================================================================= FreeBSD-SA-01:62 Security Advisory FreeBSD, Inc. Topic: UUCP allows local root exploit Category: core Module: uucp Announced: 2001-10-08 Credits: [email protected] Affects: All release...
Textor Webmasters Ltd listrec.pl TEMPLATE Parameter Arbitrary Command Execution
The 'listrec.pl' cgi is installed. This CGI has a security flaw that lets an attacker execute arbitrary commands on the remote server, usually with the privileges of the web server. %NASLMINLEVEL 70300 This script written by Matt Moore See the Nessus Scripts License for details Changes by Tenable...
CVE-2001-0408
vim aka gvim processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes...
CVE-2001-0408
CVE-2001-0408 affects Vim (gvim); a crafted file containing VIM control codes can cause arbitrary commands to execute when opening the file. The root cause is Vim interpreting embedded control codes, enabled by the status line option in .vimrc, allowing code execution as the user. Mandrake adviso...