8682 matches found
CVE-2001-0473
CVE-2001-0473 affects the Mutt email client (Imap-related code) prior to version 1.2.5. The vulnerability is a format string issue in the IMAP handling that can allow a remote, malicious IMAP server to execute arbitrary commands on the local machine. The Mandrakelinux MDKSA-2001:031 advisory spec...
CVE-2001-0489
The CVE-2001-0489 entry concerns gftp before version 2.0.8, where a printf/format string vulnerability in the logging of network data allows a remote FTP server to cause arbitrary commands to be executed. Affected component is the gftp client; root cause is unsafe handling of data received from t...
CVE-1999-1112
Buffer overflow in IrfanView32 3.07 and earlier allows attackers to execute arbitrary commands via a long string after the "8BPS" image type in a Photo Shop image header...
CVE-1999-1334
Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via 1 long From: headers, 2 long Reply-To: headers, or 3 via a long -f filterfile command line argument...
CVE-1999-1502
CVE-1999-1502 affects the Quake 1.9 client. It is due to buffer overflows triggered by long values in four fields (precache paths, server name, server address, argument to the map console command), allowing a remote attacker to execute arbitrary commands on the client. Exploitation details are no...
CVE-1999-0808
CVE-1999-0808 highlights multiple buffer overflows in ISC DHCP Distribution server (dhcpd) versions 1.0 and 2.0. The root cause, as documented, is unsafe handling of long options, which can be exploited by a remote attacker to cause a crash and potentially execute arbitrary commands. Affected com...
CVE-1999-1376
CVE-1999-1376 targets IIS 4.0 with FrontPage Server Extensions, via the fpcount.exe CGI. The vulnerability is a remote buffer overflow in the fpcount.exe CGI that could allow a remote attacker to execute arbitrary commands on the server, potentially crashing it or taking control. Incident details...
CVE-1999-1479
CVE-1999-1479 affects the CGI textcounter.pl (Matt Wright) – the installed textcounter CGI allows remote command execution via shell metacharacters. Impact is remote code execution with the privileges of the http daemon (usually root or nobody). Remediation available is to remove the CGI from /cg...
CVE-1999-1334
CVE-1999-1334 : Multiple buffer overflows in the filter command of Elm 2.4 allow an attacker to execute arbitrary commands via (1) long From: headers, (2) long Reply-To: headers, or (3) a long -f (filterfile) command line argument. The connected sources confirm Elm 2.4 as the affected component a...
CVE-1999-1261
The provided records describe CVE-1999-1261: a buffer overflow in Rainbow Six Multiplayer triggered by a long nickname (nick) command, enabling remote denial of service and potentially arbitrary command execution. The issue is software-level, affecting Rainbow Six Multiplayer, with network-based ...
CVE-1999-1511
CVE-1999-1511 affects Xtramail 1.11, with buffer overflow issues in multiple services: POP3 PASS, SMTP HELO, and Control Service username. These overflow conditions can crash the service and may allow arbitrary code execution. Nessus plugin entries indicate fixes targeting Xtramail
CVE-1999-1154
LakeWeb Filemail CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient email address...
CVE-1999-1292
The CVE-1999-1292 entry describes a buffer overflow in the web administration feature of Kolban Webcam32 versions up to 4.8.3 and earlier. The underlying issue is a buffer overflow in the web admin interface that allows remote attackers to execute arbitrary commands by supplying a long URL. No ex...
CVE-1999-1381
The CVE covers a buffer overflow in the dbadmin CGI program 1.0.1 on Linux, enabling remote command execution. The available sources state this vulnerability allows arbitrary commands to be executed by an unauthenticated attacker over the network. No remediation or patch details are provided in t...
CVE-1999-1155
CVE-1999-1155 affects the LakeWeb Mail List CGI script, where remote attackers can execute arbitrary commands by injecting shell metacharacters into the recipient email address. The description specifies a remote command execution risk with network access and no authentication. No explicit patch ...
Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution
Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible f...
Hassan Consulting Shopping Cart 1.23 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/3308/info Hassan Consulting's Shopping Cart is commercial web store software. Shopping Cart does not filter certain types of user-supplied input from web requests. This makes it possible for a malicious user to submit a request which causes arbitrary...
Network Associates CSMAP and smap/smapd vulnerable to buffer overflow thereby allowing arbitrary command execution
Overview A remotely exploitable buffer overflow exists in the Gauntlet Firewall. Description The buffer overflow occurs in the smap/smapd and CSMAP daemons. According to PGP Security, these daemons are responsible for handling email transactions for both inbound and outbound e-mail.This...
Irix LPD tagprinter - Command Execution (Metasploit)
Irix LPD tagprinter - Command Execution Metasploit $Id: tagprinterexec.rb 10561 2010-10-06 00:53:45Z hdm $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing...
Solaris 8.0 LPD - Command Execution (Metasploit)
$Id$ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core' class Metasploit3 'Solaris LPD...