8682 matches found
KICQ 1.0 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2443/info KICQ is an ICQ-compatible interactive messaging client for Unix. Versions of KICQ are vulnerable to remote execution of arbitrary commands embedded in URLs. A maliciously-composed URL containing shell metacharacters and shell commands can be sen...
CVE-2001-0028
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " quotation characters...
CVE-2001-0005
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands...
Micro Focus Cobol 4.1 - Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2359/info Micro Focus Cobol is a development suite for unix platforms offered by Merant. It is typically licensed on a per-user basis. If Micro Focus Cobol is installed with the 'Apptrack' feature enabled, local users may be able to elevate privileges. A...
REVISION: @stake Advisory Notification: NetDDE Message Vulnerability (A020501-1)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Please note revision section below @stake Inc. www.atstake.com Security Advisory Advisory Name: NetDDE Message Vulnerability Release Date: 02/05/2001 Updated on 2/08/2001 Application: Network DDE system component Platform: Windows 2000 up to and...
CVE-2001-0025
ad.cgi CGI program by Leif Wright allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameter...
CVE-2001-0098
Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string...
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker t...
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges...
CVE-2000-0969
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon...
CVE-2000-1094
Affected software: AOL Instant Messenger (AIM) prior to version 4.3.2229. Vulnerability: A buffer overflow in the handling of the buddyicon command with a long src argument can allow a remote attacker to execute arbitrary commands on the victim’s machine. Root cause: Buffer overflow when processi...
CVE-2000-0947
The CVE-2000-0947 issue is a format-string vulnerability in CFEngine’s cfd (CFEngine daemon) that can be triggered via the CAUTH command, allowing an attacker to cause the vulnerable host to run arbitrary commands. OpenVAS/Nessus entries describe that the flaw arises in cfd’s syslog handling and ...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
CVE-2000-0973
CVE-2000-0973 affects curl before 6.0-1.1 and curl-ssl before 6.0-1.2. A buffer overflow occurs when generating a long error message, allowing remote attackers to execute arbitrary commands. Root cause: unchecked length in error handling. Connected sources (OSV, CVE records) confirm the overflow ...
CVE-2000-0949
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option...
CVE-2000-0844
The connected records confirm CVE-2000-0844 affects Unix locale subsystem functions that fail to cleanse user-supplied format strings, enabling local attackers to execute arbitrary commands through gettext, catopen, and related calls. The root cause is improper sanitization of format strings in l...
CVE-2000-0848
Buffer overflow in IBM WebSphere web application server WAS allows remote attackers to execute arbitrary commands via a long Host: request header...
CVE-2000-0947
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...
CVE-2000-1077
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension...
CVE-2000-0523
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command...