8695 matches found
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution
PALS Library System WebPALS 1.0 - pals-cgi Arbitrary Command Execution source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker t...
PALS Library System WebPALS 1.0 - 'pals-cgi' Arbitrary Command Execution
source: https://www.securityfocus.com/bid/2372/info A specially crafted URL composed of a known filename, will disclose the requested file residing on a machine running WebPALS. This vulnerability will also allow an attacker to execute arbitrary code with root privileges...
CVE-2000-0844
The connected records confirm CVE-2000-0844 affects Unix locale subsystem functions that fail to cleanse user-supplied format strings, enabling local attackers to execute arbitrary commands through gettext, catopen, and related calls. The root cause is improper sanitization of format strings in l...
CVE-2000-0947
The CVE-2000-0947 issue is a format-string vulnerability in CFEngine’s cfd (CFEngine daemon) that can be triggered via the CAUTH command, allowing an attacker to cause the vulnerable host to run arbitrary commands. OpenVAS/Nessus entries describe that the flaw arises in cfd’s syslog handling and ...
CVE-2000-0973
CVE-2000-0973 affects curl before 6.0-1.1 and curl-ssl before 6.0-1.2. A buffer overflow occurs when generating a long error message, allowing remote attackers to execute arbitrary commands. Root cause: unchecked length in error handling. Connected sources (OSV, CVE records) confirm the overflow ...
CVE-2000-1004
CVE-2000-1004 documents a format string vulnerability in OpenBSD photurisd. The issue allows local users to execute arbitrary commands via a configuration-file directory name that contains formatting characters. Affected component: photurisd in OpenBSD (specific version details not provided in th...
CVE-2000-1094
Affected software: AOL Instant Messenger (AIM) prior to version 4.3.2229. Vulnerability: A buffer overflow in the handling of the buddyicon command with a long src argument can allow a remote attacker to execute arbitrary commands on the victim’s machine. Root cause: Buffer overflow when processi...
CVE-2000-0523
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command...
CVE-2000-0848
Buffer overflow in IBM WebSphere web application server WAS allows remote attackers to execute arbitrary commands via a long Host: request header...
CVE-2000-0947
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command...
CVE-2000-0949
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option...
CVE-2000-0969
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon...
CVE-2000-1077
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension...
Solaris /usr/bin/write Vulnerability
I have written an exploit for the /usr/bin/write command , this is not a new vulnerability but it has not been fixed at least till Solaris 7 patchs dont know about Solaris 8. This command contains a buffer overflow in the second argument. If this data exceeds predefined length, inserting two valu...
CVE-2000-1082
The xpenumresultset function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...
CVE-2000-1084
The xpupdatecolvbm function in SQL Server and Microsoft SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or execu...
CVE-2000-1085
The xppeekqueue function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service or...
CVE-2000-1086
The xpprintstatements function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...
CVE-2000-1087
The xpproxiedmetadata function in Microsoft SQL Server 2000 and SQL Server Desktop Engine MSDE does not properly restrict the length of a buffer before calling the srvparaminfo function in the SQL Server API for Extended Stored Procedures XP, which allows an attacker to cause a denial of service ...
CVE-2000-1123
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands...