Solaris 2.6/7.0 - 'lpset -r' Local Buffer Overflow (1)

// source: https://www.securityfocus.com/bid/1138/info A vulnerability exists in the handling of the -r option to the lpset program, as included in Solaris 7 from Sun Microsystems. The -r option is undocumented. As such, its use in unknown. However, when supplied a well crafted buffer containing...

3R Soft MailStudio 2000 2.0 - 'userreg.cgi' Arbitrary Command Execution

// source: https://www.securityfocus.com/bid/1335/info MailStudio 2000 is vulnerable to multiple attacks. It is possible for a remote user to gain read access to all files located on the server via the usage of the "/.." string passed to a CGI, thereby compromising the confidentiality of other...

CVE-2000-0285

Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter...

Windmail.exe Shell Metacharacter Arbitrary Command Execution

The remote host may be running WindMail as a CGI application. In this mode, some versions of the 'windmail.exe' script allow an attacker to execute arbitrary commands on the remote server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; ...

fcheck v.2.7.45 and insecure use of Perl's system()

The short explanation: fcheck is a file integrity checker written in perl. It can send warnings to syslog via an external program such as logger1. Because it calls system with a scalar argument, a malicious user can cause it to execute programs by creating files with shell metacharacters in their...

Microsoft IIS ctss.idc ODBC Sample Arbitrary Command Execution

/scripts/tools/ctss.idc is present. Input to the 'table' parameter is not properly sanitized. A remote attacker could exploit this to execute arbitrary SQL commands. If xpcmdshell is enabled, this could result in arbitrary command execution. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...

winmail305.txt

I found some vulnerabilities if windmail run as a CGI application.tested On WindowsNT 4.0, Windmail 3.05 successfully. WindMail is a 32-bit Windows console program by geocel that gives you command-line e-mail messaging capability. You can download an evaluation copy of WindMail 3.0 at:...

Oracle Web Listener 4.0.x - for NT Batch File

Oracle Web Listener 4.0.x - for NT Batch File source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on t...

Oracle Web Listener 4.0.x - for NT Batch File

source: https://www.securityfocus.com/bid/1053/info Oracle Web Listener for NT makes use of various batch files as cgi scripts, which are stored in the /ows-bin/ directory by default. Any of these batch files can be used to run arbitrary commands on the server, simply by appending '?&' and a...

WorldView 6.5/Wnn4 4.2 - Asian Language Server Remote Buffer Overflow

// source: https://www.securityfocus.com/bid/1603/info A remote buffer overflow exists in the Asian language servers portion of a number of different implementations of Wnn. It has been reported that only systems that have WorldView Japanese, Korean, and Chinese installed are vulnerable to this...

CVE-1999-0255

Buffer overflow in ircd allows arbitrary command execution...

CVE-1999-0186

The CVE-1999-0186 entry concerns Solaris where an SNMP subagent uses a default community string, enabling remote attackers to execute arbitrary commands as root or modify system parameters. The NVD record shows a base score of 10.0 (HIGH) with Network attack vector, low complexity, and complete i...

CVE-1999-0233

IIS 1.0 is reported to allow users to execute arbitrary commands via .bat or .cmd files. The cited sources do not provide concrete technical details beyond this description (no specific root cause, affected versions beyond IIS 1.0, or remediation steps). Exploitation status and in‑the‑wild use ar...

PlusMail plusmail CGI Arbitrary Command Execution

The 'plusmail' CGI is installed. Some versions of this CGI have a well known security flaw that lets an attacker read arbitrary file with the privileges of the HTTP server. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description...

CVE-1999-1290

Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string...

CVE-1999-1334

Multiple buffer overflows in filter command in Elm 2.4 allows attackers to execute arbitrary commands via 1 long From: headers, 2 long Reply-To: headers, or 3 via a long -f filterfile command line argument...

Majordomo 1.94.4/1.94.5 - Local -C Parameter (1)

source: https://www.securityfocus.com/bid/903/info It is possible for a local user to gain majordomo privileges through a vulnerability which allows privileged arbitrary commands to be executed. If the -C parameter is passed to majordomo or one of several other scripts when run with the setuid ro...

CVE-1999-0935

classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form...

Lincoln D. Stein nph-publish.cgi pathname Parameter Traversal Arbitrary File Write

The 'nph-publish.cgi' is installed. This CGI has a well known security flaw that lets an attacker to execute arbitrary commands with the privileges of the HTTP daemon usually root or nobody. %NASLMINLEVEL 70300 This script was written by Mathieu Perrin See the Nessus Scripts License for details...

Cobalt RaQ2 cgiwrap Multiple Vulnerabilities

The remote host has 'cgiwrap' is installed. If you are running an unpatched Cobalt RaQ, the version of cgiwrap distributed with that system has a known security flaw that lets anyone execute arbitrary commands with the privileges of the http daemon root or nobody. This flaw exists only on the...